diff --git a/libs/shared/guards/src/lib/admin-panel-guard.ts b/libs/shared/guards/src/lib/admin-panel-guard.ts
index 7f76ab45a04..7de7990c35d 100644
--- a/libs/shared/guards/src/lib/admin-panel-guard.ts
+++ b/libs/shared/guards/src/lib/admin-panel-guard.ts
@@ -49,6 +49,7 @@ export enum AdminPanelFeature {
   UnsubscribeFromMailingLists = 'UnsubscribeFromMailingLists',
   RateLimiting = 'RateLimiting',
   DeleteRecoveryPhone = 'DeleteRecoveryPhone',
+  EmailBlocklist = 'EmailBlocklist',
 }
 
 /** Enum of known user groups */
@@ -209,6 +210,10 @@ const defaultAdminPanelPermissions: Permissions = {
     name: 'Delete Recovery Phone',
     level: PermissionLevel.Admin,
   },
+  [AdminPanelFeature.EmailBlocklist]: {
+    name: 'Manage Email Blocklist',
+    level: PermissionLevel.Admin,
+  },
 };
 
 /**
diff --git a/packages/db-migrations/databases/fxa/patches/patch-189-190.sql b/packages/db-migrations/databases/fxa/patches/patch-189-190.sql
new file mode 100644
index 00000000000..7e481194987
--- /dev/null
+++ b/packages/db-migrations/databases/fxa/patches/patch-189-190.sql
@@ -0,0 +1,11 @@
+SET NAMES utf8mb4 COLLATE utf8mb4_bin;
+
+CALL assertPatchLevel('189');
+
+CREATE TABLE IF NOT EXISTS emailBlocklist (
+  regex VARCHAR(768) NOT NULL,
+  createdAt BIGINT UNSIGNED NOT NULL,
+  UNIQUE KEY uq_emailBlocklist_regex (regex)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
+
+UPDATE dbMetadata SET value = '190' WHERE name = 'schema-patch-level';
diff --git a/packages/db-migrations/databases/fxa/patches/patch-190-189.sql b/packages/db-migrations/databases/fxa/patches/patch-190-189.sql
new file mode 100644
index 00000000000..9a0a05a30ad
--- /dev/null
+++ b/packages/db-migrations/databases/fxa/patches/patch-190-189.sql
@@ -0,0 +1,7 @@
+SET NAMES utf8mb4 COLLATE utf8mb4_bin;
+
+CALL assertPatchLevel('190');
+
+DROP TABLE IF EXISTS emailBlocklist;
+
+UPDATE dbMetadata SET value = '189' WHERE name = 'schema-patch-level';
diff --git a/packages/db-migrations/databases/fxa/target-patch.json b/packages/db-migrations/databases/fxa/target-patch.json
index 0c70ea751d3..31fd730cf3d 100644
--- a/packages/db-migrations/databases/fxa/target-patch.json
+++ b/packages/db-migrations/databases/fxa/target-patch.json
@@ -1,3 +1,3 @@
 {
-  "level": 189
+  "level": 190
 }
diff --git a/packages/fxa-admin-panel/src/App.tsx b/packages/fxa-admin-panel/src/App.tsx
index 8cc61bbad04..2c16ed75e27 100644
--- a/packages/fxa-admin-panel/src/App.tsx
+++ b/packages/fxa-admin-panel/src/App.tsx
@@ -15,6 +15,7 @@ import PageRelyingParties from './components/PageRelyingParties';
 import PageAccountDelete from './components/PageAccountDelete';
 import PageRateLimiting from './components/PageRateLimiting';
 import PageAccountReset from './components/PageAccountReset';
+import PageEmailBlocklist from './components/PageEmailBlocklist';
 
 const App = ({ config }: { config: IClientConfig }) => {
   const [guard, setGuard] = useState<AdminPanelGuard>(config.guard);
@@ -46,6 +47,12 @@ const App = ({ config }: { config: IClientConfig }) => {
               {guard.allow(AdminPanelFeature.AccountReset, user.group) && (
                 <Route path="/account-reset" element={<PageAccountReset />} />
               )}
+              {guard.allow(AdminPanelFeature.EmailBlocklist, user.group) && (
+                <Route
+                  path="/email-blocklist"
+                  element={<PageEmailBlocklist />}
+                />
+              )}
               <Route path="/permissions" element={<PagePermissions />} />
             </Routes>
           </AppLayout>
diff --git a/packages/fxa-admin-panel/src/components/Nav/index.tsx b/packages/fxa-admin-panel/src/components/Nav/index.tsx
index 0b6016c66d4..b1cb85b1926 100644
--- a/packages/fxa-admin-panel/src/components/Nav/index.tsx
+++ b/packages/fxa-admin-panel/src/components/Nav/index.tsx
@@ -7,6 +7,7 @@ import { NavLink } from 'react-router-dom';
 import accountIcon from '../../images/icon-account.svg';
 import keyIcon from '../../images/icon-key.svg';
 import logsIcon from '../../images/icon-logs.svg';
+import emailBlocklistIcon from '../../images/icon-email-blocklist.svg';
 import { AdminPanelFeature } from '@fxa/shared/guards';
