LEAV – Last Email Address Validator by smings
We believe that your lifetime is the most precious and protection worthy thing in the universe. Protecting it is a critical task.
LEAV helps you to effectively protect your lifetime against spammers that use fake or disposable email adresses for the standard WordPress user registration, WordPress’s comments, WooCommerce, Elementor Pro, Contact Form 7, Gravity Forms, WPForms (lite), Ninja Forms, Formidable Forms, Kali Forms and many more plugins to come.
LEAV works out of the box without the need to sign up or register and without the use of external APIs. All the action takes place fully within your control and on your own WordPress instance. No email address nor other form data has to be sent to an API outside your control.
We built this plugin, because we were frustrated with the lack of deep email validation beyond just superficial syntax checks in all the WordPress functions, plugins and form builders, that we used ourselves.
We created LEAV with a better feature set than most paid services like quickemailverification.com, antideo and others. But LEAV is for free! And it will stay free forever. If you still miss a plugin, that we do not yet support or another way of extra protection, please contact us at email@example.com. We are always happy to make LEAV better. Please have a look at our roadmap below for future plugin integrations.
LEAV is the only free WordPress plugin that provides unlimited email address validations
and reliable disposable email address protection that seamlessly integrates with almost all of the big WordPress form plugins, form builders and WordPress standard functions.
Currently “Last Email Address Validator” integrates with:
* WordPress user registration
* WordPress comments
* WooCommerce tested up to 4.9.* (5,000,000+ installations)
* Contact Form 7 tested up to 5.3.* (5,000,000+ installations)
* WPForms (lite) tested up to 1.6.* (3,000,000+ installations)
* Ninja Forms tested up to 3.4.* (1,000,000+ installations)
* MailChimp for WordPress MC4WP tested up to 4.8.1 (1,000,000+ installations)
* Formidable Forms tested up to 4.09.* (300,000+ Installations)
* Elementor Pro tested up to 3.0.* (est. 150,000+ Pro Installations)
* Gravity Forms tested up to 2.5.* (est. 100,000+ Installations)
* Kali Forms tested up to 2.2.* (30,000+ installations)
which gives LEAV a current plugin reach of 15mio+ WordPress installations. And these numbers only cover the freely available plugin installation numbers from the plugin directory on WordPress.org/plugins and some reasonable guesses for the commercial plugin installations.
If your plugin has a newer version than listed – don’t worry! Our integrations are extremely stable and are very unlikely to break when the supported plugins are being updated.
Additionally to the email validation and filter features, LEAV let’s you control whether you want to allow pingbacks & trackbacks.
Pingbacks and trackbacks unfortunately don’t come with email addresses that could be
* WordPress Trackbacks
* WordPress Pingbacks
We are currently working on integrating the following plugins:
- OptinMonster API (1,000,000+ installations)
- Popup Maker (500,000+ installations)
- Newsletter (300,000 installations)
- Caldera Forms (200,000+ installations)
- Popup Builder (200,000+ installations)
- BuddyPress (200,000+ installations)
- Everest Forms (100,000+ installations)
- MailPoet 2 (100,000+ installations)
- MailPoet 3 (100,000+ installations)
- Form Maker (100,000+ installations)
- MailChimp (100,000+ installations)
- Ultimate Member (100,000+ installations)
- Easy Forms for Mailchimp (100,000+ installations)
- Email Subscribers & Newsletters (100,000+ installations)
- Free & Simple Contact Form (100,000+ installations)
- Hustle (90,000 installations)
- Forminator (80,000+ installations)
- Visual Form Builder (70,000+ installations)
- Popups – WordPress Popup (60,000+ installations)
- Newsletter, SMTP, Email marketing and Subscribe forms (50,000+ installations)
- User Registration (50,000+ installations)
- Subscribe2 (40,000+ installations)
- Icegram – Popups, Optins, CTAs & lot more… (40,000+ installations)
- Gwolle Guestbook (40,000+ installations)
- Happy Forms (30,000+ installations)
- Contact Form Maker (30,000+ installations)
- ConvertKit (30,000+ installations)
- Fluent Forms (30,000+ installations)
- Popup by Supsystic (30,000+ installations)
- WP Subscribe (30,000+ installations)
- weForms (20,000+ installations)
- WP User Frontend (20,000+ installations)
- CaptainForm (20,000+ installations)
- Clean and Simple Contact Form (20,000+ installations)
- Contact Form by Supsystic (20,000+ installations)
- Contact Form Email (20,000+ installations)
- Lead Form Builder (20,000+ installations)
- MailMunch (20,000+ installations)
- Ultimate Form Builder Lite (20,000+ installations)
- WP WooCommerce Mailchimp (20,000+ installations)
- MC4WP: Mailchimp Top Bar (10,000+ installations)
- Email Before Download (10,000+ installations)
When we finish this list, we’ll be able to serve up to ~20mio+ installations.
