Have you considered using the perl module Mail::CheckUser or something similar to check for valid e-mail addresses during registration. I have some code like the following in my current registration set-up:


It works quite nicely and you can bypass the emailed validation step. Returns the reason for the error to the user. It has competely stopped the use of false or incorrectly formatted e-mail addresses for me. The only potential drawback is if Mail::CheckUser can't connect to the users email server, but you probably don't want people siging up with an address from those server anyway.

Would make a nice additional option in the set-up.

cheers,
Michael Coyne
seaturtle.org

That can't take the place of the email validation.

The purpose of the validation is not to check the email format but to check you own the address.

Good point! How about just as an additional check then to make sure that users don't accidentally enter an incorrect address?
Michael Coyne
seaturtle.org

In the form field add:

onsubmit="return is_email(this);"

...then add this javascript in the head....


Change email_field to the correct field name.

Hope that is what you were looking for.

Sorry, one of us may be misunderstanding the other. Wouldn't be surprised if it was me I'm not looking for an answer, the code I showed works for me in my home-rolled registration script. I was just suggesting that something similar be incorporated into GComm.

cheers,
Michael Coyne
seaturtle.org

Hi Michael,

Thank you for your information.

My host company doesn't have this module, I can't use all the function. But I do take some of it's codes to check if users' emails addresses are valid or not. It works nicely.

Michael:

Hey- thanks for that useful snippett!

Wher do you put that in in GComm?
dave

Big Cartoon DataBase
Big Comic Book DataBase

I haven't tried to put it into GComm, I was just suggesting that it be incorporated. I use it in my own account creation script.

At the very least it reduces the admin workload as bad addresses will be automatically rejected. Requires no intervention.

cheers,
Michael Coyne
seaturtle.org

Could it be used as a global? if so - how would you call it? when people submit I take it?

Would something like <%check_email($Contact_Email)%> be possible to make work?


Klaus

---

http://www.ameinfo.com

OK, I will play with it, and see if I can get it to work for GComm!

I have been looking for something like this for a LONG time!
dave

Big Cartoon DataBase
Big Comic Book DataBase

Paul:



I read the synopsis of the module, and it looks like it performs a validation check before it checks whether the address is in use. The writer does confess there can be false positives, and recommends setting that are a bit conservative- probably a good idea! But I think both methods of validation (the regex AND checking to see if it is a valid address) would be ideal as a two tiered approach to keeping out bad -mail addresses...

(I got one the other day for F***you@upyours.com- a valid e-mail address syntax-wise, passed the regex, but obviously not a serious address. I also get a LOT of addresses like www.name@aol.com... and I have added my own regex's to take care of those- I get one a week! All from AOL!)
dave

Big Cartoon DataBase
Big Comic Book DataBase

Yes, a two (or even three or four) tiered approach is definitely the way to go. I check several things before allowing a user to continue, including the validation check you see above and a plain old regex check for a valid e-mail format.

FWIW, I also noticed the cautions espoused by the author of the email validation module and tried some tests first. I ran the validator through every one of the 4000 or so registered users in my existing database and the only one's it flagged were truly bad addresses. There were no false-positives. Not bad considering that I have a very international membership, including many from underdeveloped countries. Since I've started using the module I've not had a single user complaint that they weren't able to register because it wouldn't accept their e-mail. I also don't receive registration confirmation bounces, which used to come at a pretty regular interval.

Hope that helps.
Michael Coyne
seaturtle.org

mcoyne:

This is SWEET!!!! I popped it into GTComm with very little editing, and it works like a charm.

It does make a little delay in the signup process- one that is to be expected, considering what it is doing... mabe 5 seconds, so nothing too offensive.

I have other sign-ups, I will add this to thoise on other sites!

Thanks for making me aware of it.
dave

Big Cartoon DataBase
Big Comic Book DataBase

Care to share the details of how you did it?