 import Guard from '../Guard';
 
@@ -67,6 +68,21 @@ export const Nav = () => (
             </NavLink>
           </li>
         </Guard>
+        <Guard features={[AdminPanelFeature.EmailBlocklist]}>
+          <li>
+            <NavLink
+              to="/email-blocklist"
+              className={({ isActive }) => getNavLinkClassName(isActive)}
+            >
+              <img
+                className="inline-flex mr-2 w-4"
+                src={emailBlocklistIcon}
+                alt="blocklist icon"
+              />
+              Email Blocklist
+            </NavLink>
+          </li>
+        </Guard>
         <Guard features={[AdminPanelFeature.RelyingParties]}>
           <li>
             <NavLink
diff --git a/packages/fxa-admin-panel/src/components/PageEmailBlocklist/index.tsx b/packages/fxa-admin-panel/src/components/PageEmailBlocklist/index.tsx
new file mode 100644
index 00000000000..10a8a104f7f
--- /dev/null
+++ b/packages/fxa-admin-panel/src/components/PageEmailBlocklist/index.tsx
@@ -0,0 +1,229 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import React, { useCallback, useEffect, useRef, useState } from 'react';
+import { adminApi } from '../../lib/api';
+import type { EmailBlocklistEntry } from 'fxa-admin-server/src/types';
+
+const btnClass =
+  'bg-grey-10 border-2 p-1 border-grey-100 font-small leading-6 rounded';
+
+const PageEmailBlocklist = () => {
+  const [entries, setEntries] = useState<EmailBlocklistEntry[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+  const [submitting, setSubmitting] = useState(false);
+  const textareaRef = useRef<HTMLTextAreaElement>(null);
+  const fileInputRef = useRef<HTMLInputElement>(null);
+
+  const loadEntries = useCallback(async () => {
+    setError(null);
+    try {
+      const data = await adminApi.getEmailBlocklist();
+      setEntries(
+        [...data].sort(
+          (a, b) => b.createdAt - a.createdAt || a.regex.localeCompare(b.regex)
+        )
+      );
+    } catch (e) {
+      setError('Failed to load blocklist.');
+    }
+  }, []);
+
+  useEffect(() => {
+    setLoading(true);
+    loadEntries().finally(() => setLoading(false));
+  }, [loadEntries]);
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    const raw = textareaRef.current?.value ?? '';
+    const regexes = raw
+      .split('\n')
+      .map((x) => x.trim())
+      .filter((x) => x.length > 0);
+
+    if (regexes.length === 0) return;
+
+    setSubmitting(true);
+    try {
+      await adminApi.addEmailBlocklistEntries(regexes);
+      if (textareaRef.current) textareaRef.current.value = '';
+      await loadEntries();
+    } catch (e) {
+      window.alert(
+        `Error: ${e instanceof Error ? e.message : 'Unknown error'}`
+      );
+    } finally {
+      setSubmitting(false);
+    }
+  };
+
+  const handleFileChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+    const file = e.target.files?.[0];
+    if (!file) return;
+    const reader = new FileReader();
+    reader.onload = (ev) => {
+      const lines = (ev.target?.result as string)
+        .split(/\r?\n/)
+        .map((l) => l.trim().replace(/^"|"$/g, ''))
+        .filter((l) => l.length > 0);
+      if (textareaRef.current) textareaRef.current.value = lines.join('\n');
+    };
+    reader.readAsText(file);
+    e.target.value = '';
+  };
+
+  const handleDelete = async (regex: string) => {
+    try {
+      await adminApi.removeEmailBlocklistEntry(regex);
+      setEntries((prev) => prev.filter((e) => e.regex !== regex));
+    } catch {
+      window.alert('Failed to remove entry.');
+    }
+  };
+
+  const handleDeleteAll = async () => {
+    if (
+      !window.confirm(
+        `Delete all ${entries.length} blocklist entries? This cannot be undone.`
+      )
+    )
+      return;
+    try {
+      await adminApi.deleteAllEmailBlocklistEntries();
+      await loadEntries();
+    } catch {
+      window.alert('Failed to delete all entries.');
+    }
+  };
+
+  return (
+    <>
+      <h2 className="header-page">Email Blocklist</h2>
+      <ul className="list-disc list-inside mb-4">
+        <li>
+          Blocks registration for emails matching any pattern. Does not affect
+          existing accounts.