Please help us spread the word and recommend our plugin to others and leave us an
honest review. It might take some time to set up the validation and filter settings. Please trust us, it is more than worth your while doing so …
LEAV – Last Email Address Validator by smings validates email addresses through a sophisticated multi-step validation process:
Blocking recipient name catch-all email addresses like (i.e. firstname.lastname@example.org) (optional)
User-defined domain whitelist with wildcard support (optional)
User-defined email address whitelist (optional)
User-defined recipient name whitelist with wildcard support (optional)
User-defined domain blacklist with wildcard support (optional)
Blocking of disposable email address (DEA) or temporary email address services – if activated checks and filters out DEAs . The list gets frequently updated and blocks the main domains, their underlying mail exchange (MX) server domains as well as the MX server IP addresses. This ensures that you don’t get duped by a simple domain alias that routes its MX entries to the same DEA MX servers. (optional)
Blocking of free email address providers from built-in domain list. This is a feature for those who only want to collect business email addresses. (optional)
User-defined email address blacklist (optional)
User-defined recipient name blacklistlist with wildcard support (optional)
Built-in role-based recipient name blacklistlist with wildcard support (optional)
DNS MX record check – checks if the domain of the email address is DNS resolvable and has at least one MX server (MX = Mail eXchange) record (always on)
Simulated sending of an email to one of the MX servers. If this siumulation fails, we know that your WordPress instance could not send an email to the email address. Therefore we reject such email addresses (optional)
Blocking of catch-all domains (optional)
If an email address passes through all of these tests, we know for sure, that it is a real email address that your WordPress instance can deliver emails to. This will reduce spam significantly. No matter how good LEAV works, we still
encourage you to use additional spam protection by using reCATCHAs (i.e. googles reCAPTCHA v3 that
is invisible except for a little banner that has to be added (at least on the form pages), honeypots and/or other means to protect your valuable lifetime.
After all – all the above tests just verify the email address’s correctness and deliverability, but it doesn’t prove that the person in front of the computer entering the email address has access to it.
This check is part of our LEAV PRO version. LEAV’s PRO version verifies that the person entering the email address has access to the email address. By connecting the email address with the person interacting with your WordPress website, you can reduce the amount of SPAM even further. We try to automatically integrate a so-called honeypot feature to all supported plugins and additionally we will add RBL (Real Time Black) checks, to make your contact forms / online forms as safe as possible.
But even after all this, you’ll probably be bothered every now and then. But you’ll save a ton of your precious lifetime with the above checks provided by LEAV.
The inspiration for this plugin stems from the plugin wp-mail-validator.
Since this plugin only supported the standard WordPress registration, comments and
Trackbacks/Pingbacks, we took the code and extended it to work with Contact Form 7 as well as WooCommerce. The original code was not following best practices and had other shortcomings. So with version 1.3.0 we decided to completely rewrite everything and did a major code refactoring. This allowed us to have a solid foundation for a lot more supported WordPress plugins to come.
If you need “LEAV – Last-Email-Address-Validator” to integrate with a plugin you use, feel free to contact us at email@example.com for feature requests. Before you do so, please check with our road map to see if it is already listed.
