Hi everyone,
I'm trying to implement a disposable...
# ory-selfhostingb
bumpy-rainbow-32698
10/31/2025, 11:20 AMHi everyone,
I'm trying to implement a disposable email check before user registration. However, when I set up the Ory action webhook, it doesn't send any email data when the user inputs their email. The webhook only sends email data after the user inputs a valid OTP. What I expect is for the webhook to trigger before an OTP email is sent to that email address.
Here is my
kratos.yml Copy code
methods:
password:
enabled: false
totp:
config:
issuer: Kratos
enabled: false
lookup_secret:
enabled: false
link:
enabled: false
code:
enabled: true
passwordless_enabled: true
config:
enabled_for_registration: true
registration:
ui_url: <http://localhost:3000/auth>
lifespan: 10m
before:
hooks:
- hook: web_hook
config:
url: <https://webhook.site/bb37d3a2-34ce-4047-8dd6-9034d7bd1828>
method: POST
body: <base64://ZnVuY3Rpb24oY3R4KSBjdHguaWRlbnRpdHkudHJhaXRzLmVtYWls>
response:
ignore: true
parse: false
after:
code:
hooks:
- hook: web_hook
config:
url: <https://webhook.site/bb37d3a2-34ce-4047-8dd6-9034d7bd1828>
method: POST
body: <base64://ZnVuY3Rpb24oY3R4KSBjdHguaWRlbnRpdHkudHJhaXRzLmVtYWls>
response:
ignore: true
parse: falsem
magnificent-energy-493
10/31/2025, 4:12 PM
Hey Yasa,
see here for a similar example: https://github.com/ory/awesome-ory/tree/master/ory-actions/vpncheck-py
but I haven't tested it with OTP.
b
bumpy-rainbow-32698
10/31/2025, 5:22 PMThanks for the suggestion! However, the problem is I can't block disposable domains before Ory Kratos sends the OTP through SMTP. This is because the Ory action only sends the email value after the user inputs a valid OTP, which means we're still sending emails to disposable email addresses. Or maybe I'm missing something here?
m
magnificent-energy-493
10/31/2025, 7:17 PM
Yea that might not be possible with OTP at the moment.
Is it something you could do in your SMTP server maybe?
Or you could use HTTP server and use a middleware that does the check before you send it.