+        </li>
+        <li>
+          Patterns are regexes matched against the full address. Mostly used for
+          domains (e.g. <code>@evildoge\.example\.com$</code>).
+        </li>
+        <li>
+          Use <code>$</code> to anchor to the end of the address — without it,{' '}
+          <code>@mozilla\.com</code> would also match{' '}
+          <code>@mozilla\.com.haxor.net</code>.
+        </li>
+        <li>
+          Enter one pattern per line, or upload a CSV/TXT file (one entry per
+          line). Duplicates are silently ignored.
+        </li>
+        <li>Blocked attempts are logged and counted in statsd.</li>
+        <li>
+          Changes propagate to auth-server within 5 minutes. Keep the list small
+          (hundreds of entries, not thousands) to avoid slowing registration.
+        </li>
+      </ul>
+      <p className="mb-4">
+        <strong>
+          ⚠️ Avoid complex patterns with nested quantifiers (e.g.{' '}
+          <code>{'(a+)+'}</code>).
+        </strong>{' '}
+        These can cause slow matching on every registration attempt. Stick to
+        simple domain patterns like <code>@domain\.com$</code>.
+      </p>
+
+      <form method="post" onSubmit={handleSubmit}>
+        <textarea
+          ref={textareaRef}
+          data-testid="blocklist-input"
+          name="regexList"
+          rows={8}
+          cols={60}
+          className="border-2 block"
+          placeholder={'@evildoge\\.example\\.com$\n@haxor\\.net$'}
+        />
+        <br />
+        <input
+          ref={fileInputRef}
+          type="file"
+          accept=".csv,.txt"
+          className="hidden"
+          onChange={handleFileChange}
+        />
+        <button
+          type="button"
+          className={btnClass}
+          onClick={() => fileInputRef.current?.click()}
+        >
+          📂 Load from file…
+        </button>
+        &nbsp;
+        <button
+          type="submit"
+          data-testid="blocklist-add-btn"
+          className="bg-green-50 border-2 p-1 border-green-300 font-small leading-6 rounded"
+          disabled={submitting}
+        >
+          ➕ Add Entries
+        </button>
+      </form>
+
+      <hr className="my-4" />
+
+      <div className="flex items-center justify-between mb-2">
+        <h2 className="header-page">Current Blocklist</h2>
+        {entries.length > 0 && (
+          <button
+            className="bg-red-50 border-2 p-1 border-red-300 font-small leading-6 rounded"
+            onClick={handleDeleteAll}
+          >
+            🗑️ Delete All
+          </button>
+        )}
+      </div>
+
+      {loading && <p>Loading…</p>}
+      {error && <p className="text-red-600">{error}</p>}
+      {!loading && !error && entries.length === 0 && (
+        <p className="result-grey">No entries yet.</p>
+      )}
+      {entries.length > 0 && (
+        <table className="w-full border-collapse text-sm">
+          <thead>
+            <tr className="bg-grey-50">
+              <th className="text-left p-2 border border-grey-100">Pattern</th>
+              <th className="text-left p-2 border border-grey-100">Added</th>
+              <th className="p-2 border border-grey-100"></th>
+            </tr>
+          </thead>
+          <tbody>
+            {entries.map((entry) => (
+              <tr key={entry.regex} className="hover:bg-grey-10">
+                <td className="p-2 border border-grey-100 font-mono">
+                  {entry.regex}
+                </td>
+                <td className="p-2 border border-grey-100 whitespace-nowrap">
+                  {new Date(entry.createdAt).toISOString()}
