views:

104

answers:

4

I have a site where users register for an account. I have an internal communication system, that sends them an email when they get a private message. I dont force people to confirm their email, so naturally, many enter a fake address.

When they get a PM, it tries to send them an email, but obviously fails, so it keeps retrying and retrying. After a few weeks, the retry queue gets quite big, and it affects server performance (I also dont wanna get blacklisted for all these attempts).

What can I do to solve this issue (other than force people to confirm their email upon registration).

A: 

You really should just require confirmation.

Short of that, you can deactivate users whose emails have bounced a certain number of times, and require a new email at next login.

eyelidlessness
call it paranoia, but i HATE giving out my real email to everywhere.
RCIX
Plus, the guy said "other than confirming the email", so -1
RCIX
Keep a separate email for that purpose?
eyelidlessness
RCIX, I provided a solution "other than confirming the email", so what the hell?
eyelidlessness
Really unnecessary downvote. +1 to even it out.
Pekka
A: 

It will be hard without verifying, but you can at least verify the domain it's coming from:

Option 1: Use getmxrr to search for MX records on their hostname

Option 2: Use checkndsrr to check their DNS info

But all these really do is check the validity of the domain, and whether it's running a mailserver. To get real authenication a confirmation is the best way. You could also implement a tool to send out a test email, and see if it bounces back. But this method may not always work as expected, because of variations, some servers it's instant, others it can be a day later to return an undeliverable email.

I hope this helps.

Jeremy Morgan
+3  A: 

If you don't want to force people to confirm their email because if something goes wrong, they can't access their login straight away, why not do something like this:

  • If they haven't confirmed their E-Mail, don't send PMs, but show them when they are logged in instead. Remind them to confirm their E-Mail.

  • If they have confirmed their E-mail, send them out.

But anyway, your scenario sounds like a server misconfiguration. Why would a mail server keep re-sending mails that it got a "not deliverable" message for? As far as I know, re-sending mails only occurs when the receiving host was not reachable for technical reasons.

Pekka
"your scenario sounds like a server misconfiguration": true, nonexistent email addresses must cause a bounce right away. +1
just somebody
A: 

consider having a checkbox so that people can opt-out of email notifications. if they do not enter a valid email address, it is surely because they do not want to receive emails in the first place, so let them tell you.

additionally, you may consider having an opt-in system, where people will not receive email notifications in the first place and have to enable it somewhere in their account settings, providing an email address at this moment. this way, the number of fake email addresses will be reduced to near zero.

Adrien Plisson