The question is, does blocking Tutanota reduce total fraud, or does it just make fraudsters to move to a different email hoster and you end up with the same total fraud?
Real-world ecommerce systems often end up with quite a long list of email domains that either provide some weight to a "fraud or not?" algo, or are outright banned.
You don't just block tutanota, you block a big, long list of high-abuse email sources, periodically updated.
It surprises me that this would be effective, since setting up an email host that's just capable of receiving emails should be trivial.
Then again, maybe I am overestimating fraudsters, and by blocking email hosts that make it too easy to sign up you can get rid of a significant chunk of them...
Their game is high-volume-low-cost/effort, which I think is the main reason that this approach does significantly cut fraud volume (admittedly at, typically, a tiny cost in lost sales).
A lot of them are just stuffing stolen credit card numbers to try to find which ones still work, anyway, so they don't care about breaking into your system in particular, they just want to find any system that will let them attempt a charge. If they're finding enough of those using cheap or free anonymous accounts from low-credibility email address providers, they have no reason to spend more time or effort on it.
Blocking these providers doesn't mean you won't still see better-targeted fraud attempts, but it cuts down on a ton of the low-effort but high-volume automated crap—and that stuff can kill a merchant payment processing account in a weekend, if you're not pretty good at blocking it.
But that is hardly relevant.
The question is, does blocking Tutanota reduce total fraud, or does it just make fraudsters to move to a different email hoster and you end up with the same total fraud?