Installation from within your WordPress installation
- Go to
- Search for
Last Email Address Validator
- Click on the
- Click on the
- Go to wordpress.org/plugins/last-email-address-validator/
- Click on
Download– this downloads a zip file
- Extract the zip file. It contains the directory
- Upload the extracted plugin directory into the
~/wp-content/pluginsdirectory of your WordPress installation. Afterwards you should have a directory
~/wp-content/plugins/last-email-address-validatorfilled with the contents of the plugin code
- Go to
Pluginsin your WordPress installation (menu item in the left sidebar)
Last Email Address Validatorplugin in the plugin list
- For using translations, you can optionally copy the language files from
Fresh after installing LEAV, you find
LEAV as a menu item right in your main menu. Afterwards you can move the LEAV menu item into the WordPress settings menu. In this case you find
Last Email Address Validator‘s settings under
Settings -> Last Email Address Validator.
By default all relevant features are activated and set to the highest level of spam protection.
You should not need to adjust anything unless you want to deactivate options, want to use white/blacklists or further tweak the settings to your individual needs.
Help us help you
We are sure that you’ll appreciate the extra level of spam protection provided by Last Email Address Validator (LEAV) by smings.
We take great pride in the fact that it is the only plugin to support all major WordPress form plugins out of the box for free. We believe that everyone deserves to get his lifetime SPAM protected. So LEAV isn’t limited in the number of validations it does for you. The author, Dirk Tornow, has a baby girl and a rascal toddler that need daycare and much more. Therefore we ask you to show him your appreciation by considering a one-time donation via PayPal or by becoming a patreon.
This will help us help you and gives you good karma points!
Limitations of the free plugin
None – there aren’t any. LEAV validates as many email addresses as your WordPress instance can handle. It makes sure that all entered email addresses are deliverable and confirm to the rules you set. No sign-up, no registration, no API keys necessary. No email address will leave your server. LEAV is 100% made with love in Berlin, Germany.
For those who need more protection and more validations, we currently develop the pro version of LEAV. The pro version of LEAV validates, that the person entering the email address has actual access and control over the email account. It does this by sending a verification code to the entered email address and provides the user who entered the email address with a verification step before the form data gets send to the underlying plugin. No matter the plugin. LEAV pro supplies the functionality for all supported plugins.
Additionally LEAV pro will do Realtime Blackhole List (RBL) checks to make sure the email address entered is not from known spammer domains. And this will be as affordable as 2 starbucks coffees per year.
How exactly does LEAV validate email addresses?
LEAV – Last Email Address Validator by smings validates email addresses of the supported WordPress functions and plugins in the following multi-step process:
Email Address Syntax Validation (always active)
Checks if the email address is syntactically correct. This acts as a backup check for the plugin’s checks. Some plugins only have a frontend based email syntax check. This is a regular expression-based server-side check. We wouldn’t even need it, but use it for performance reasons to filter out wrong emails without further checking
Recipient Name Catch-All Syntax (optional)
Controls if you want to filter out email addresses with a recipient name catch-all syntax. For more information what a recipient name catch-all syntax is, please check our FAQ entry below.
Domain Whitelist (optional)
Filters against the user-defined email domain whitelist (if activated).
Use this whitelist to override potential false positives from extensive (wildcard) domain blacklist rules. Whenever an email address gets matches by this whitelist, the domain blacklist check gets skipped.
We kindly ask you to inform us at firstname.lastname@example.org about wrongfully blacklisted domains, so that we can correct any errors asap.
Email Address Whitelist (optional)
Filters against the user-defined email whitelist (if activated).
If you need to override specific email addresses that would otherwise get filtered out by the blacklist filters.
Recipient Name Whitelist (optional)
Filters against the user-defined recipient name whitelist (if activated)
If you need to override specific recipient names that would otherwise get filtered out by either the user-defined recipient name blacklist or the role-based recipient name blacklist. If a recipient name gets matched by this whitelist, both recipient name blacklist checks get skipped.
Domain Blacklist (optional)
Filters against the user-defined email domain blacklist (if activated).
Free Email Address Provider Domain Blacklist (optional)
Filters against the built-in free email address provider domain blacklist (if activated). This list gets updated with new plugin releases. Our list allows the use of wildcards and is fine-tuned to filter out thousands of free email providers.
Email Address Blacklist (optional)
Filters against the user-defined email address blacklist (if activated).
Recipient Name Blacklist (optional)
Filters against the user-defined recipient name blacklist (if activated).
Role-Based Recipient Name Blacklist (optional)
Filters against the built-in role-based recipient name blacklist (if activated).