+                </td>
+                <td className="p-2 border border-grey-100 text-center">
+                  <button
+                    data-testid={`delete-${entry.regex}`}
+                    className={btnClass}
+                    onClick={() => handleDelete(entry.regex)}
+                  >
+                    🗑️ Remove
+                  </button>
+                </td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+      )}
+    </>
+  );
+};
+
+export default PageEmailBlocklist;
diff --git a/packages/fxa-admin-panel/src/images/icon-email-blocklist.svg b/packages/fxa-admin-panel/src/images/icon-email-blocklist.svg
new file mode 100644
index 00000000000..fba10cd492c
--- /dev/null
+++ b/packages/fxa-admin-panel/src/images/icon-email-blocklist.svg
@@ -0,0 +1,10 @@
+<svg width="16" height="16" viewBox="0 0 18 18" xmlns="http://www.w3.org/2000/svg">
+  <!-- Envelope -->
+  <path fill="currentColor" d="M1 3a1 1 0 0 1 1-1h12a1 1 0 0 1 1 1v10a1 1 0 0 1-1 1H2a1 1 0 0 1-1-1V3zm1 0v.511l5.555 3.7a.75.75 0 0 0 .89 0L14 3.511V3H2zm12 1.789-4.964 3.309a1.75 1.75 0 0 1-2.072 0L2 4.789V13h12V4.789z"/>
+  <!-- White backdrop -->
+  <circle cx="13" cy="13" r="4.5" fill="white"/>
+  <!-- No-entry circle -->
+  <circle cx="13" cy="13" r="4" fill="none" stroke="currentColor" stroke-width="1.5"/>
+  <!-- Diagonal slash -->
+  <line x1="10.17" y1="10.17" x2="15.83" y2="15.83" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/>
+</svg>
diff --git a/packages/fxa-admin-panel/src/lib/api.ts b/packages/fxa-admin-panel/src/lib/api.ts
index 734a6ff345f..da97d171dff 100644
--- a/packages/fxa-admin-panel/src/lib/api.ts
+++ b/packages/fxa-admin-panel/src/lib/api.ts
@@ -14,6 +14,7 @@ import type {
   AccountDeleteResponse,
   AccountDeleteTaskStatus,
   AccountResetResponse,
+  EmailBlocklistEntry,
 } from 'fxa-admin-server/src/types';
 
 function baseUrl() {
@@ -249,4 +250,28 @@ export const adminApi = {
       { method: 'DELETE' }
     );
   },
+
+  // ---- Email blocklist ----
+
+  getEmailBlocklist(): Promise<EmailBlocklistEntry[]> {
+    return apiFetch('/api/email-blocklist');
+  },
+
+  addEmailBlocklistEntries(regexes: string[]): Promise<{ ok: boolean }> {
+    return apiFetch('/api/email-blocklist/add', {
+      method: 'POST',
+      body: JSON.stringify({ regexes }),
+    });
+  },
+
+  removeEmailBlocklistEntry(regex: string): Promise<{ removed: boolean }> {
+    return apiFetch('/api/email-blocklist', {
+      method: 'DELETE',
+      body: JSON.stringify({ regex }),
+    });
+  },
+
+  deleteAllEmailBlocklistEntries(): Promise<{ ok: boolean }> {
+    return apiFetch('/api/email-blocklist/all', { method: 'DELETE' });
+  },
 };
diff --git a/packages/fxa-admin-server/src/rest/email-blocklist/email-blocklist.controller.ts b/packages/fxa-admin-server/src/rest/email-blocklist/email-blocklist.controller.ts
new file mode 100644
index 00000000000..8d3eeb30959
--- /dev/null
+++ b/packages/fxa-admin-server/src/rest/email-blocklist/email-blocklist.controller.ts
@@ -0,0 +1,110 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import {
+  BadRequestException,
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Post,
+  UseGuards,
+} from '@nestjs/common';
+import { AdminPanelFeature } from '@fxa/shared/guards';
+import { MozLoggerService } from '@fxa/shared/mozlog';
+import { EmailBlocklist } from 'fxa-shared/db/models/auth';
+import { AuthHeaderGuard } from '../../auth/auth-header.guard';
+import { AuditLog } from '../../auth/audit-log.decorator';
+import { Features } from '../../auth/user-group-header.decorator';
