resolve-email 3.0.41 → 4.0.1

package/CHANGELOG.md

@@ -7,7 +7,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 
-## [v3.0.41](https://github.com/bcomnes/resolve-email/compare/v3.0.40...v3.0.41)
+## [v4.0.1](https://github.com/bcomnes/resolve-email/compare/v4.0.0...v4.0.1)
+
+### Merged
+
+- Bump disposable-email-domains from `932053b` to `8579448` [`#93`](https://github.com/bcomnes/resolve-email/pull/93)
+
+## [v4.0.0](https://github.com/bcomnes/resolve-email/compare/v3.0.41...v4.0.0) - 2025-06-19
+
+### Merged
+
+- Bump disposable-email-domains from `67be0b5` to `932053b` [`#92`](https://github.com/bcomnes/resolve-email/pull/92)
+
+### Commits
+
+- **Breaking change:** Filter emails with Zod reasonable email address filter [`af8248d`](https://github.com/bcomnes/resolve-email/commit/af8248d68af56699c8e8b0dfa897e4fc18fb5cb7)
+
+## [v3.0.41](https://github.com/bcomnes/resolve-email/compare/v3.0.40...v3.0.41) - 2025-06-18
 
 ### Commits
 

package/README.md

@@ -7,6 +7,7 @@
 [![Socket Badge](https://socket.dev/api/badge/npm/package/resolve-email)](https://socket.dev/npm/package/resolve-email)
 
 Resolve the domain of a syntactically valid email address to see if there is even a chance of deliverability. Also checks against a large list of disposable email and other junk/unwated address domains and rejects those.
+It also checks the email address against the (updated) [zod reasonable email regex](https://colinhacks.com/essays/reasonable-email-regex) and filters out unreasonable email addresses.
 
 ```
 npm install resolve-email

package/allow-list.json

@@ -1,3 +1,13 @@
 [
-  "rocketmail.com"
+  "rocketmail.com",
+  "googlemail.com",
+  "mail.ru",
+  "yahoo.co.jp",
+  "yahoo.ca",
+  "yahoo.co.in",
+  "yahoo.co.jp",
+  "yahoo.co.kr",
+  "yahoo.co.nz",
+  "yahoo.co.uk",
+  "alibaba.com"
 ]

package/build-throwaway-domain-list.cjs

@@ -1,26 +1,91 @@
 const { readFile, writeFile } = require('node:fs/promises')
 const { join } = require('node:path')
 const emailvalidDomains = require('emailvalid/domains.json')
+const { reasonableEmail } = require('./reasonable-email.js')
 
+/** @type {Set<string>} */
 const disposableEmailDomains = new Set()
+/** @type {Set<string>} */
+const wildcardDomains = new Set()
 
 const disposableEmailDomainsPath = join(__dirname, 'disposable-email-domains', 'disposable_email_blocklist.conf')
 const allowList = join(__dirname, 'disposable-email-domains', 'allowlist.conf')
 
+/**
+ * Checks if a domain is a wildcard pattern (ends with .*)
+ *
+ * @param {string} domain - The domain to check
+ * @returns {boolean} - Whether the domain is a wildcard pattern
+ */
+function isWildcardDomain (domain) {
+  return domain.endsWith('.*')
+}
+
+/**
+ * Extracts the base domain from a wildcard pattern (removes the .*)
+ *
+ * @param {string} wildcardDomain - The wildcard domain pattern (e.g., "example.*")
+ * @returns {string} - The base domain (e.g., "example")
+ */
+function getBaseDomain (wildcardDomain) {
+  // @ts-expect-error
+  return wildcardDomain.split('.*')[0] // Remove ".*"
+}
+
+/**
+ * Checks if a domain would pass the reasonableEmail regex validation.
