B2B sites often need to ensure that visitors register or enquire using a company email address rather than a free provider like Gmail or Yahoo. The approach below loads a JSON blocklist of free email domains, checks the user’s input on the fly using jQuery, and prevents form submission if a blocked domain is detected.
Problem: A B2B contact form is receiving low-quality submissions from Gmail, Yahoo, Hotmail, and other free email providers — the form should only accept corporate domain addresses.
Solution: Maintain a JSON list of known free email provider domains, fetch it on page load with $.getJSON(), and validate the email field on form submit with a jQuery handler that checks the domain suffix and shows an inline error message if a free provider is detected.
Step 1. Obtain a list of free email domains and save it as free_email_vendors.json in your theme's /js/ folder. The file is an array of objects, each with a single domain key:
[
{ "domain": "gmail.com" },
{ "domain": "yahoo.com" },
{ "domain": "hotmail.com" },
{ "domain": "outlook.com" }
]Step 2. Enqueue the JSON path via wp_localize_script() so JavaScript knows where to fetch it:
<?php
add_action( 'wp_enqueue_scripts', 'enqueue_theme_scripts' );
function enqueue_theme_scripts() {
wp_enqueue_script(
'main-script',
get_template_directory_uri() . '/js/main.js',
[ 'jquery' ],
null,
true
);
wp_localize_script( 'main-script', 'themeData', [
'templateUrl' => get_template_directory_uri(),
] );
}Step 3. In main.js, load the blocklist and wire up the validation logic. The check fires on every keystroke after the @ character, and again on form submit as a safety net:
( function ( $ ) {
'use strict';
var blockedDomains = [];
// Load blocklist once
$.getJSON( themeData.templateUrl + '/js/free_email_vendors.json', function ( data ) {
blockedDomains = $.map( data, function ( item ) { return item.domain; } );
} );
function isBlockedDomain( email ) {
var parts = email.split( '@' );
return parts.length === 2 && $.inArray( parts[1].toLowerCase(), blockedDomains ) !== -1;
}
function showEmailError( $field ) {
if ( $field.next( '.email-warning' ).length === 0 ) {
$field.after( '<span class="email-warning">Please use your company email address.</span>' );
}
$field.closest( 'form' ).find( '[type="submit"]' ).prop( 'disabled', true );
}
function clearEmailError( $field ) {
$field.next( '.email-warning' ).remove();
$field.closest( 'form' ).find( '[type="submit"]' ).prop( 'disabled', false );
}
$( document ).on( 'input', '#form [type="email"]', function () {
var $field = $( this );
if ( isBlockedDomain( $field.val() ) ) {
showEmailError( $field );
} else {
clearEmailError( $field );
}
} );
$( document ).on( 'submit', '#form', function ( e ) {
var $field = $( this ).find( '[type="email"]' );
if ( isBlockedDomain( $field.val() ) ) {
e.preventDefault();
showEmailError( $field );
}
} );
} )( jQuery );NOTE: Client-side validation is easily bypassed — always validate the email domain server-side as well. On the PHP side, extract the domain from the submitted address and check it against the same list before processing the form. Never rely solely on JavaScript for security-sensitive validation.