At the moment, we are sending an email address verification email each time someone signs up. This email has been causing a number of problems: people don't get it, they just don't click the link in the email or the email gets block by spam or some other method. We are working on resolving the spam issue, although I don't think it's possible to completely resolve it.
I'm wondering what other methods there might be for verifying and email address. Is there any other way to verify an email address without sending an email? Or is there another method of ensuring people aren't signing up with fake information?
I'm not sure if there are other good methods, but sending an email and having them click a link is definitely the simplest and most accurate.
A main feature to sending that email, is for the person to verify that it's actually them that requested it.
The only way to verify someone owns an email address is to have him use it.
As for verifying users don't enter fake information - not even sending an email can help. With so many disposable/temporary email services out there (like GuerrillaMail) , someone can fill up your form with false info, post a temp email address, log to that address and click the link in your email - manually or programatically.
You have to trust your users to come back for your content, and ignore spammers.
strikeiron.com offers a paid web service to verify if an email exists without sending a message to that email. try it out here is the link: strick
http://www.strikeiron.com/Catalog/ProductDetail.aspx?pv=5.0.0&pn=Email+Verification
Related
Recently at work we had a debate about what could be the best way to validate an email address for a user, for handling cases where a user registers with a wrong email (say my email is andrew123#gmail.com and i put in aandrew123#gmail.com). We came up with this solution:
User register an email
An email for the registration is sent through AWS SES. If the mail goes in permanent bounce we set this user mail as "invalid"
When in cart checkout, if the user mail address is invalid an alert is shown, prompting the user to check and change the email address
However i still think that a better (and simpler) approach would be to just include and activation code in the registration email. I want to know your thoughts on this, since is really scratching my head :/
I created an application which uses SendGrid's Inbound Parse Webhook. Whenever someone emails "whatever#mydomain.com", the email goes to SendGrid, and then SendGrid hits our server with a POST containing the email's contents. We can then feed that email data back into our main application.
I have it all working. But now I do not know how I am supposed to authenticate the messages SendGrid posts to our server. Does anyone know the best course of action for doing this? Verifying that our inbound emails actually come from authorized users of our main application?
Obviously we can check the "From" address in the headers, but I've read that these can be completely spoofed. Apparently "dkim" and "spf", two attributes of the incoming mail from SendGrid, have something to do with authorization. But i cannot find anything in the documentation, or really anywhere else for that matter, that tells me how I should be consuming these "dkim" and "spf" fields to verify message authenticity.
If anyone has any help, general, specific, or otherwise.. It would be greatly appreciated. Thanks in advance.
Well. Since this doesn't seem to be getting a lot of traction I thought I'd post my own janky-ass solution to the problem, on the off chance that anyone else runs across this issue in the future.
Disclaimer: this could be total garbage nonsense. But it appears to be working all right.
Basically I ended up taking some critical contextual information about the original message that initiated the inbound email. We encode that information in the local-part of the "Reply To" address that we set up with the SendGridMessage. Then I encrypt the encoded local-part.
When SendGrid POSTs to our server with the inbound email, we decrypt the "TO" local-part and validate the result. If it decrypts successfully, we check the "FROM", and verify that they are an actual authorized user of our main application. THEN, we verify that THAT user in question has the correct permissions to edit the information associated with the original encoded local-part of the "Reply To".
Sorry if I have not understood something but (I believe) I have searched enough for this.
First things first: I have successfully set up my domain (mydomain.gr) which has been verified.
I have created a custom SMTP address (contact#mydomain.gr).
I have created a route which forwards everything sent at *#mydomain.gr to my personal Gmail address.
Test 1: If I send an email from an external address (something#something.eu) to contact#mydomain.gr it is forwarded to my personal Gmail. OK!
Test 2: If I send from contact#mydomain.gr to any external address (something#something.eu) I get the error Free accounts are for test purposes only. Please upgrade or add the address to authorized recipients in Account Settings. Of course the password is correct while sending. Otherwise another error is raised.
I think I have missunderstood some things...
So here comes my question:
How can I send email from my custom SMTP email address? (I do not wish to upgrade my account since this -free- Mailgun account will handle very small amount of emails. So, 10K are more than enough for me.)
OK. After some emails with the mailgun team I finally figure it out!
All I had to do was to upgrade my account (just enter credit card info). Now I can send email from contact#mydomain.gr to anyone.
Thank you mailgun!
I have also contacted Mailgun for the issue and get response back within few minutes:
This error occurs whenever utilizing either a sandbox domain or a free account without inviting users called Authorized Recipients.
Sandbox domains always require Authorized Recipients. With free plans, which are intended for test usage, all custom domains require Authorized Recipients. With upgraded plans, which are intended for production usage, custom domains no longer require Authorized Recipients.
Please take a look at the following Help Center article for more information about the Authorized Recipient process:
https://help.mailgun.com/hc/en-us/articles/217531258-Authorized-Recipients
Then I have add the Authorize Recipients and it works like a champ!
I'm new to quickblox MBaas and I would like to send out an email (to verify e-mail address) to a specific user when he signed up. Is there a standard procedure for this or a way to do this in Quickblox. Many thanks for your help.
There is no a way to do this for API users right now.
The cause of this solution is that it's quite hard sometimes for mobile users to verify an email. Just imagine a situation where user doesn't have a ready for use mail client on his device - then there is no a way to verify an email in this situation.
Other cause is that email verification can complicate your onboarding process.
It's possible to send a greetings email. You can setup it in Admin panel, Users module, Settings tab
I use an email registration and confirmation in my project (yes, I know about OpenID. In my counry, a main email service lacks it).
Sometimes users misspell their email addresses. I know about this due to "message could not be delivered" letters in a mailbox. A misspelled address is absolutely correct, because I check it with a regular expression - say, jon.doe#example.com intstead of john.doe#example.com. And I do not want to duplicate a email field in a registration form (who likes it?).
Request processing routine cannot wait for email delivery - it could take an unpredictable time. So, my script will return to user a confirmation message "An email was sent". And the user will wait for it forever (of cause, not - he/she will turn to an alternative project with a more perfect registration system).
Does someone knows how it can be improved (in any programming language)?
If you cannot wait for a response back from a confirmation e-mail, I would display a yes/no message box confirming their e-mail (i.e Send e-mail to jon.doe#example.com?) before sending the e-mail. While your at it, you can check to see if the e-mail is a duplicate as well.
If no duplicate found and they click "Yes" then send the e-mail. If not, ask them to re-enter the e-mail address.
With this approach you have gone above and beyond validating correct e-mail addresses since there are no services that will explicitly check for correct/valid addresses.
Unfortunately, there's no canonical way to spell anything in an e-mail address and no way to check programmatically whether it's spelled correctly or not. The only tool that can confirm the correctness of a valid e-mail address is Eyeball 1.0, which runs client side.
You can try the SMTP VRFY on the server but most won't reply with anything valuable. Most will simply say "go ahead and try it" because returning something useful would be invaluable to spammers.
You can always check the domain name with a DNS lookup but the only way to check an email address is to send a message.
Try to have the user type his email twice with an email confirmation field (as for the password).
EDIT : Anthony's idea is good too.
For user parts of email the only thing I can think of is using:
MX lookups (if mail provider doesn't block them... since that can be abused to filter email lists)
Requiring user to enter email twice to ensure he doesn't misspell user portion of email
As for domain part of email, take a look at this:
AngularJs directive to offer suggestions for misspelled emails?
It helped me to reduce bounce for misspellings like gmai.com and gmail.con.