+ *
+ * @param {string} domain - The domain to check
+ * @returns {boolean} - Whether the domain would create a valid email address
+ */
+function isReasonableDomain (domain) {
+  // Skip checking wildcard domains with reasonableEmail
+  if (isWildcardDomain(domain)) return true
+
+  // Create a test email with the domain to check against the regex
+  const testEmail = `test@${domain}`
+  return reasonableEmail.test(testEmail)
+}
+
+/**
+ * Main function that builds the disposable email domain list.
+ *
+ * @returns {Promise<void>}
+ */
 const work = async () => {
   console.log('Adding disposable-email-domains')
   const disposableEmailDomainsRaw = await readFile(disposableEmailDomainsPath, { encoding: 'utf-8' })
+  /** @type {string[]} */
   const disposableEmailDomainsList = disposableEmailDomainsRaw.split('\n').slice(0, -1)
+  /** @type {number} */
+  let skippedCount = 0
   for (const domain of disposableEmailDomainsList) {
-    disposableEmailDomains.add(domain)
+    if (isWildcardDomain(domain)) {
+      wildcardDomains.add(getBaseDomain(domain))
+    } else if (isReasonableDomain(domain)) {
+      disposableEmailDomains.add(domain)
+    } else {
+      skippedCount++
+    }
   }
+  console.log(`Skipped ${skippedCount} domains from disposable-email-domains that don't pass the reasonableEmail regex`)
 
   console.log('Adding emailvalid')
+  /** @type {string[]} */
   const disposableOnly = Object.entries(emailvalidDomains).filter(([_domain, type]) => type === 'disposable').map(([domain, _type]) => domain)
 
+  /** @type {number} */
+  let skippedEmailvalidCount = 0
   for (const domain of disposableOnly) {
-    disposableEmailDomains.add(domain)
+    if (isWildcardDomain(domain)) {
+      wildcardDomains.add(getBaseDomain(domain))
+    } else if (isReasonableDomain(domain)) {
+      disposableEmailDomains.add(domain)
+    } else {
+      skippedEmailvalidCount++
+    }
   }
+  console.log(`Skipped ${skippedEmailvalidCount} domains from emailvalid that don't pass the reasonableEmail regex`)
 
   console.log('Removing anything in disposable-email-domains/allowlist.conf')
   // I guess newlines are a format too
@@ -28,20 +93,47 @@ const work = async () => {
   const allowData = allowDataRaw.split('\n').slice(0, -1)
   for (const domain of allowData) {
     disposableEmailDomains.delete(domain)
+    wildcardDomains.delete(getBaseDomain(domain))
   }
 
+  /** @type {string[]} */
   const denyListOverride = require('./deny-list.json')
+  /** @type {number} */
+  let skippedDenylistCount = 0
   denyListOverride.forEach(domain => {
-    disposableEmailDomains.add(domain)
+    if (isWildcardDomain(domain)) {
+      wildcardDomains.add(getBaseDomain(domain))
+    } else if (isReasonableDomain(domain)) {
+      disposableEmailDomains.add(domain)
+    } else {
+      skippedDenylistCount++
+    }
   })
+  console.log(`Skipped ${skippedDenylistCount} domains from deny-list that don't pass the reasonableEmail regex`)
 
+  /** @type {string[]} */
   const allowListOverride = require('./allow-list.json')
   allowListOverride.forEach(domain => {
     disposableEmailDomains.delete(domain)
+    wildcardDomains.delete(getBaseDomain(domain))
   })
 
-  await writeFile('disposable.json', JSON.stringify(Array.from(disposableEmailDomains).sort(), null, ' '))