+import { CurrentUser } from '../../auth/auth-header.decorator';
+import type { EmailBlocklistEntry } from '../../types';
+
+@UseGuards(AuthHeaderGuard)
+@Controller('/api/email-blocklist')
+export class EmailBlocklistController {
+  constructor(private log: MozLoggerService) {}
+
+  @Get()
+  @Features(AdminPanelFeature.EmailBlocklist)
+  public async list(): Promise<EmailBlocklistEntry[]> {
+    return EmailBlocklist.findAll();
+  }
+
+  @Post('add')
+  @Features(AdminPanelFeature.EmailBlocklist)
+  @AuditLog()
+  public async add(
+    @Body('regexes') regexes: string[],
+    @CurrentUser() user: string
+  ): Promise<{ ok: boolean }> {
+    if (
+      !Array.isArray(regexes) ||
+      !regexes.every((r) => typeof r === 'string')
+    ) {
+      throw new BadRequestException(
+        'regexes must be a non-empty array of strings'
+      );
+    }
+
+    const trimmed = regexes.map((r) => r.trim()).filter((r) => r.length > 0);
+    if (trimmed.length === 0) {
+      throw new BadRequestException(
+        'regexes must be a non-empty array of strings'
+      );
+    }
+    const tooLong = trimmed.filter((r) => r.length > 768);
+    if (tooLong.length > 0) {
+      throw new BadRequestException(
+        `Regex(es) exceed maximum length of 768 characters: ${tooLong.join(', ')}`
+      );
+    }
+    const invalid = trimmed.filter((r) => {
+      try {
+        // CodeQL: patterns are admin-supplied and validated here before use
+        new RegExp(r); // lgtm[js/regexp-injection]
+        return false;
+      } catch {
+        return true;
+      }
+    });
+    if (invalid.length > 0) {
+      throw new BadRequestException(`Invalid regex(es): ${invalid.join(', ')}`);
+    }
+
+    await EmailBlocklist.addMany(trimmed);
+    this.log.info('emailBlocklist.add', { user, count: trimmed.length });
+    return { ok: true };
+  }
+
+  @Delete()
+  @Features(AdminPanelFeature.EmailBlocklist)
+  @AuditLog()
+  public async remove(
+    @Body('regex') regex: string,
+    @CurrentUser() user: string
+  ): Promise<{ removed: boolean }> {
+    if (typeof regex !== 'string' || regex.trim().length === 0) {
+      throw new BadRequestException('regex must be a non-empty string');
+    }
+    const trimmedRegex = regex.trim();
+    const removed = await EmailBlocklist.removeByRegex(trimmedRegex);
+    this.log.info('emailBlocklist.remove', {
+      user,
+      regex: trimmedRegex,
+      removed,
+    });
+    return { removed };
+  }
+
+  @Delete('all')
+  @Features(AdminPanelFeature.EmailBlocklist)
+  @AuditLog()
+  public async removeAll(
+    @CurrentUser() user: string
+  ): Promise<{ ok: boolean }> {
+    await EmailBlocklist.deleteAll();
+    this.log.info('emailBlocklist.removeAll', { user });
+    return { ok: true };
+  }
+}
diff --git a/packages/fxa-admin-server/src/rest/rest.module.ts b/packages/fxa-admin-server/src/rest/rest.module.ts
index b377fa6fadd..f25919f0b1e 100644
--- a/packages/fxa-admin-server/src/rest/rest.module.ts
+++ b/packages/fxa-admin-server/src/rest/rest.module.ts
@@ -18,6 +18,7 @@ import { AccountController } from './account/account.controller';
 import { EmailBounceController } from './email-bounce/email-bounce.controller';
 import { RelyingPartyController } from './relying-party/relying-party.controller';
 import { RateLimitingController } from './rate-limiting/rate-limiting.controller';
+import { EmailBlocklistController } from './email-blocklist/email-blocklist.controller';
 import {
   RateLimitProvider,
   RateLimitRedisProvider,
@@ -39,6 +40,7 @@ import { CartModule } from './cart.module';
     EmailBounceController,
     RateLimitingController,
