On the other hand, there might be a lot of other mail provider using the same strategy, and filtering by providers seems kind of clumsy.
It clearly seems to be the easier road to prevent abusive users to abuse my system. I am aware that I could check for a gmail address and then removes dot(s), so this would not work. So far so good, however an user with could create a lots of account ( 8192 according to ) when the user click the link (assuming it is still valid) he can now login and perform actions.a mail is sent to the user with a link allowing him to validate his account (the link is only available for a couple of hours).a line is inserted in database for this user (the user can't login because he did not verify his mail).So when an user register, the following process is done : And I really want my users to be unique (at least for my database IDs). Disclaimer : temporary mails providers are out of the scope of this question.