-  console.log('done')
+  /** @type {number} */
+  const finalCount = disposableEmailDomains.size
+  /** @type {number} */
+  const wildcardCount = wildcardDomains.size
+
+  // Sort the domains for consistency
+  const sortedDisposable = Array.from(disposableEmailDomains).sort()
+  const sortedWildcards = Array.from(wildcardDomains).sort()
+
+  // Create the disposable.json file (regular domains)
+  await writeFile('disposable.json', JSON.stringify(sortedDisposable, null, ' '))
+
+  // Create the wildcard-disposable.json file (base domains without the .*)
+  await writeFile('wildcard-disposable.json', JSON.stringify(sortedWildcards, null, ' '))
+
+  console.log(`Done! Final disposable domain list contains ${finalCount} domains and ${wildcardCount} wildcard base domains`)
 }
 
 work().catch(err => {

package/disposable.json

@@ -1563,7 +1563,6 @@
  "alhajj.com",
  "alhilal.net",
  "aliaswe.us",
- "alibaba.com",
  "alicemunro.com",
  "alienware13.com",
  "aligamel.com",
@@ -2450,6 +2449,7 @@
  "bootmail.com",
  "bootssl.com",
  "bootybay.de",
+ "bored.lol",
  "boredstiff.co.uk",
  "boreen.com",
  "borged.com",
@@ -3307,7 +3307,6 @@
  "crossroadsmail.com",
  "crosswinds.net",
  "cruel.co.uk",
- "cruelintentions",
  "crumlin.com",
  "crunchcompass.com",
  "crusthost.com",
@@ -3626,7 +3625,6 @@
  "discard.gq",
  "discard.ml",
  "discard.tk",
- "discardmail.*",
  "discardmail.com",
  "discardmail.de",
  "discartmail.com",
@@ -3680,7 +3678,6 @@
  "djing.co.uk",
  "dldweb.info",
  "dlemail.ru",
- "dm.w3internet.co.uk example.com",
  "dmailman.com",
  "dmarc.ro",
  "dndent.com",
@@ -3863,6 +3860,7 @@
  "duk33.com",
  "dukedish.com",
  "duluthmail.com",
+ "dumalu.com",
  "dumb.co.uk",
  "dumbarton.net",
  "dump-email.info",
@@ -4616,6 +4614,7 @@
  "fnmail.com",
  "fnusa.com",
  "fnworld.com",
+ "fog.one",
  "folkfan.com",
  "foobarbot.net",
  "food4u.com",
@@ -5159,6 +5158,7 @@
  "gmxmail.top",
  "gmxmail.win",
  "gnctr-calgary.com",
+ "gni8.com",
  "gnwmail.com",
  "go.beamteam.com",
  "go.com",
@@ -5261,6 +5261,9 @@
  "gonefishing.co.uk",
  "goneshopping.co.uk",
  "gonetopot.co.uk",
+ "gonida.co.uk",
+ "gonida.com",
+ "gonida.uk",
  "gonuggets.net",
  "good-news.co.uk",
  "goodbye.co.uk",
@@ -5277,7 +5280,6 @@
  "goodtimegirl.co.uk",
  "goodwork.co.uk",
  "goodworkfella.co.uk",
- "googlemail.com",
  "googly.co.uk",
  "gooilers.net",
  "goonby.com",
@@ -6649,6 +6651,7 @@
  "killmail.net",
  "killorglin.net",
  "killybegs.com",
+ "killyourtime.com",
  "kilmallock.com",
  "kilmarnock.net",
  "kilronan.com",
@@ -7243,7 +7246,6 @@
  "mail.pf",
  "mail.pt",
  "mail.r-o-o-t.com",
- "mail.ru",
  "mail.sisna.com",
  "mail.svenz.eu",
  "mail.usa.com",
@@ -7251,6 +7253,7 @@
  "mail.wtf",
  "mail0.ga",
  "mail1.top",
+ "mail10m.com",
  "mail114.net",
  "mail15.com",
  "mail1a.de",
@@ -8567,7 +8570,6 @@
  "mailbucket.org",
  "mailcalifornia.com",
  "mailcat.biz",
- "mailcatch.*",
  "mailcatch.com",
  "mailchek.com",
  "mailchoose.co",
@@ -10982,6 +10984,8 @@
  "rotaniliam.com",
  "rotfl.com",
  "rothesay.net",
+ "rotomails.co.uk",
+ "rotomails.com",
  "rotten.co.uk",
  "roughdiamond.co.uk",
  "roughnet.com",
@@ -11691,7 +11695,6 @@
  "spambob.com",
  "spambob.net",
  "spambob.org",
- "spambog.*",
  "spambog.com",
  "spambog.de",
  "spambog.net",
