Note that @mailinator.com email addresses are blocked at a significant number of sites due to its popularity. Throwaway email sites that alternate between several different domains work best.
You can't get a full list of them on mailinator.com, since it makes it easy for a misguided website administrator to just ban the whole list.
Instead, the site will randomly show one of the alternate domains on every page load. At one point, it would even give 'gmail.com' and other legitimate domains as the alternate if you tried to scrape them too quickly (or rather, they hypothetically-yet-definitely-didn't-do that).[1]
Today, the alternate domains are shown as an image[2], and even that isn't a complete list, since other people can simply redirect mail incoming to their domains to mailinator.com. Mailinator explicitly condones this.[3]
That will only work if you know exactly how your entire mail stack will handle resolution and you re-implement it exactly on your frontend. Consider this case:
Resolving not-mailinator.whatever.com returns:
not-mailinator.whatever.com. 86400 IN MX 10 a.bad-mailserver.com
not-mailinator.whatever.com. 86400 IN MX 10 b.bad-mailserver.com
not-mailinator.whatever.com. 86400 IN MX 10 c.bad-mailserver.com
not-mailinator.whatever.com. 86400 IN MX 10 d.bad-mailserver.com
not-mailinator.whatever.com. 86400 IN MX 10 e.bad-mailserver.com
not-mailinator.whatever.com. 86400 IN MX 10 f.bad-mailserver.com
not-mailinator.whatever.com. 86400 IN MX 10 g.bad-mailserver.com
not-mailinator.whatever.com. 86400 IN MX 10 h.bad-mailserver.com
not-mailinator.whatever.com. 86400 IN MX 10 mailinator.com
If you choose one at random, your frontend has a 90% chance of choosing a mail server that isn't mailinator. But when your MTA tries to send the message, it will notice that bad-mailserver.com is offline and try the other MXes, eventually hitting mailinator and delivering the message you tried to block.
You could put a limit on the number of MX records a domain can have, but Gmail has 5 and so you'd only reduce the chance of success to 80%.
Then you have to consider the mechanics of DNS. How many layers of CNAME indirection will you follow? Will you cache results? (If so, how will you trust that the responses are valid?) How long will you wait for DNS responses?
A poor implementation of DNS lookups will use unbounded time, unbounded bandwidth, and unbounded file descriptors. This isn't a hack you are going to code up in an afternoon, and one mistake means your website is going to randomly go down.
And so you have to ask: why? Why do you care if someone uses mailinator? Spammers are just going to set up their own domain or use someone's malware'd Windows box. And someone that wants to ignore your email is just going to have a procmail rule auto-submit your messages to Spamcop anyway.
So you gain nothing, spend a lot of time programming, and it won't solve any problems. In conclusion: worst idea ever.
Interesting, I know this is a bad idea, but: what if I connect directly to SMTP servers returned from retrieving MX records then send `RCPT TO: <some-email@mailinator.com>` and see if it passed or error with 550? My guess is there will be another whole range of issues involving open relays and servers that happened to not return 550 on nonexistence mailbox?
(I'm not trying to block Mailinator, just some exercise for myself.)
You can even donate a domain or have your own "private" mailinator domain by simply pointing the MX record for a domain or subdomain you control to their server.
I've always wondered why a site that blocks mailinator sites wouldn't just do an MX lookup on any domain you put in and check for mailinator redirects.
At least with customers being made to sign up to premium accounts with 24/7 support available there will be less horror stories of customers being locked out of their Google Apps accounts.
I'm getting "The change you wanted was rejected. Maybe you tried to change something you didn't have access to." for every IP address I try: my current Comcast address, and the addresses of a few servers I work on. I also put in 66.220.147.22 (www.facebook.com) just to see what it would do, and got the same message. I'm leaving the optional name and e-mail fields blank.