Klaus

---

http://www.ameinfo.com

Klaus:

Happily. First, open /private/lib/Community/User.pm

Go to cuser_email_isinvalid, and change it to this. (Note remove te Plusses- I just put those in so you could see what was added!)

Code:

sub cuser_email_isinvalid {

# -------------------------------------------------------------------

my $email = shift;

(defined $email and length $email) or return 1;



+ use Mail::CheckUser qw(check_email last_check);

+ if ($email and !check_email($email)) {

+ return 1;

+ }



return ($email =~ /^.+\@.+\..+$/) ? 0 : 1;

}

Very easy. Just make sure you have the Apache module installed!


dave

Big Cartoon DataBase
Big Comic Book DataBase

I'm not a big fan of this type of validation as it can reject valid email addresses. I'd rather the user receive an email and click on a link to validate it, then a valid user get upset because his email address gets rejected.

Cheers,

Alex
--
Gossamer Threads Inc.

Thanks Dave...

Klaus

---

http://www.ameinfo.com

Klaus:

Not a problem. While I differ with Alex on opinions about this, I do respect his opinion. Please let me know if you run into ANY problems with this, and I will do so for you.

Thanks!
dave

Big Cartoon DataBase
Big Comic Book DataBase

He has a good point though. Email verification (meaning sending an email to their address) is pretty much a fool proof method of verification, whereas actually verifying the format of the address has several flaws.

Paul:

Yes, he does... and I do respect his opinion, and that is why I will watch this pretty closely. However, in MY instance, adding this will help me. I get 10-25 bounced e-mails a DAY from inactive or non-existant account. Not that many, but enough to annoy me.

If I can get some of that out of my e-mail box, I will be happy!
dave

Big Cartoon DataBase
Big Comic Book DataBase

Fair enough

Alex,

It's a multi faceted thing here, going back to some old discussions about catching bounced mail.

1) make sure the user typed a correct email address --
a) have them type it twice (many sites are doing that now)
b) use a javascript or other regex checker for validity -- risky, small potential to reject good addresses

2) make sure the user typed/entered a valid email server --
-- this has *many* problems, since not all email servers respond, or respond properly -- or accurately.
-- it does screen out hosts that are "not found", and is probably it's only *real* use.

3) make sure the user entered a valid email -- and their own email address
-- this is the current email validation, click a link, enter a code, and be "registered".

Each of the methods has purpose, but using all 3 together can help screen out as many bad email addresses as possible, and only the #1b can cause "problems" by rejecting a real email address that just looks bogus.

Using 1a + 2 + 3 can really limit the number of bad emails, and cut bounces and problems. 1a and 2 can also let the user correct and catch mistakes they may have made. Once you get to #3, only the system operator (Links owner) will know there was a problem. The potential user never sees the validation message, or bounces.

Do you see any problems with this?


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.

Currently Community supports:

1. Optionally, asking the user to enter the email address in twice, and it makes sure (not in Javascript), that the emails entered are identical.

2. Optionally, checks the email address against a regex to make sure it looks valid (i.e. contains an @ sign, and is of the form something at something dot something).

3. Optionally, sends the user an email with a validation link they must click on which tells the system it is able to send them email.

Cheers,

Alex
--
Gossamer Threads Inc.

Hi,

Right.

The two differences are, drop the regex check, which just about only catches aol users <G> and add in the back-end contact the email server, and see if the host exists and accepts mail.

This satisfies most of what the thread above was doing/asking (cutting failed email), as well as your concerns about not rejecting a valid email address by a regex that isn't smart enough.

My question, in putting the two together, is does that create any problems (specificity vs selectivity) of valid email addresses (where a "valid" email address has three components -- a valid regex check _AND_ a valid host server to accept the mail, _and_ then a valid user who validates the membership).

The point is to cut the amount of failed deliveries, and bounced mail, not just make sure the user entered an email address they owned.

This has to take place _before_ the validation email is ever sent.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.