@@ -12839,6 +12842,7 @@
  "ucupdong.ml",
  "uemail99.com",
  "ufacturing.com",
+ "ug.wtf",
  "uga.com",
  "uggsrock.com",
  "uglyduckling.co.uk",
@@ -13635,12 +13639,6 @@
  "yada-yada.com",
  "yahmail.top",
  "yaho.com",
- "yahoo.ca",
- "yahoo.co.in",
- "yahoo.co.jp",
- "yahoo.co.kr",
- "yahoo.co.nz",
- "yahoo.co.uk",
  "yahoofs.com",
  "yahoomails.site",
  "yahooproduct.net",

package/fuzz-test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=fuzz-test.d.ts.map

package/fuzz-test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fuzz-test.d.ts","sourceRoot":"","sources":["fuzz-test.js"],"names":[],"mappings":""}

package/fuzz-test.js

@@ -0,0 +1,259 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import { resolveEmail } from './index.js'
+
+// Regular disposable domains to test
+const regularDomains = [
+  '0-mail.com',
+  '0clickemail.com',
+  'mailinator.com',
+  'guerrillamail.com'
+  // Note: tempmail.com is not in our block list
+]
+
+// Wildcard domains to test
+const wildcardDomains = [
+  'spambog.com',
+  'spambog.net',
+  'spambog.org',
+  'discardmail.com',
+  'discardmail.net',
+  'mailcatch.com'
+]
+
+// Fuzzing variations to test
+const variations = [
+  // Subdomains
+  (/** @type {string} */ domain) => `sub.${domain}`,
+  (/** @type {string} */ domain) => `random.${domain}`,
+  (/** @type {string} */ domain) => `mail.${domain}`,
+  (/** @type {string} */ domain) => `smtp.${domain}`,
+  (/** @type {string} */ domain) => `a.b.c.${domain}`,
+
+  // Case variations
+  (/** @type {string} */ domain) => domain.toUpperCase(),
+  (/** @type {string} */ domain) => domain.charAt(0).toUpperCase() + domain.slice(1),
+  (/** @type {string} */ domain) => domain.split('').map((c, i) => i % 2 ? c.toUpperCase() : c).join(''),
+
+  // Ports and weird formatting
+  (/** @type {string} */ domain) => `${domain}:25`,
+  (/** @type {string} */ domain) => `${domain}:587`,
+  (/** @type {string} */ domain) => `${domain}:invalid`,
+
+  // Domain modifications
+  (/** @type {string} */ domain) => domain.replace('.', '-'),
+  (/** @type {string} */ domain) => domain.replace('.', '_'),
+  (/** @type {string} */ domain) => `${domain}.extra`,
+
+  // Brackets
+  (/** @type {string} */ domain) => `[${domain}]`,
+  (/** @type {string} */ domain) => `[ipv4:${domain}]`
+]
+
+// Generate a test user for each domain and variation
+/**
+ *
+ * @param {string[]} domainList
+ * @returns
+ */
+function generateTestCases (domainList) {
+  const testCases = []
+
+  for (const domain of domainList) {
+    // Add the original domain
+    testCases.push(`test@${domain}`)
+
+    // Add all variations
+    for (const variation of variations) {
+      try {
+        testCases.push(`test@${variation(domain)}`)
+      } catch (err) {
+        const error = err instanceof Error ? err : new Error('Unknown error', { cause: err })
+        // Skip if variation throws an error
+        console.warn(`Skipping invalid variation for ${domain}:`, error.message)
+      }
+    }
+  }
+
+  return testCases
+}
+
+// Create all the test cases
+const disposableTestCases = [
+  ...generateTestCases(regularDomains),
+  ...generateTestCases(wildcardDomains)
+]
+
+// Also add some hand-crafted edge cases
+const edgeCases = [
+  // Strange username parts
+  'user.name@mailinator.com',
