zero-spam-for-wordpress icon indicating copy to clipboard operation
zero-spam-for-wordpress copied to clipboard
verified publisher icon Highfivery

[FEATURE] last step Email-Domain check

Open konsti2020 opened this issue 4 years ago • 6 comments

Is your feature request related to a problem? Please describe. It happens more and more often that bots (users) register with a made up E-Mail Domain. The confirmation e-mail is then sent to the blank, and the repeated delivery attempts then use up resources.

Describe the solution you'd like It would be good when the domain could be checked if it is a valid E-Mail Domain, something similar like this plugin does: https://wordpress.org/plugins/cf-email-domain-check/#wie%20wird%20die%20pr%C3%BCfung%20durchgef%C3%BChrt%3F

In order to save additional resources, this check could only be carried out at last after all other checks have approved the user.

Describe alternatives you've considered An alternative way would be to only allow known E-Mail Domains but that would probably sort manny people out that use their own Homepage with E-Mail Domain.

konsti2020 avatar Jan 06 '22 13:01 konsti2020

@konsti2020 this will depend on the form integration you're using. Most forms already have basic email domain validation checks (i.e. WP registrations, comments, email form fields, etc.). What specific use case/implementation are you thinking this would be good for?

bmarshall511 avatar Jan 06 '22 16:01 bmarshall511

I use contact form 7 for all my form fields, newsletter, contact form and so on. Now there are more and more cases in which a E-Mail domain is specified that cannot receive e-mails but for the plugin all seems okay since the user could register for the newsletter (or similar). Then when the verification mail couldn't be sendet I get a notification mail that the E-mail domain isn't answering. So it would be nice if that could also been checked.

Best regards

Konsti

konsti2020 avatar Jan 06 '22 17:01 konsti2020

@konsti2020 Can you provide some example email addresses they are using?

bmarshall511 avatar Jan 06 '22 17:01 bmarshall511

Sure, here are some of the last used Domains:

coolyarddecorations.com truckmetalworks.com cheapgreenteabags.com fastlasermouses.com freeinvestoradvice.com softtoiletpaper.com visagency.net sportsstores.co exnik.com westrb.com spicysallads.com vaulker.com dynainbox.com eastworldwest.com nymega.com drypipe.com ovaki.com firstaidkit.services bangkokhotelhub.com

If you want to I could search for the full E-Mail addresses but that would take a bit.

konsti2020 avatar Jan 06 '22 17:01 konsti2020

These are two more that slipped through today: [email protected] [email protected]

konsti2020 avatar Feb 03 '22 11:02 konsti2020

This is one of the sample E-Mails I get when they register with a E-Mail that has a Domain without a Dns-entery:

This is the mail system at host mailout2.pub.mailoutpod1-cph3.one.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

<[email protected]> failed: DNS error: Permanent DNS
 error resolving wasp.newpopularwatches.com (NXDOMAIN)

Also the number of these Spamers grows from week to week.

Best regards

konsti2020 avatar Mar 17 '22 21:03 konsti2020

Thanks for the input! v5.4 will include enhanced security features related to email checking including attempting to check if the domain can actually get an email. You can download the beta version here: https://github.com/Highfivery/zero-spam-for-wordpress/tree/5.4.0

bmarshall511 avatar Sep 03 '22 16:09 bmarshall511