TalkPHP - View Single Post - Checking valid Email Addresses using RegExp (and?)

ReSpawN · 01-01-2008, 05:31 PM

Long one, so here we go.

Quote:

Originally Posted by Alan @ CIT

Out of interest, why would you need such a stringent e-mail address check? Assuming that you want it to be a correct e-mail address so that you can e-mail your users, it might be worth implementing an e-mail confirmation system where you e-mail your new registrations and they then click the link to confirm their e-mail. This would catch the people who just enter junk but regex valid email addresses (ie, bill@microsoft.com) when registering.

Unfortunately, a problem I ran across recently was users using sites like MintEmail - Disposable/Temporary Email Address (temporary 4hour throwaway e-mail addresses) when registering - short of banning all these domains I have yet to find a solution to this.

Alan

I've indeed heard of it. Honestly, I couldn't care less if the program was used. My site / CMS and others will be used to gain more free roam over the personal page. Thus confirming your account with an activation key. Second, if programs like MintEmail are used, I can also filter those out.

People who use my CMS want HONEST customers/people. If you don't like it, don't register.

Quote:

Originally Posted by Wildhoney

To start us off, you probably want {2,6} at the end because of the .org.uk and .museum extensions. It seems to function pretty well for me, though.

Thanks, I ran across it a few days ago and I've already implemented it.

Quote:

Originally Posted by Aaron

Why go so far to check to make sure the e-mail is correct?
There is only so far you can go until it is just a bother to users.
I suggest reading some articles people have made on image protection, you would find them interesting, and valid to this subject.
If you want to be a wise ass, check to make sure the domain they are registering is actually a domain. This can go farther than regex.

Because I need to send activation keys? Else there is NO point in registering. Image protection has already been implemented. I am a wiseass. I am using the checkdnsrr function on a A and MX basis. For the administrator, this might slow the CMS, so he can either choose to use it uppon installation, or not. It can also be turned on/off in the admin as well.

Quote:

Originally Posted by TlcAndres

Here I've compiled a list of the most popular dispoable emails it's already in an array for easy use...it'll be easy enough to check the email's domain against the array.

PHP Code:


			
$bannedEmails = array(
                    'cosmorph.com',
                    '10minutemail.com',
                    'dodgeit.com',
                    'dontreg.com',
                    'e4ward.com',
                    'gishpuppy.com',
                    'haltospam.com',
                    'jetable.org',
                    'kasmail.com',
                    'mailexpire.com',
                    'maileater.com',
                    'mailinator.com',
                    'mailnull.com',
                    'mintemail.com',
                    'mintmail.com',
                    'mytrashmail.com',
                    'nobulk.com',
                    'nospamfor.us',
                    'pookmail.com',
                    'shortmail.net',
                    'sneakemail.com',
                    'spam.la',
                    'spambob.com',
                    'spambox.us',
                    'spamday.com',
                    'spamfree24.org',
                    'spamhole.com',
                    'spaml.com',
                    'spmagourmet.com',
                    'tempemail.net',
                    'tempinbox.com',
                    'temporaryinbox.com',
                    'willhackforfood.biz',
                    'willselfdestruct.com',
                    'wuzupmail.net',
                    '6url.com',
                    'greensloth.com',
                    'mailmoat.com',
                    'spammotel.com',
                    'emailias.com',
                    'zoemails.com',
                    'netmails.com',
                    'xents.com',
                    'mailshell.com',
                    '4warding.com',
                    'walala.org',
                    'ipoo.org',
                    '2prong.com',
                    'spamex.com',
                    'bugmenot.com',
                    'despam.it',
                    'wh4f.org',
                    'emailwarden.com',
                    'blockfilter.com',
                    'yopmail.com',
                    'litepost.us',
                    'pourri.fr',
                    'disposeaMail.com',
                    'slaskpost.de',
                    'sofort-mail.de',
                    'mailexpire.com',
                    'spamfree24.org',
                    'spamfree24.eu',
                    'spamfree24.net',
                    'spamfree24.info',
                    'spamfree24.de',
                    'disposable-email.com',
                    'footard.com',
                    'theanonymousemail.com',
                    'oneoffemail.com',
                    'notyetemail.com',
                );

Pretty solid! Thanks for the advise.

Quote:

Originally Posted by Alan @ CIT

The main reason for ensuring a correct / working e-mail address is for marketing. A valid e-mail address is like gold nowadays whether you plan on selling the addresses, sending out adverts in your usual newsletter or just as a future resource.

One effective way of achieving this and one I plan on using more in the future is to scrap login names completely and have users login using their e-mail address / password. If you want to take this one further, you can send a randomly generated password to the e-mail account on registration rather than let the user choose their own. This way your mailing list is going to be about as accurate as it can be.

But... as usual - those lovely users of ours have solved this problem already: :)

Bugmenot.com - login with these free web passwords to bypass compulsory registration

Alan

On the first paragraph, Alan knows EXACTLY what I am talking about. The second paragraph goes on about using an email address as a login feature. I like it, but it's not solid as well. More safe, yes, but it directly displays the email address to the system and can be used for any number of hacks.

BugMeNot.com is a fair site, for sure. I've heard about it but never tended to use it. It's English and most Dutchmen are really against registering on foreign sites. I on the other hand, am not.

Quote:

Originally Posted by Wildhoney

That was on Digg's front-page the other day, wasn't it? As part of a bigger article. I remember! I don't mind signing up too much so as long as it's actually worth it. Making me sign up for some trivial and pathetic reason just doesn't cut it with me, and I am often very cautious as to giving them my e-mail address.

Talking of which though, concerning the code, I only check for the basic email structure. I'm not so particular as to craft an extensive regex string because at the end of the day, it could still be a false email address. There is a function called checkdnsrr but I remember having some problems with that. You'll really need to check both MX and A records, as relying on the MX record being present is not a good idea, I found. For whatever reason, I am not sure on the specifics.

The best way is to really enforce users to activate their account. That way at least the email address has to be a valid email address. Whether that's a spam address (such as the notorious mail.ru spam), is immaterial because that's the responsibility for another part of the system, though predominantly that responsibility lies at the fingers of the users and the administrators.

Actication and the checkdnsrr has been implemented. Once again thanks for the advice Adam.

Mark