+  'user+tag@guerrillamail.com',
+  'very.unusual."@".unusual.com@spambog.com',
+  '"very.(),:;<>[]".VERY."very@\\ "very".unusual"@discardmail.com',
+
+  // IP addresses in domain part (should be rejected by isIP check)
+  'test@[127.0.0.1]',
+  'test@[ipv6:2001:db8::1]',
+
+  // Unicode/IDN domains
+  'test@mаіlіnаtоr.com', // cyrillic characters that look like latin
+  'test@xn--80aacd1bhkfed3a8a5b.xn--p1ai', // Punycode
+
+  // Port and parameters
+  'test@mailinator.com:25',
+  'test@guerrillamail.com:587',
+  'test@mailinator.com?param=value',
+
+  // Path-like elements
+  'test@mailinator.com/path',
+  'test@guerrillamail.com/path/to/resource',
+
+  // Mixed case
+  'test@MaIlInAtOr.CoM',
+  'test@SPAMBOG.COM',
+
+  // Excess whitespace
+  'test@ mailinator.com',
+  'test@mailinator.com ',
+  ' test@guerrillamail.com',
+
+  // URL-encoded characters
+  'test@mailinator%2Ecom',
+  'test@guerrillamail%2Ecom',
+
+  // Protocol prefixes
+  'test@http://mailinator.com',
+  'test@https://guerrillamail.com',
+
+  // Random gibberish that might be missed
+  'test@mailinatorcom',
+  'test@guerrillamailcom',
+  'test@spambogcom',
+
+  // Likely typos that should still be caught
+  'test@mailinat0r.com', // with number 0
+]
+
+disposableTestCases.push(...edgeCases)
+
+// Run tests for each case
+for (const testEmail of disposableTestCases) {
+  test(`Disposable domain should be rejected: ${testEmail}`, async (_t) => {
+    try {
+      const result = await resolveEmail(testEmail)
+      assert.ok(!result.emailResolves, `Email ${testEmail} should not resolve`)
+      assert.ok(result.error, `Email ${testEmail} should have an error`)
+    } catch (err) {
+      const error = err instanceof Error ? err : new Error('Unknown error', { cause: err })
+      // If the test throws (rather than returning a result with error),
+      // it's likely a syntax error or similar - log it but don't fail
+      console.log(`Exception testing ${testEmail}: ${error.message}`)
+    }
+  })
+}
+
+// Strict testing for specific cases that should fail as disposable
+// but might be slipping through
+const strictTestCases = [
+  // This domain is in our list but might not be getting caught
+  // Test these actual domains that should be caught
+  'test@mailinator.com',
+  'test@sub.mailinator.com',
+  'test@mail.mailinator.com',
+  'test@MAILINATOR.COM',
+  'test@mAiLiNaToR.CoM',
+
+  // Edge cases that might slip through
+  'test@mailinatorcom',
+  'test@guerrillamailcom',
+  'test@spambogcom',
+
+  // Malformed but should still be caught as disposable
+  'test@.mailinator.com',
+  'test@mailinator.com.',
+  'test@mailinator..com'
+]
+
+// Run strict tests that must always be rejected as disposable
+for (const testEmail of strictTestCases) {
+  test(`STRICT: ${testEmail} must be rejected`, async (_t) => {
+    const result = await resolveEmail(testEmail)
+
+    // Must not resolve
+    assert.strictEqual(result.emailResolves, false, `Email ${testEmail} should not resolve`)
+
+    // Must have an error
+    assert.ok(result.error, `Email ${testEmail} should have an error`)
+  })
+}
+
+// Also add some legitimate domains that should pass
+const legitimateDomains = [
+  // Common email providers
+  'test@gmail.com',
+  'user.name+tag@gmail.com', // Gmail with tag
