Normalize emails for uniqueness

digitalpoint

Well-known member
Spammers leverage Gmail (and other email providers) ability to create multiple accounts using the same Gmail account, but each account has a "unique" email address by leveraging dots (".") and pluses ("+") in the email address.

For example, these all go to the same Gmail account inbox:

spammer@gmail.com
spam.mer@gmail.com
s.p.a.m.m.e.r@gmail.com
spam.m.e.r+xenforo@gmail.com

Dots are ignored and anything between + and @ are also ignored when routing to an inbox.

More info: https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html

A few years ago I built an addon that normalized a user's email address with a preg_replace like so:

PHP:
$normalizedEmail = preg_replace('/(?:\\.|\\+.*)(?=.*?@gmail\\.com)/m', '', $email);

The one I did was for Gmail specifically, but it looks some of the the major free email providers support the same thing now:


Anyway, long story short is you could add a hidden column to the xf_user table that stored the normalized email address that must be unique (and it's updated when the user's normal email is updated via the User entity). As a result you would cut out a whole lot of spammers that are using that to create multiple accounts.
 
Upvote 17
Top