Normalize emails for uniqueness

digitalpoint

Well-known member
Spammers leverage Gmail (and other email providers) ability to create multiple accounts using the same Gmail account, but each account has a "unique" email address by leveraging dots (".") and pluses ("+") in the email address.

For example, these all go to the same Gmail account inbox:

spammer@gmail.com
spam.mer@gmail.com
s.p.a.m.m.e.r@gmail.com
spam.m.e.r+xenforo@gmail.com

Dots are ignored and anything between + and @ are also ignored when routing to an inbox.

More info: https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html

A few years ago I built an addon that normalized a user's email address with a preg_replace like so:

PHP:
$normalizedEmail = preg_replace('/(?:\\.|\\+.*)(?=.*?@gmail\\.com)/m', '', $email);

The one I did was for Gmail specifically, but it looks some of the the major free email providers support the same thing now:


Anyway, long story short is you could add a hidden column to the xf_user table that stored the normalized email address that must be unique (and it's updated when the user's normal email is updated via the User entity). As a result you would cut out a whole lot of spammers that are using that to create multiple accounts.
 
Upvote 40

Alpha1

Well-known member
It would be nice to see this in core.. Until that time, maybe @Xon can add this to:
 

Alpha1

Well-known member
Complex software requires many hours of development and testing. If you consider what you get and how many hours go into it, then its very cheap.
 

Imgbi

Active member
Complex software requires many hours of development and testing. If you consider what you get and how many hours go into it, then its very cheap.
I didn't disagree with you.
It may be cheap to some but at my end, $45 is expensive.
 
Top