### [How to Create a Global Denylist](https://wpforms.com/developers/how-to-create-a-global-denylist/) **Published:** October 17, 2023 **Author:** Editorial Team **Excerpt:** This tutorial will use PHP to create a global denylist by email domain to block certain domains from completing your forms. **Content:** ## Overview Are you interested in establishing a global denylist at the domain level that applies to all of your forms? Crafting such a list will guarantee that any previously flagged spam emails are universally blocked across all your WPForms through a single, unified function. By default, using the Allowlist or Denylist you can easily block domains for each form using `*@bad-domain.com`. To find more about setting up an Allowlist or Denylist, [please check out this helpful guide](https://wpforms.com/docs/how-to-create-an-allowlist-denylist-for-email-addresses-in-wpforms/ "Creating an Email Address Allowlist or Denylist"). However, the primary aim of this tutorial is to establish a global list, eliminating the need for individual edits in each form. Harnessing the capabilities of PHP, constructing such a list becomes a straightforward and expeditious process, as we will demonstrate in this tutorial! ## Adding the snippet Now it’s time for us to add the snippet to our site and customize the list by domain names we want to block. Simply copy and paste this snippet to your site. For any assistance in how and where to add snippets to your site, [please review this tutorial](https://wpforms.com/developers/how-to-add-custom-php-or-javascript-for-wpforms/ "How to Add Custom PHP or JavaScript for WPForms"). ``` /* * Global denylist for domains on all WPForms. * * @link https://wpforms.com/developers/how-to-create-a-global-denylist/ */ function wpf_dev_blacklist_global_domains( $field_id, $field_submit, $form_data ) { // Find the domain name, anything after the @ symbol $domain = substr( strrchr( $field_submit, "@" ), 1 ); // Add the domains here, separated by commas $blacklist = array( 'deny.com', 'nope.com' ); // Customize the error message that will be shown if( in_array( $domain, $blacklist ) ) { wpforms()->process->errors[ $form_data[ 'id' ] ][ $field_id ] = esc_html__( 'We apologize, this domain is not accepted.', 'wpforms' ); return; } } add_action('wpforms_process_validate_email', 'wpf_dev_blacklist_global_domains', 10, 3 ); ``` This snippet will look at the domain name entered in the email field and check it against the global list that you’ve built in this snippet. Domain names can be listed in the **domain@.com** format. But each domain is listed with single quotes and then separated by a comma. When any user tries to enter that domain and submits the form, they’ll see the error. ![using this snippet you can easily create a global denylist](https://wpforms.com/wp-content/uploads/2023/10/wpforms-block-domain-global.jpg) And that’s it! You’ve successfully created a global denylist for all your WPForms. Would you like to also block profanity in your forms? Take a look at our tutorial on [How to Block Form Submissions Containing Profanity](https://wpforms.com/developers/how-to-block-form-submissions-containing-profanity/ "How to Block Form Submissions Containing Profanity"). ## Related Action Reference: [wpforms\_process\_validate\_email](https://wpforms.com/developers/wpforms_process_validate_email/ "Using the wpforms_process_validate_email action") **Categories:** Snippets **Tags:** PHP ---