Improper Restriction on Disposable Email Usage for Account Registration

*Summary
Katalon Platform registration system allows users to create new accounts using disposable email addresses (e.g., mailinator.com). This issue can lead to abuse of the free trial feature, license fraud, as attackers can bypass restrictions by repeatedly registering accounts with temporary email addresses.

Based on my another bug report post TestOps - Bypass of Disabled Input Fields via HTML Manipulation

*Steps to reproduce

  1. Go to the Katalon registration page; example: https://testops.katalon.io
  2. Use a disposable email service, such as mailinator.com, to create a new email address.
  3. Register a new Katalon account with this disposable email address.
  4. Complete the registration process and gain access to the 30-day free trial.
  5. Repeat the process with another disposable email address to obtain unlimited free trials.

*Expected Results
The registration system should restrict the use of disposable email addresses and prevent account creation using such emails.

*Actual Results
Users can successfully register accounts using disposable email addresses, gaining repeated access to free trials.

*Screenshots / Videos

Number of affected users?
Potentially all users attempting to register with disposable email services.


*Operating System
Not applicable (Web-based issue).

*Katalon Studio version
Not applicable.

*Katalon Studio logs
Not applicable.

won’t this just mean they use a different email address like Gmail? Which is more annoying for gmail users as new users can’t create new accounts with sensible email addresses as testers & spammers have used millions of them for their work! If you tied accounts only to corporate emails you’d have a different type of problem.

hey @Dan_Bown

Thank you for your comment. I understand your concern about users switching to regular email providers like Gmail. However, disposable email services are designed for temporary use and are much easier to abuse. Restricting them raises the barrier for attackers and reduces abuse