     RelyingPartyController,
+    EmailBlocklistController,
   ],
   providers: [
     RateLimitProvider,
diff --git a/packages/fxa-admin-server/src/types.ts b/packages/fxa-admin-server/src/types.ts
index 81018b28731..15cf7843ebd 100644
--- a/packages/fxa-admin-server/src/types.ts
+++ b/packages/fxa-admin-server/src/types.ts
@@ -284,3 +284,8 @@ export interface AccountResetResponse {
   locator: string;
   status: AccountResetStatus;
 }
+
+export interface EmailBlocklistEntry {
+  regex: string;
+  createdAt: number;
+}
diff --git a/packages/fxa-auth-server/lib/routes/account.spec.ts b/packages/fxa-auth-server/lib/routes/account.spec.ts
index 1a8e5673a78..29da3c84a77 100644
--- a/packages/fxa-auth-server/lib/routes/account.spec.ts
+++ b/packages/fxa-auth-server/lib/routes/account.spec.ts
@@ -176,6 +176,7 @@ const makeRoutes = function (options: any = {}, requireMocks: any = {}) {
   // Set up fxa-shared/db/models/auth mock with per-call overrides
   fxaSharedDbModelsOverride = {
     getAccountCustomerByUid: mockGetAccountCustomerByUid,
+    EmailBlocklist: { findMatchingRegex: jest.fn().mockResolvedValue(null) },
     ...((requireMocks || {})['fxa-shared/db/models/auth'] || {}),
   };
   // Set up ../oauth/jwt mock if provided in requireMocks
@@ -1440,6 +1441,40 @@ describe('/account/stub', () => {
       errno: error.ERRNO.ACCOUNT_CREATION_REJECTED,
     });
   });
+
+  it('rejects account creation when email matches the blocklist', async () => {
+    const { mockRequest, mockLog, mockDB } = setup();
+
+    mockLog.info = jest.fn();
+
+    const blockedRegex = '@blocked\\.example\\.com$';
+    const accountRoutes = makeRoutes(
+      { log: mockLog, db: mockDB },
+      {
+        'fxa-shared/db/models/auth': {
+          EmailBlocklist: {
+            findMatchingRegex: jest.fn().mockResolvedValue(blockedRegex),
+          },
+        },
+      }
+    );
+    const route = getRoute(accountRoutes, '/account/create');
+
+    statsd.increment.mockClear();
+
+    await expect(runTest(route, mockRequest)).rejects.toMatchObject({
+      errno: error.ERRNO.REQUEST_BLOCKED,
+    });
+
+    expect(statsd.increment).toHaveBeenCalledWith('account.create.blocked');
+    expect(mockLog.info).toHaveBeenCalledWith(
+      'account.create.blocked',
+      expect.objectContaining({
+        domain: expect.any(String),
+        blockedRegex,
+      })
+    );
+  });
 });
 
 describe('/account/status', () => {
diff --git a/packages/fxa-auth-server/lib/routes/account.ts b/packages/fxa-auth-server/lib/routes/account.ts
index 4d6001d1100..c9a83187a70 100644
--- a/packages/fxa-auth-server/lib/routes/account.ts
+++ b/packages/fxa-auth-server/lib/routes/account.ts
@@ -1,7 +1,11 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-import { Account, getAccountCustomerByUid } from 'fxa-shared/db/models/auth';
+import {
+  Account,
+  EmailBlocklist,
+  getAccountCustomerByUid,
+} from 'fxa-shared/db/models/auth';
 import {
   AppStoreSubscription,
   PlayStoreSubscription,
@@ -611,8 +615,20 @@ export class AccountHandler {
       throw error.accountExists(email);
     }
 
-    // Block creation if email is reserved for secondary email registration
+    // Block creation if email matches the admin-managed blocklist
     const normalizedEmail = normalizeEmail(email);
+    const blockedRegex =
+      await EmailBlocklist.findMatchingRegex(normalizedEmail);
+    if (blockedRegex !== null) {
+      this.log.info('account.create.blocked', {
+        domain: normalizedEmail.split('@')[1],
+        blockedRegex,
+      });
+      this.statsd.increment('account.create.blocked');
