Email Verification process

AndyII

AndyII

Verified User
Joined
Oct 3, 2006
Messages
571
I know I have discussed this with a couple people, we do use the SPAM email database to filter out the known spammers emails but.....
does anyone know of a way or a method, or a script that would first test the potential member/user/? email address to check if its even a valid email address?
some of our sites get way too many fake email signups and eventually get returned to us as undeliverable.
Yes I can just keep hitting 'Delete' or move them to ignore, but I would like to see a system that validates the email and if not real either returns them back to the signup page or gives them a message like
"Try Using a Real Email Address, Your Not fooling Anyone Here""
I know sometimes its better to let them think they succeeded but man Id like to slap them upside the head:mad: LOL.
one of the sites we even state in BIG BOLD letters that fake emails will not allow for any free downloads, as the email will contain the download link, think that stops them? nope,:confused: most return ( if they really want the free software) to signup again, this time with a valid email :rolleyes:

some say that such a system may be too heavy on the system if there were a bunch of signups?
any thoughts. ideas. or you can also scold me if ya like lol
 
AndyII said:
I know I have discussed this with a couple people, we do use the SPAM email database to filter out the known spammers emails but.....
Click to expand...
I'm not sure what you mean by the SPAM email database.
does anyone know of a way or a method, or a script that would first test the potential member/user/? email address to check if its even a valid email address?
Click to expand...
The verify = sender setting in the SpamBlocker exim.conf file, when uncommented, gives some protection (it's at Edit#38 in my distribution) but not much.

Because it actually checks to see if the sender exists only for local domains. For non-local domains it only checks that the domain of the sender has a mailserver and that it can be reached.

There are workarounds, and if you can't find one using Google you could ask on the exim-users mailing list, but checking to the email address is a controversial issues; spammers can misuse it to build lists of valid email addresses. As a result many mailservers disable the function which lets you check, so then the only way to check would be to actually send an email to every recipient. Which could easily make yoou the spammer.

I'd like to offer an email solution with recipient-level whitelists and blacklists, but they'd require a lot of manual intervention and probably wouldn't be of much help for that reason. And they're very complex, so I haven't tried. If I do offer it, it will likely be in an Enterprise Email solution, and not for the DirectAdmin exim.conf file.

Jeff
 
Hi Jeff, your one of the ones I have chatted with about this :)
we do use in WP a spammers list thats updated, that checks against known spammers, (stopforumspam)
using Real Time anti-spam lists. and many others
but you know these guys are relentless, they have a bunch of email address in their pocket and when one gets sent to the known spammer list, they just pull out another one :(
so whats left? well the ones that try by using some random generated email, some even get smarter and use a .gmail, or .hotmail, .yahoo and you cant just block those domains.....
so what In really looking for is that quick 'hello' and does the email box really exist.
of course this wont end or resolve the issue but every little bit helps.

My partner and I have a fairly active and well liked site dealing with a classifieds scripts and the forum we belong to has 1000's of users so we are the ones they come to for help or a new feature, plugin, theme.....

years ago when mail lists were the thing and not much was said about using them, we had a MS app that would takes 1000's of emails and filter them for bad, obsolete, or fake addresses. (dont yell, was sort of ok at one time lol, and Totally taboo now )
 
Did I miss somewhere in your post that you were writing not about our email solutions, but rather about the need for a Wordpress plugin?

The same points I made apply. But if a plugin exists which will attempt to verify posts by verifying that the domain name is real and accepts email, then that wold be what you're looking for.

And of course one may exist which will try to see if the username exists, but many email providers will say that all email addresses don't exist. So you may find that no one can post from a gmail, hotmail, or yahoo address.

How about requiring that only site members be able to post? And you can make sure members have replied to an email to become members.

Jeff
 
not specifically a WP plugin, and not about the email solution.
sites are setup to only regged members can do anything, its the amount of returned mail that cant be delivered and the admin alerts that someone joined but used a fake email address, we even state that invalid/fake/bogus emails will not work
 
Well there's this you can read: http://stackoverflow.com/questions/19261987/how-to-check-if-email-exist-online-using-php

But it's not entirely reliable as it comes down to connecting to the remote smtp server and try to prepare an e-mail; if that server doesn't accept the simple e-mail it may get rejected because of its form.

To me it seems the best way is to simple ignore/delete the returned mail and automatically delete accounts that haven't been activated within an x period of time.
 
Of course you do need the mailserver for the domain so you first need to do an mx lookup.

The first answer on that page should work; most servers will tell you immediately after the rcpt to smtp command if the recipeint doesn't exist: Servers running my exim.conf file return:
Code: 
550 No such recipient here
Which of course you can test for. But you'll need the php code for contacting the server and sending the commands.

The second answer is a link to: https://github.com/hbattat/verifyEmail

I haven't downloaded and looked at it but it's likely the php code to do the above.

The only possible issue is that you're opening an email session on a server. If the email address doesn't exist you get the error and then you can quit. But if the email address does exist and you just quit you're breaking the RFCs. So eventually, if you hit the same server often enough, and the admin of that server has set up a method of noticing you, you may eventually find yourself blocked, your email untrused, or possibly listed in the rfc-ignorant list.

What you cannot do is the smtp vrfy command.

Since it's used by spammers to build lists of valid email addresses, most admins (including my exim.conf file) disable it.

Jeff
 
You must log in or register to reply here.
Back
Top