Miscellaneous Hacks - Check E-mail Address Before Registration

This mod checks that the user supplied e-mail address is a real address before allowing registration to continue.

Even though we use Verify Email address in Registration, I still get tired of cleaning up bad e-mail addresses.

This mod integrates with the user registration process and performs the following tasks:

1. Syntax checking (configurable) to make sure what was entered is an e-mail address.
2. Looks up the MX records for the e-mail address.
3. Cycles through the mail servers by connecting to each mail server and tries to verify that the e-mail address is a valid address. The cycling stops as soon as a mail server returns a valid or invalid user.

Installation

Install the attached xml product file. The product is active at installation and most sites should run fine with the default settings.

If you run the default configuration, e-mail addresses will be rejected when:

• Syntax doesn't look like an e-mail address
• MX record or A record does not exist for the e-mail domain
• A mail server reports that the e-mail address is invalid

If you run the default configuration, e-mail address will pass when:

• Syntax looks like an e-mail address
• MX record or A record exists for the e-mail domain
• All mail servers timeout or a mail server reports that the e-mail address is valid.

Configuration

This mod is managed from the vBulletin Options -> User Registration Options page. The following options are added to the page:

• Validate Registration E-mail Addresses - Enter a regular expression to use when validating e-mail addresses. Leave the field blank to disable validation. The recommendation is to use the default value.
• Treat E-mail Address As Valid If All Mail Hosts Timeout - If all the mail hosts timeout, should the e-mail address be treated as valid?
  
  NOTE: Changing this to no will reject valid users when your hosting provider doesn't allow fsockopen calls or when the timeout value is too short. The SMTP RFC's allow for a connection request response wait time of up to minues, since this test is real-time with a waiting user, waiting minutes is impractical. Just because a host timesout doesn't mean the host is not there.
• Mail Host Timeout Value (Seconds) - Length of time to wait when trying to open a session with a mail host.
  
  NOTE: Don't set this value too large, if a domain has more than one MX record, the user will have to wait for each connection attempt.
• Does This Host Support fsockopen? - A PHP fsockopen call is used to try and connect to the remote mail servers. Some systems may not support or block these calls. With the value set to Yes, the connection attempts will timeout. GoDaddy's Shared Hosting is an example of a hosting provider that blocks outbound connection attempts.
  
  With this value set to no, the system will try to look up the MX records, but will not attempt to connect to each mail server.

[echamberlain]

Quote:

Originally Posted by hornstar1337

Just one question tho what happens if the mail server is temporary down?

If you are running the default configuration, and there are no other mail servers listed in the MX record, the e-mail address will be accepted. If there are other mail servers, they will be tried.

Note that sometimes backup mail servers will accept mail for any user *@domain.com, so this method is not perfect.

But it should catch the fake hotmail, yahoo, and gmail accounts.

I installed this mod in my production environment right before I posted it and my bounced activation mail is already down 80%.

[popowich]

Nice hack. How about making the "contact us" a link in the error message?

-Raymond

[MaestroX]

Very nice, thankyou

[Barakat]

thanks a lot

[msimonds]

I installed this and tried to register with a fake email address from my own domain and it still allowed me to register

I thought that it validated emails to see if they were good before allowing registration?

[msimonds]

I also tried again to register with an invalid yahoo account and it is not working

[bitdefuser]

Yea, if you enter a valid domain such as yahoo.com, it lets it go. However, if you enter something like 1210@adsasdasd.com , it's invalid.

It's still a nice product though. (I think it lets it go because of the '2' seconds setting in the options. It said that if it timed out, it lets the registration go.)

[echamberlain]

Quote:

Originally Posted by popowich

Nice hack. How about making the "contact us" a link in the error message?

-Raymond

I was thinking about adding that. I haven't written any mods that pass variables to error phrases, so I would need to do some research.

[echamberlain]

Quote:

Originally Posted by msimonds

I installed this and tried to register with a fake email address from my own domain and it still allowed me to register

I thought that it validated emails to see if they were good before allowing registration?

Acording to the forum, you don't have it installed.

As I listed in the instructions, whether an e-mail address is rejected or not depends on a lot of factors that are outside of the controll of vBulletin.

Some things to check would be:

1. Does the host running vBulletin support fsockopen?
2. Check if your mail server has an answer delay that exceeds the mod timeout.
3. Check if your mail server is configured to reject mail as soon as an invalid user is specified in the MAIL TO field or if it will still accept the message.

[Phooey]

Awesome. *clicks install*