•  23-06-2022
  •  | 
  •  

Question

I'm creating a newsletter subscription app. I want to implement email verification to prevent spam/bot signups (well, at least so I can delete them afterwards). I've been struggling with confirmation key but though of a simpler solution:

  1. User clicks submit -> is inputed into database (verified = 0)
  2. User receives generic email ("Click me to verify") -> Verified page (verified = 1)

Would this work? Are there any potential issues which might come up?

Was it helpful?

Solution

If your problem is Spam Bots, you should use CAPTCHA: http://www.google.com/recaptcha This will help you against most of them.

Your solution is good, if you want to prevent random user using the site, the problems that it solves is that user must put some effort in to it.

Also if you want to save some bandwidth, you can realy go in to email checking: http://www.serviceobjects.com/blog/hot-topics/email-validation-whitepaper/

Hope it helps

OTHER TIPS

you keep captcha protection, it will reduce the bot attacks by many times. And the solution you choose is totally fine.

That seems like a fine solution. Then test to make sure the user is verified before sending.

Yes this is good email verification solution, but won't solve problem with spambots to signup.

Yours solution is good, but you will send email before validation. It's not always good. If I want to abuse your system I just can submit lots of nonexistent mails to yours registration form. And you will be blocked from main email services. To prevent it you can do email verification before sending email, at least you can check MX records existence or you can integrate with external email validation api. Anyway - you should check email address before sending to avoid bounces.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top