Blocking Spam Email Domains with Self-Hosted Ghost
I noticed an uptick in spam signups on my self-hosted Ghost instance. Specifically those coming from email to SMS gateways[1]. I suspect that they use the email address to send a text message to verify the phone number. I'm not sure how many people actually use these but given the uptick in spam, it appears best to block them.
This appears to be a comprehensive list of domains and their associated carriers[2].
AT&T @txt.att.net @mms.att.net
T-Mobile @tmomail.net @tmomail.net
Verizon @vtext.com @vzwpix.com
Sprint @messaging.sprintpcs.com @pm.sprint.com
Metro PCS @mymetropcs.com @mymetropcs.com
Boost Mobile @sms.myboostmobile.com @myboostmobile.com
Cricket @sms.cricketwireless.net @mms.cricketwireless.net
U.S. Cellular @email.uscc.net @mms.uscc.net
Consumer Cellular @mailmymobile.net @mailmymobile.net
For docker compose users, you can add the following to your docker-compose.yml file to block these domains:
environment:
spam__blocked_email_domains: '[
"txt.att.net",
"mms.att.net",
"tmomail.net",
"vtext.com",
"vzwpix.com",
"messaging.sprintpcs.com",
"pm.sprint.com",
"mymetropcs.com",
"sms.myboostmobile.com",
"myboostmobile.com",
"sms.cricketwireless.net",
"mms.cricketwireless.net",
"email.uscc.net",
"mms.uscc.net",
"mailmymobile.net"
]'
Alternatively add the list to your config.production.json file:
"spam": {
"blocked_email_domains": [...]
}
Note that you may need to update your ghost instance. I have tested this on version: 5.109.0.
(2025) Ghost sign up and spam?. forum.ghost.org. Available at: https://forum.ghost.org/t/ghost-sign-up-and-spam/54583/9 (Accessed: 2025-2-2). ↩︎
Howard, R. (2023) Using email to SMS gateways. www.dailystory.com. Available at: https://www.dailystory.com/blog/email-send-sms/ (Accessed: 2025-2-2). ↩︎