Added some heuristics for detecting suspicious emails.

common/utils.go

@@ -243,6 +243,32 @@ func NameToSlug(name string) (slug string) {
 	return slug
 }
 
+// TODO: Write a test for this
+func HasSuspiciousEmail(email string) bool {
+	lowEmail := strings.ToLower(email)
+	// TODO: Use a more flexible blacklist, perhaps with a similar mechanism to the HTML tag registration system in PreparseMessage()
+	if strings.Contains(lowEmail, "casino") || strings.Contains(lowEmail, "viagra") {
+		return true
+	}
+
+	var dotCount int
+	var shortBits int
+	var currentSegmentLength int
+	for _, char := range lowEmail {
+		if char == '.' {
+			dotCount++
+			if currentSegmentLength < 3 {
+				shortBits++
+			}
+			currentSegmentLength = 0
+		} else {
+			currentSegmentLength++
+		}
+	}
+
+	return dotCount > 7 || shortBits > 2
+}
+
 // TODO: Write a test for this
 func WeakPassword(password string, username string, email string) error {
 	lowPassword := strings.ToLower(password)

routes/account.go

@@ -251,6 +251,11 @@ func AccountRegisterSubmit(w http.ResponseWriter, r *http.Request, user common.U
 		regError("You didn't put in an email.", "no-email")
 	}
 
+	ok := common.HasSuspiciousEmail(email)
+	if ok {
+		regError("Your email address is suspicious.", "suspicious-email")
+	}
+
 	password := r.PostFormValue("password")
 	// ?  Move this into Create()? What if we want to programatically set weak passwords for tests?
 	err := common.WeakPassword(password, username, email)