Normalize emails for uniqueness

digitalpoint · Aug 5, 2021

Spammers leverage Gmail (and other email providers) ability to create multiple accounts using the same Gmail account, but each account has a "unique" email address by leveraging dots (".") and pluses ("+") in the email address.

For example, these all go to the same Gmail account inbox:

spammer@gmail.com
spam.mer@gmail.com
s.p.a.m.m.e.r@gmail.com
spam.m.e.r+xenforo@gmail.com

Dots are ignored and anything between + and @ are also ignored when routing to an inbox.

More info: https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html

A few years ago I built an addon that normalized a user's email address with a preg_replace like so:

PHP:

$normalizedEmail = preg_replace('/(?:\\.|\\+.*)(?=.*?@gmail\\.com)/m', '', $email);

The one I did was for Gmail specifically, but it looks some of the the major free email providers support the same thing now:

You can now use "+" email aliases on Outlook.com - gHacks Tech News

Google some years ago introduced "+" aliases to Gmail which enabled you to use address variations without changing your email address at all. It allows you to add additional text to the […]

www.ghacks.net

Anyway, long story short is you could add a hidden column to the xf_user table that stored the normalized email address that must be unique (and it's updated when the user's normal email is updated via the User entity). As a result you would cut out a whole lot of spammers that are using that to create multiple accounts.

Mouth · Jan 7, 2022

Great idea, we really need XF to support this.

Imgbi · Jan 25, 2022

This will be a great idea for small addon.

Alpha1 · Jan 25, 2022

It would be nice to see this in core.. Until that time, maybe @Xon can add this to:

Signup abuse detection and blocking

From (simple) multiple accounts detection to isp/connection fingerprinting with score-based moderating/rejecting logic. These are very effective low-hanging fruit at reducing spam. Supports migration configuration from the following XF1 add-ons...

xenforo.com

Imgbi · Jan 26, 2022

Alpha1 said:
It would be nice to see this in core.. Until that time, maybe @Xon can add this to:

Signup abuse detection and blocking

From (simple) multiple accounts detection to isp/connection fingerprinting with score-based moderating/rejecting logic. These are very effective low-hanging fruit at reducing spam. Supports migration configuration from the following XF1 add-ons...

xenforo.com

$45?

Alpha1 · Jan 26, 2022

Yes, its very cheap.

Imgbi · Jan 26, 2022

Alpha1 said:
Yes, its very cheap.

Cheap?
You know that amount is the minimum salary in my country?

Alpha1 · Jan 26, 2022

Complex software requires many hours of development and testing. If you consider what you get and how many hours go into it, then its very cheap.

Imgbi · Jan 26, 2022

Alpha1 said:
Complex software requires many hours of development and testing. If you consider what you get and how many hours go into it, then its very cheap.

I didn't disagree with you.
It may be cheap to some but at my end, $45 is expensive.

duderuud · Jan 26, 2022

$45 is a bargain for the amount of work involved to build such an addon.

Normalize emails for uniqueness

digitalpoint

Well-known member

You can now use "+" email aliases on Outlook.com - gHacks Tech News

Mouth

Well-known member

Imgbi

Active member

Alpha1

Well-known member

Signup abuse detection and blocking

Imgbi

Active member

Signup abuse detection and blocking

Alpha1

Well-known member

Imgbi

Active member

Alpha1

Well-known member

Imgbi

Active member

duderuud

Well-known member

Similar threads

We value your privacy