How to weed out bad emails (in php)?
https://stackoverflow.com/questions/1778294
-
21-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a site where users register for an account. I have an internal communication system, that sends them an email when they get a private message. I dont force people to confirm their email, so naturally, many enter a fake address.
When they get a PM, it tries to send them an email, but obviously fails, so it keeps retrying and retrying. After a few weeks, the retry queue gets quite big, and it affects server performance (I also dont wanna get blacklisted for all these attempts).
What can I do to solve this issue (other than force people to confirm their email upon registration).
Solution
If you don't want to force people to confirm their email because if something goes wrong, they can't access their login straight away, why not do something like this:
If they haven't confirmed their E-Mail, don't send PMs, but show them when they are logged in instead. Remind them to confirm their E-Mail.
If they have confirmed their E-mail, send them out.
But anyway, your scenario sounds like a server misconfiguration. Why would a mail server keep re-sending mails that it got a "not deliverable" message for? As far as I know, re-sending mails only occurs when the receiving host was not reachable for technical reasons.
OTHER TIPS
You really should just require confirmation.
Short of that, you can deactivate users whose emails have bounced a certain number of times, and require a new email at next login.
It will be hard without verifying, but you can at least verify the domain it's coming from:
Option 1: Use getmxrr to search for MX records on their hostname
Option 2: Use checkndsrr to check their DNS info
But all these really do is check the validity of the domain, and whether it's running a mailserver. To get real authenication a confirmation is the best way. You could also implement a tool to send out a test email, and see if it bounces back. But this method may not always work as expected, because of variations, some servers it's instant, others it can be a day later to return an undeliverable email.
I hope this helps.
consider having a checkbox so that people can opt-out of email notifications. if they do not enter a valid email address, it is surely because they do not want to receive emails in the first place, so let them tell you.
additionally, you may consider having an opt-in system, where people will not receive email notifications in the first place and have to enable it somewhere in their account settings, providing an email address at this moment. this way, the number of fake email addresses will be reduced to near zero.
