Azure AD B2C Sign Up user flow accepts temporary email (like mailinator.com) and sends verification code. The Reset Password user flow also behaves similar.
This means a malicious attacker easily can write a script which floods your AD B2C with zillions of users.
Question
Is there any supported way to prevent this, or any idea of workaround(s)?
Reasoning
Microsoft guards itself against creating Microsoft accounts using temporary emails. (you can not create a Microsoft account using such an email). It is a reasonable security decision. Using B2C you also would like to have a similar guard for your application accounts.
Implementing the guard logic in your application logic is not a solution, because the train has gone: the account already created.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 在下西门庆 的文章《How to overcome Azure AD B2C Sign Up accepts tempo》','https://www.manongdao.com/article-949531.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}