The ability to add a list of email addresses that wouldn’t be allowed to sign up for/ log into my Stytch project would be useful.
Right now, in order to block a user, I need to maintain an internal denylist, add email addresses to it, and then check the denylist when users enter their email address during the signup/ login flow.
It would be a nice feature if Stytch could maintain the denylist instead and handle this for me. I could add/ remove email addresses through the API or the Stytch Dashboard.
Hey Bertie – thanks for posting!
I’ll raise this internally with our team as a feature request for future consideration. I can definitely see the use case for this, and appreciate you taking the time to share!
Hey Bertie, one other thing I’d add here is that this is a great use case for our device fingerprinting product, especially as it’s relatively trivial for attackers to change identifiers like email/IP/user_agent/etc.
Here’s an overview on the device fingerprinting product: Fraud docs | Stytch. Reach out if you’d like to chat more on it!