+  'test@googlemail.com', // Gmail alias
+  'user.name@yahoo.com',
+  'test@outlook.com',
+  'test@hotmail.com',
+  'test@live.com',
+  'test@icloud.com',
+  'test@protonmail.com',
+  'test@aol.com',
+  'test@mail.ru',
+  'test@yandex.ru',
+
+  // Organizations
+  'someone@example.org',
+  'info@microsoft.com',
+  'support@apple.com',
+  'contact@amazon.com',
+  'help@twitter.com',
+  'business@facebook.com',
+  'developer@github.com',
+  'admin@gitlab.com',
+  'hello@stripe.com',
+  'noreply@zoom.us',
+  'webmaster@cloudflare.com',
+  'careers@netflix.com',
+  'team@slack.com',
+  'feedback@spotify.com',
+  'sales@salesforce.com',
+  'hello@digitalocean.com',
+  'support@dropbox.com',
+  'info@ibm.com',
+
+  // Educational and government domains
+  'student@harvard.edu',
+  'faculty@mit.edu',
+  'staff@stanford.edu',
+  'contact@nasa.gov',
+  'info@whitehouse.gov',
+
+  // Country-specific TLDs
+  'support@google.com',      // Google - US tech giant
+  'info@microsoft.com',      // Microsoft - US tech giant
+  'contact@amazon.co.uk',    // Amazon UK
+  'support@apple.com',       // Apple - US tech giant
+  'info@yahoo.co.jp',        // Yahoo Japan
+  'contact@bbc.co.uk',       // BBC - British Broadcasting Corporation
+  'info@sap.de',             // SAP - German software company
+  'support@adobe.com',       // Adobe - US software company
+  'contact@telstra.com.au',  // Telstra - Australian telecom
+  'info@shopify.ca',         // Shopify - Canadian e-commerce
+  'contact@alibaba.com',     // Alibaba - Chinese e-commerce
+  'support@dropbox.com',     // Dropbox - US cloud storage
+  'info@sony.jp',            // Sony - Japanese electronics company
+  'contact@samsung.com',     // Samsung - Korean electronics company
+  'support@spotify.com'      // Spotify - Swedish streaming service
+]
+
+for (const testEmail of legitimateDomains) {
+// Generate variations of legitimate domains with unusualr (const testEmail of legitimateDomains) {
+  test(`Legitimate domain should be accepted: ${testEmail}`, async (_t) => {
+    const result = await resolveEmail(testEmail)
+    assert.deepStrictEqual(result.error, undefined, `Email ${testEmail} should not have an error`)
+    assert.ok(result.emailResolves, `All of these should resolve ${testEmail}`)
+  })
+}

package/index.d.ts

@@ -3,10 +3,6 @@ export function _resolveMx(email: string, opts?: ResolveOptions | null): Promise
     exchange: string;
 }>>;
 export function resolveEmail(domain: string, opts?: ResolveOptions | null): Promise<ResolveResult>;
-export type ResolveOptions = {
-    allowIps?: boolean;
-    allowDisposable?: boolean;
-};
 export type ResolveResult = {
     emailResolves: boolean;
     mxRecords?: Array<{
@@ -15,4 +11,8 @@ export type ResolveResult = {
     }>;
     error?: Error;
 };
+export type ResolveOptions = {
+    allowIps?: boolean;
+    allowDisposable?: boolean;
+};
 //# sourceMappingURL=index.d.ts.map

