[Suggestion] Check Email Address Validity before registering

[W13]

I found this and was pretty impressed with it: http://www.howtocreate.co.uk/php/dnld.php?...=4&action=1

Here's the snippet:

/**************************************************************** Email address validation script v2.1.1 Written by Mark 'Tarquin' Wilton-Jones - 26-28/01/2004 Updated 12/02/2004 to allow all valid email address formats and improve RFC compliance, and use MX record weightings Updated 09/05/2004 to allow Norwegian characters ****************************************************************** Please see http://www.howtocreate.co.uk/jslibs/termsOfUse.html for terms and conditions of use. Requires PHP 4.0 (min) with support for Perl compatible regular expression functions. Windows (NT/2000/XP) installations will need to provide the getmxrr function - see: http://uk.php.net/manual/en/function.getmxrr.php This is superior to regular pattern matching email address validators, because it actually attempts to contact the relevant mail exchange servers to prove that the email address actually exists. Note that some mail exchangers will accept all usernames, even if the username does not exist as a valid email user. This script accepts all valid email address formats, including: "any @ characters\\\" < that> you !%$& want"@mailDomain.com It will check each available server until one permits a connection. It then attempts to initialise an email to the specified email address. If the server accepts the email, it is cancelled, and the email address is assumed to be valid. If the server rejects the email, the email address is assumed to be invalid. WARNING: the check will show the email address as invalid if all available MX servers are offline or are busy, even though the email address may be valid. I plan to add functionality to show temporary failures like these in version 3 (I have not yet planned when to write or release version 3). This library provides one function: mixed checkEmail( string email_address[, optional boolean debug] ) The function can operate in two modes; 1) email validating: boolean valid_email = checkEmail( $email_address ); 2) email validation debugging: Array( boolean valid_email, Array debugging_messages ) = checkEmail( $email_address, true ); A typical use of the validating mode is to use: if( checkEmail( $email_address ) ) { // use mail() to send the email ... } else { print 'Your email address is not valid'; } A typical use of the debugging mode is to use: $return_msgs = checkEmail( $email_address, true ); foreach( $return_msgs[1] as $debug_msg ) { print htmlspecialchars( $debug_msg ).'<br />'; } print $return_msgs[0] ? 'Email address seems to be valid' : 'Email address does not seem to be valid'; ________________________________________________________________________________ ____________________________*/ function checkEmail( $email, $chFail = false ) { $msgs = Array(); $msgs[] = 'Received email address: '.$email; //check for email pattern (adapted and improved from http://karmak.org/archive/2003/02/validemail.html) //incorrectly allows IP addresses with block numbers > 256, but those will fail to create sockets anyway //unicode norwegian chars cannot be used: C caron, D stroke, ENG, N acute, S caron, T stroke, Z caron (PHP unicode limitation) if( !preg_match( "/^(([^<>()[\]\\\\.,;:\s@\"]+(\.[^<>()[\]\\\\.,;:\s@\"]+)*)|(\"([^\"\\\\\r]|(\\\\[\w\W]))*\"))@((\[([0-9]{1,3}\.){3}[0-9]{1,3}\])|(([a-z\-0-9

<?php

[alj]

1

[3DKiwi]

Me to.

[Brett B]

Great idea (although I'd like some more information as to what it does).

[MAGZine]

I could see that. You start off by agreeing to the license agreement and confirming your email address.
It sends you a link to a place to complete registration, probably using some type of secure token.

I like that idea. Would be a change.
Might be nice to have this featured toggled on/off, though.

[Master_Odin]

Though, I was reading the description in the file and if it rejects an e-mail address if the server is busy, then that could be a problem as that would make it that much harder for a member to register <_<

[atomicknight]

Well, if you're using e-mail validation, then the registration would fail anyway. But if you look closely, it actually returns the errors themselves if something doesn't go correctly, so you could decide to proceed even if the server was busy (i.e. the decision to finally send the mail depends on what conditions you impose on it independently of what the script actually does).

[Brett B]

We need to avoid making registration for people difficult (especially the tech. challenged). Registration should be quick, simple, and at the same time valid. Having to follow through with this and that just turns people off, especially those who will not persevere to join your board.

[blackfalcon]

Even though I have honestly no idea what I just read, I will stick with the crowd.
+1

[W13]

We need to avoid making registration for people difficult (especially the tech. challenged). Registration should be quick, simple, and at the same time valid. Having to follow through with this and that just turns people off, especially those who will not persevere to join your board.

If you're registering and you type in, bob@hotmil.com instead of bob@hotmail.com currently the registration system wont tell you.

Also- this will actually reduce mistakes and make it EASIER to register by only having ONE email field (rather than the current: two)

-----

It can work like this:

- User enters their email address.
- It is quickly checked for validity using the above script. (all this happens using Ajax)
- If the server is busy or it gets rejected, a SECOND email field is presented to the user (the way it is right now).

[sunrisecc]

You are assuming that bob@hotmil.com is not a valid address. What happens if it is? The double entry is still required.

[atomicknight]

I don't see why you can't combine the two. Just keep the double entry and then send the request if they match. If the request succeeds, then you're at least as well off as you would be without the additional verification. If it fails, then you may be able to catch incorrectly typed e-mail addresses.

[krocheck]

I like this and I do not like this.

Like:

• E-mail validity is checked before submission
• Will LIKELY catch spelling errors
• Will LIKELY catch fake registrations
  

Dislike:

• Certain ISPs/e-mail providers have open domains. The server accepts all e-mails and discards ones w/o an inbox.
• Server MAY be experiencing an outage (it happens)
• Servers MAY not respond properly to such requests
• Does not verify ownership of that account
  

Okay, so given that, what is my take on how such a feature could be implemented w/o harm to existing registration systems.

1) Provide more registration validation options:

• None
• User e-mail validation
• User LIVE e-mail validation
• Admin validation
• User e-mail then admin validation
• User LIVE e-mail then admin validation
  

2) Any live e-mail validation can fail over to a traditional e-mail validation if the user experiences problems.

3) LIVE e-mail validation does not replace traditional e-mail validation routine since LIVE validation does not prove ownership/control of that account.

Do I think this is actually a good thing to implement? Not really. I believe that you will get a decent amount of 'false positives' (e-mails that exist but are rejected OR emails that don't exist but are validated). Add to this user confusion that may result over their e-mail being rejected and having to check a box or something to continue. It creates a very defensive stance for the site that legitimate users who are affected may give up and not finish registration. I do understand the need to filter unwanted people out, but adding this doesn't fix that problem. The functional thing this provides is a way to verify that a person hasn't made a spelling mistake ... but that's why we have them type it twice AND run a live comparison.

So. This is a very noble idea, but I don't see a real benefit that outweighs the associated costs.

Keith