DNS MX Server Lookup (always active)
Check if the email address’s domain has a DNS entry with MX records.
Disposable Email Address (DEA) Service Blacklist (optional)
Filters against the built-in extensive blacklist of disposable email services (if activated). This list gets updated with new plugin releases. If activated email adresses from disposable email address services (DEA) i.e. mailinator.com, maildrop.cc, guerrillamail.com and many more will be rejected. LEAV manages a comprehensive list of DEA services that is frequently updated. We block the underlying MX server domains and IP addresses – not just the website domains. This bulletproofs the validation against domain aliases and makes it extremely reliable, since it attacks DEAs at their core. This is much better and much more stable than other validators, that have to constantly update their lists. Many of which make you pay for their “dynamic” lists (which is nonsense).
Simulate Email Sending (optional)
Connects to one of the MX servers and simulates the sending of an email from email@example.com to the entered email address. No actual email will be sent out. This is just LEAV asking the receiving server, if it would accept the email address. Then the dialog with the MX server gets terminated without any email being sent. It’s essentially like looking at a house’s mailboxes and checking if there is a mailbox with a specific name on it and if we can open it and see if the letter would fit in without dropping it into the mailbox.
Reject Email Addresses from Catch-All Domains (optional)
Optionally filters out all email addresses that originate from domains that accept emails for ANY recipient name. These are domains that allow arbritary recipient names like firstname.lastname@example.org.
For whom might this be important? I.e. if you have a website with a free trial, you might want to make it a bit harder for leechers to get an unlimited amount of free accounts. Of course users with their own domains can create an unlimited amount of email accounts, but by not allowing catch-all domains, it makes it harder for them. Disclaimer: There is generally nothing wrong about catch-all domains. You’ll have to decide for yourself, whether this is important for you or not. Just so you know: even gmail.com allows any recipient name. If this option is used, you should also reject email addresses from free email address providers. And it might still hamper with what you want to achieve. This is just an option for rare cases.
Can I use wildcards for the whitelists/blacklists?
Yes you can. We have a complete documentation on how to use it along with many
built-in examples in our provided blacklists for role-based recipient names and
free email address provider domain list.
There are no reviews for this plugin.
Contributors & Developers
“LEAV Last Email Address Validator” is open source software. The following people have contributed to this plugin.Contributors
“LEAV Last Email Address Validator” has been translated into 1 locale. Thank you to the translators for their contributions.
Interested in development?
- Compatibility updates for WP 5.7.1
- Compatibility updates for WP 5.7
- Added support for Gravity Forms plugin
- Added support for Elementor Pro plugin
- moved binaries into different folder for WP’s SVN asset location compliance
- Optimized settings page’s assets for faster loading
- added support for more assets
- Bugfix release – fixing a bug in the settings page for testing email addresses
- Enhanced supported plugin compatibility
- Testing compatibility for WP 5.6
- Upgrades for WP 5.6
- Completed the German translation
- Updated DEA blacklist
- Updated translations
- Optimized translatability and security of the plugin
- Added wildcard support for domains and recipient names in white/blacklists
- Updated German translation
- Excluded internal test validations from global block count
- Added catch-all domain filter feature
- Added user-defined recipient name white/blacklists
- Added email test field in the settings
- Added role-based recipient name blacklist
- Added user-defined recipient name blacklist
- Added option for blocking recipient name catch-all syntax
- Added Support for Kali Forms
- Added Support for Formidable Forms
- Added control over menu locations
- Refactoring of translation strings
- Added support for Mailchimp for WordPress (MC4WP)
- Added custom validation error messages for easy customization / translation
- Finalized class refactoring
- Versioned / auto-updated dea provider lists
- Added settings for configurable validation messages
- Added settings for configurable email field names for Ninja Forms
- Updated German translation
- Continued refactoring and major upgrade of sanitization and validation of settings form data
- Centralized static variables
- Added uninstall.php (extra file for easier readability)
- Updated Screenshots
- Added support for Ninja Forms
- Complete refactoring of the code for better readability and easier extending
- Added support for WPForms
- Fixed minor validation bugs
- optimized descriptions and German translations
- added screenshots
- Completed German translation
- Optimized settings
- added woocommerce support
- added Contact Form 7 support
- Initial German translations