package/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["index.js"],"names":[],"mappings":"AAwBA,kCAJW,MAAM,SACN,cAAc,OAAC,GACb,OAAO,CAAC,KAAK,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAC,CAAC,CAAC,CA4ChE;AA0BD,qCAJW,MAAM,SACN,cAAc,OAAC,GACb,OAAO,CAAC,aAAa,CAAC,CAgBlC;;eApGa,OAAO;sBACP,OAAO;;;mBAKP,OAAO;gBACP,KAAK,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;YAC3C,KAAK"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["index.js"],"names":[],"mappings":"AA2BA,kCAJW,MAAM,SACN,cAAc,OAAC,GACb,OAAO,CAAC,KAAK,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAC,CAAC,CAAC,CAiDhE;AA0BD,qCAJW,MAAM,SACN,cAAc,OAAC,GACb,OAAO,CAAC,aAAa,CAAC,CAgBlC;;mBAnGa,OAAO;gBACP,KAAK,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;YAC3C,KAAK;;;eAXL,OAAO;sBACP,OAAO"}

package/index.js

@@ -7,6 +7,9 @@ import { disposable } from './disposable.cjs'
  * @property {boolean} [allowIps=true] Allow bare IPs as email addresses
  * @property {boolean} [allowDisposable=false] Allow disposable email addresses
  */
+import { wcDisposable } from './wildcard-disposable.cjs'
+import { reasonableEmail } from './reasonable-email.js'
+import { parse } from 'tldts'
 
 /**
  * @typedef {Object} ResolveResult
@@ -28,20 +31,25 @@ export async function _resolveMx (email, opts) {
     allowDisposable: false,
     ...opts
   }
+  if (typeof email !== 'string' || !email.match(reasonableEmail)) {
+    throw new Error('This email address is not reasonable')
+  }
+
   const domain = (email.split('@').pop() || '').toLowerCase().trim().replace(/^\[(ipv6:)?|\]$/gi, '')
 
-  if (isIP(domain)) {
-    if (opts.allowIps) {
-      return [{
-        priority: 0,
-        exchange: domain
-      }]
-    } else {
-      throw new Error('An email address with an IP address for the domain is disallowed')
-    }
+  const parsed = parse(domain)
+  const domainWithSuffix = parsed.domain
+  const domainWithoutSuffix = parsed.domainWithoutSuffix
+
+  if (!domainWithoutSuffix || !domainWithSuffix) {
+    throw new Error('Invalid domain format', { cause: domain })
+  }
+
+  if (isIP(domain) || parsed.isIp) {
+    throw new Error('An email address with an IP address for the domain is disallowed')
   }
 
-  if (disposable.has(domain) && !opts.allowDisposable) {
+  if (!opts.allowDisposable && (disposable.has(domainWithSuffix) || wcDisposable.has(domainWithoutSuffix))) {
     throw new Error('Disposable email addresses are disallowed')
   }
 

package/index.test.js

@@ -31,10 +31,35 @@ const inputs = [
     in: 'example@Cock.li',
     expect: false,
   },
+  // Test wildcard domain patterns
+  {
+    in: 'test@spambog.com',
+    expect: false,
+    description: 'should match wildcard pattern spambog.*'
+  },
+  {
+    in: 'test@spambog.net',
+    expect: false,
+    description: 'should match wildcard pattern spambog.*'
+  },
+  {
+    in: 'test@discardmail.org',
+    expect: false,
+    description: 'should match wildcard pattern discardmail.*'
+  },
+  {
+    in: 'test@mailcatch.xyz',
+    expect: false,
+    description: 'should match wildcard pattern mailcatch.*'
+  }
 ]
 
 for (const i of inputs) {
-  test(`${i.in} ${i.expect ? 'resolves' : 'does not resolve'}`, async (/** @type {TestContext} */ _t) => {
+  const testName = i.description
+    ? `${i.in} ${i.expect ? 'resolves' : 'does not resolve'} (${i.description})`
+    : `${i.in} ${i.expect ? 'resolves' : 'does not resolve'}`
+
+  test(testName, async (/** @type {TestContext} */ _t) => {
     const results = await resolveEmail(i.in)
 
     assert.strictEqual(

package/package.json

@@ -1,22 +1,22 @@
 {
   "name": "resolve-email",
   "description": "Resolve the domain of an email address to see if it even has a chance of delivering",
