
Interesting security concepts here. You can either whitelist specific domains essentially guaranteeing only registered users have the same email as the domain of the website, or you can play wack-a-mole by constantly manually adding bad actors to a black list. Both ways have pros and cons.