Jump to content

Admin email validation for specific email domains

Guest gweilo8888

Recommended Posts

After dealing with some spambots that had made it onto my site today, I got to thinking.

Most of us know the familiar problem well. We don't want to require "User then Admin validation" for all of our members, because it will inconvenience the members themselves (many will leave, never to return, when they find themselves still unable to post, after registering and validating their email address). "User then Admin validation" is also simply too much work for our admins on a large, popular forum.

Thing is, without the admin oversight, we're getting simply too many spambot signups. Some from obvious domains like cashette.com, or IP blocks from countries like (say) Russia, are easy to prevent with an email or IP address ban. There's one major problem though - there are a handful of domains that are used frequently by spambots, who can easily circumvent both Invision's email validation and "Script/Bot Flood Control" - but those domains are used by too many of our legitimate users to completely ban them. I'm talking, of course, about Gmail, Hotmail and Yahoo. (I'm sure that there will be similar sites others don't want to completely ban, for similar reasons.) Likewise, banning access from an entire country is a bit extreme - basically we're throwing the baby out with the bath water.

So - we know the problem... What can we do to solve it? I got to thinking, and here's what I came up with. Extend the "Manage Ban Filters" section so that as well as the ability to completely ban an email domain or IP range from subscribing, we can also select individual email domains or IP ranges for more rigorous validation. In this way, we don't inconvenience most of our users, and we don't create as much validation work for our admins.

The changes in the admin interface would be fairly minimal. Next to the "IP Address / Email Address / Name" dropdown, make another dropdown for "Action" - either ban, enable "user then admin validation", or enable post preview, would seem to be the best starting choices to me. The user then signs up as normal, and after their email address is validated, they're told "sorry, but because you're [using a free public mail service / signing up from an IP range] that's used by a lot of spammers, we have [required admin validation / required moderator preview of posts / whatever we did]".

Only the smallest possible group of users is affected, only the smallest extra workload possible for admins is added, and only the minimum of change to the Invision interface we're all familiar with - but a powerful new feature for all of us.

I really hope the great folks at Invision will consider this change! :)

Link to comment
Share on other sites

...which brings up the question - if somebody at IPB decides a feature is worthy of addition, will they reply to the thread and let us know (so we don't decide to pay somebody to make the modification for us)!

Yes, we usually are told. :)
Link to comment
Share on other sites

  • 1 month later...
  • 3 months later...

That's a great idea, but I don't like the way you suggested it be set up.

I think it would be far easier to leave the validation settings exactly as they are, but have a setting for "Domains exempt from admin validation." Say, one domain per line. That way you could ban everything, and then allow those you know you can trust.

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 months later...


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...