Dear keycloak community, there are several fake and trash email provider which allow you to send and receive emails with a fake acount (a list can be found here: https://www.mogelmail.de/). Some of these websides provide inbox access without any protection which is a point of attack for hackers (e.g. https://www.byom.de/nachrichten/privatdetekteien?m=bla or https://www.trash-mail.com/posteingang/). We would like to secure our customers from using such fake accounts for transaction email in keycloak. Therefore, we propose this as feature of keycloak that could be managed in the email tab of realm settings (admin console). If this feature would be interesting, we could impletent this functionality and create a pull request? Best regards Alex Dr. Alexander Stanik AVM GmbH IT - Backend Services Phone +49 30 39976-7510 Mobile +49 152 5259-7510 a.stanik(a)avm.de avm.de AVM Audiovisuelles Marketing und Computersysteme GmbH, Alt-Moabit 95, 10559 Berlin, Germany HRB 23075 AG Charlottenburg, CEO (Geschäftsführer): Johannes Nill