-  "version": "3.0.41",
+  "version": "4.0.1",
   "author": "Bret Comnes <bcomnes@gmail.com> (https://bret.io)",
   "bugs": {
     "url": "https://github.com/bcomnes/resolve-email/issues"
   },
   "devDependencies": {
+    "@types/node": "^24.0.1",
+    "@voxpelli/tsconfig": "^15.0.0",
     "auto-changelog": "^2.0.0",
     "c8": "^10.0.0",
     "emailvalid": "^1.0.4",
     "gh-release": "^7.0.0",
-    "npm-run-all2": "^8.0.1",
-    "neostandard": "^0.12.0",
     "installed-check": "^9.3.0",
-    "@voxpelli/tsconfig": "^15.0.0",
-    "@types/node": "^24.0.1",
-    "typescript": "~5.8.2"
+    "neostandard": "^0.12.0",
+    "npm-run-all2": "^8.0.1",
+    "typescript": "~5.8.3"
   },
   "engines": {
     "node": ">=18.0.0",
@@ -50,7 +50,7 @@
     "test:installed-check": "installed-check --ignore-dev",
     "version": "run-s prepare version:*",
     "version:changelog": "auto-changelog -p --template keepachangelog auto-changelog --breaking-pattern 'BREAKING CHANGE:'",
-    "version:git": "git add CHANGELOG.md disposable.json"
+    "version:git": "git add CHANGELOG.md disposable.json wildcard-disposable.json"
   },
   "standard": {
     "ignore": [
@@ -66,5 +66,8 @@
       "lcov",
       "text"
     ]
+  },
+  "dependencies": {
+    "tldts": "^7.0.9"
   }
 }

package/reasonable-email.d.ts

@@ -0,0 +1,2 @@
+export const reasonableEmail: RegExp;
+//# sourceMappingURL=reasonable-email.d.ts.map

package/reasonable-email.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reasonable-email.d.ts","sourceRoot":"","sources":["reasonable-email.js"],"names":[],"mappings":"AAQA,8BAFU,MAAM,CAIqF"}

package/reasonable-email.js

@@ -0,0 +1,11 @@
+/**
+ * Practical email validation regular expression from zod
+ * https://colinhacks.com/essays/reasonable-email-regex
+ * https://github.com/colinhacks/zod/blob/ee5615d76b93aac15d7428a17b834a062235f6a1/packages/zod/src/v4/core/regexes.ts#L24
+ * Couldn't figure out the maze of exports in zod so I just vedored the regex directly.
+ *
+ * @type {RegExp} Regular expression for validating reasonable email addresses
+ */
+export const reasonableEmail =
+   // eslint-disable-next-line no-useless-escape
+   /^(?!\.)(?!.*\.\.)([A-Za-z0-9_'+\-\.]*)[A-Za-z0-9_+-]@([A-Za-z0-9][A-Za-z0-9\-]*\.)+[A-Za-z]{2,}$/

package/tsconfig.json

@@ -1,7 +1,12 @@
 {
   "extends": "@voxpelli/tsconfig/node20.json",
   "compilerOptions": {
-    "skipLibCheck": true
+    "skipLibCheck": true,
+    "erasableSyntaxOnly": true,
+    "allowImportingTsExtensions": true,
+    "rewriteRelativeImportExtensions": true,
+    "verbatimModuleSyntax": true,
+    "module": "nodenext"
   },
   "include": [
     "./**/*"

package/wildcard-disposable.cjs

@@ -0,0 +1,3 @@
+const wcDisposable = require('./wildcard-disposable.json')
+
+module.exports.wcDisposable = new Set(wcDisposable)

package/wildcard-disposable.d.cts

@@ -0,0 +1,2 @@
+export const wcDisposable: Set<string>;
+//# sourceMappingURL=wildcard-disposable.d.cts.map

package/wildcard-disposable.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wildcard-disposable.d.cts","sourceRoot":"","sources":["wildcard-disposable.cjs"],"names":[],"mappings":""}

package/wildcard-disposable.json

@@ -0,0 +1,5 @@
+[
+ "discardmail",
+ "mailcatch",
+ "spambog"
+]