+      throw error.requestBlocked(false);
+    }
+
+    // Block creation if email is reserved for secondary email registration
     const existingSecondaryEmailRecord = await getExistingSecondaryEmailRecord(
       normalizedEmail,
       request,
diff --git a/packages/fxa-shared/db/models/auth/email-blocklist.ts b/packages/fxa-shared/db/models/auth/email-blocklist.ts
new file mode 100644
index 00000000000..e78cd8ada9c
--- /dev/null
+++ b/packages/fxa-shared/db/models/auth/email-blocklist.ts
@@ -0,0 +1,76 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { BaseAuthModel } from './base-auth';
+
+const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+
+let cachedEntries: { regex: string; createdAt: number }[] | null = null;
+let cacheExpiresAt = 0;
+
+export class EmailBlocklist extends BaseAuthModel {
+  public static tableName = 'emailBlocklist';
+
+  regex!: string;
+  createdAt!: number;
+
+  static async findAll(): Promise<{ regex: string; createdAt: number }[]> {
+    return EmailBlocklist.knex()(EmailBlocklist.tableName)
+      .select('regex', 'createdAt')
+      .orderBy('createdAt', 'desc')
+      .orderBy('regex', 'asc');
+  }
+
+  /** Inserts regexes; silently skips duplicates via onConflict().ignore(). */
+  static async addMany(regexes: string[]): Promise<void> {
+    const rows = regexes.map((regex) => ({ regex, createdAt: Date.now() }));
+    await EmailBlocklist.knex()(EmailBlocklist.tableName)
+      .insert(rows)
+      .onConflict('regex')
+      .ignore();
+    EmailBlocklist.invalidateCache();
+  }
+
+  static async removeByRegex(regex: string): Promise<boolean> {
+    const count = await EmailBlocklist.knex()(EmailBlocklist.tableName)
+      .where({ regex })
+      .delete();
+    EmailBlocklist.invalidateCache();
+    return count > 0;
+  }
+
+  static async deleteAll(): Promise<void> {
+    await EmailBlocklist.knex()(EmailBlocklist.tableName).delete();
+    EmailBlocklist.invalidateCache();
+  }
+
+  static invalidateCache(): void {
+    cachedEntries = null;
+    cacheExpiresAt = 0;
+  }
+
+  /**
+   * Returns the first blocklist regex that matches the given email, or null.
+   * Results are cached in-process for up to 5 minutes to avoid a full-table
+   * read on every account registration. Writes invalidate the cache immediately.
+   * Note: auth-server and admin-server are separate processes, so a write via
+   * the admin panel may take up to 5 minutes to be reflected here.
+   */
+  static async findMatchingRegex(email: string): Promise<string | null> {
+    if (!cachedEntries || Date.now() > cacheExpiresAt) {
+      cachedEntries = await EmailBlocklist.findAll();
+      cacheExpiresAt = Date.now() + CACHE_TTL_MS;
+    }
+    for (const entry of cachedEntries) {
+      try {
+        if (new RegExp(entry.regex).test(email)) {
+          return entry.regex;
+        }
+      } catch {
+        // skip malformed stored regex
+      }
+    }
+    return null;
+  }
+}
diff --git a/packages/fxa-shared/db/models/auth/index.ts b/packages/fxa-shared/db/models/auth/index.ts
index 23382a29b39..a80abdd7481 100644
--- a/packages/fxa-shared/db/models/auth/index.ts
+++ b/packages/fxa-shared/db/models/auth/index.ts
@@ -28,6 +28,7 @@ import { SignInCodes } from './sign-in-codes';
 import { UnblockCodes } from './unblock-codes';
 import { RecoveryCodes } from './recovery-codes';
 import { RecoveryPhones } from './recovery-phones';
+import { EmailBlocklist } from './email-blocklist';
 
 export type PayPalBillingAgreementStatusType =
   | 'Pending'
@@ -265,4 +266,5 @@ export {
   UnblockCodes,
   RecoveryCodes,
   RecoveryPhones,
+  EmailBlocklist,
 };