Add disposable/high-risk email signup scrutiny via check-mail.org

Classifies each signup's email domain (domain-only, GDPR-friendly) alongside
the existing IP scrutiny signal, with matching held-welcome and auto
email_domain_block behavior. A report against an account with a flagged
domain suspends immediately (no reporter-count threshold) and blocks the
domain, classified live from the report payload rather than any signup-time
record so it also covers pre-existing accounts. Ships CHECK_MAIL_DRY_RUN=true
by default, independent of ABUSE_DRY_RUN, so the new report-triggered suspend
path stays inert until watched.
This commit is contained in:
waffle2k
2026-07-03 09:08:30 -07:00
parent 6ad9a93f38
commit 656eec09c0
5 changed files with 452 additions and 40 deletions
+28
View File
@@ -117,3 +117,31 @@ IP_SCRUTINY_IPBLOCK_SEVERITY=sign_up_requires_approval
# informational only (mobile carriers are never scrutinized).
IP_SCRUTINY_HOSTING_RE=amazon|aws|google|microsoft|azure|digitalocean|ovh|hetzner|linode|vultr|contabo|choopa|m247|scaleway|leaseweb|hostinger|namecheap|godaddy|cloudflare|oracle|alibaba|tencent|akamai|fastly|packet|vpn|proxy|hosting|datacenter|data center|colo(?:cation)?|server
IP_SCRUTINY_MOBILE_RE=mobile|wireless|cellular|verizon|t-mobile|tmobile|at&t|att mobility|vodafone|telstra|sprint|three\b|orange mobile|deutsche telekom|o2\b
# check-mail.org disposable/high-risk email domain scrutiny (roadmap item B,
# anti-abuse.md). Domain-only query (never the full email) against
# POST https://api.check-mail.org/v2/, Authorization: Bearer <key>.
# Free tier: 1,000 req/month.
CHECK_MAIL_ENABLED=true
CHECK_MAIL_API_KEY=
# Log/DM only — no held welcome, no email_domain_block write, no
# report-triggered suspend. Keep true for rollout until you've watched the
# false-positive rate for a while (same role as IP_SCRUTINY_DRY_RUN /
# ABUSE_DRY_RUN).
CHECK_MAIL_DRY_RUN=true
# A domain is flagged if check-mail.org marks it is_disposable OR its risk
# score (0-100) is at or above this threshold.
CHECK_MAIL_RISK_THRESHOLD=80
# Hold the welcome DM for a flagged signup until account.approved fires, same
# semantics as IP_SCRUTINY_HOLD_WELCOME.
CHECK_MAIL_HOLD_WELCOME=true
# Auto-register a flagged signup's email domain into Mastodon's native
# Admin::EmailDomainBlock. Requires ABUSE_BOT_TOKEN to carry the
# admin:write:email_domain_blocks scope (see CLAUDE.md) — without it this
# 403s and is logged as an error, but nothing else in the bot is affected.
# Also gates the report-triggered suspend+block override in handle_report().
CHECK_MAIL_AUTO_DOMAIN_BLOCK=true