Not a bug User can use one google email to register multiple accounts.

duydangle said:
So instead of seperate emails, should Xenforo have a feature or addon: Check if that's a gmail account and if there are "dots" or "plus", that new account's gmail can be compared with others'.
Click to expand...

I don't think so, actually. I mean, I have never come across any automated spammer / bot that uses this technique to register multiple accounts at a site. Such a work around would probably be used by a human spammer, and there really isn't any way to avoid them. Personally, I wouldn't worry till I see such a technique employed by a bot and actually going through with email confirmation to get an activated account. Otherwise, all such 'multiple' accounts would be taken care of when I prune the unconfirmed registrations every 3 months or so.
 
tbh, I'd be amazed if this ploy isn't used by spammers, sign up for 1 gmail account and get millions of aliases all for nothing.
 
It has been a few years that I had to do this over at the other place but I would have thought you could ban an email address in XF using wilcards to solve the problem (*.*@*)
 
This is a feature for Google, but this is definitly bug issue for XF (and others). Why? It's very simple.
To register a clone, I do not need to register another email. And that's why it's a bug issue!
 
It's a Google issue. They are resolving dots in email addresses that would otherwise lead to an invalid recipient address.

Non-standard behaviours are not XF bugs.

However, it shouldn't hinder the discussion of whether there might be a way to account for the anomily within XF. (y)

Cheers,
Shaun :D
 
Romchik® said:
This is a feature for Google, but this is definitly bug for XF (and others). Why? It's very simple.
To register a clone, I do not need to register another email. And that's why it's a bug!
Click to expand...

A bug is a fault in the coding, this isn't a bug because of the way Google handle their email addresses. As far as XF (and many other software applications), joe.bloggs@gmail.com is a different email address to joebloggs@gmail.com, just as joebloggs@googlemail.com is also different.

To solve this, as far as I can see, XF would need to:

* Store a secondary email address against each user, in this case every time a gmail user signs up it works out what the master email address is for the given email address & saves it.

* When they try and sign up again, XF works out what the master email address is and queries the db to see if it's already linked with an account. If it is, reject it, if not allow it.

Reducing the email address to the master email address is simple,
* Strip dots out of the username
* Remove anything after the + from the username.
* remove the domain portion.

i.e. joe.bloggs@gmail.com becomes joebloggs - this gets stored in the db.
joe.bloggs+xenforor@gmail.com becomes joebloggs

etc..

But it only does this if the email domain contains either gmail or googlemail.
 
You have to remember that in addition to stopping multiple accounts, you want to allow the user to use the email (and any alphanumeric characters) that they want to use. I don't want XF removing my +filter. So if they store a master and secondary email, they should store the master as the stripped version and the secondary as the user's version used for emails. This way the master is purely a lookup. Remember though that this is gmail only, most other email providers class joebloggs and joe.bloggs completely differently.
 
I'm not really sure what we are supposed to do about this - just about every mail service allows username+suffix@example.com, which permits multiple 'accounts' to point to the same base, so Gmail's extensions don't really seem to offer anything more functional than that, unless I'm missing something?
 
Let's also not forget that you can't actually identify Gmail by the @gmail.com address - Google Apps means that any email address could actually be using Gmail.
 
And just to reiterate, email verification is not an anti-spam tool. It's there so that the site has a verifiable way to contact the account holder. As an anti-spam measure it's about as useful as a chocolate teapot.
 
Saeed said:
Exactly. The feature itself is brilliant. I can't imagine using my Gmail without this feature. Apart from helping you with filters / labels, it can be used on sites which you do not trust with your personal email address.e.g.

If I am registering at a new site which I do not know much, I could use an alias like saeed+untrustedsite@gmail.com to register there. Now, if let's say this site sells / exports my email address to any spam / ad agency, the email I would receive would be addressed to saeed+untrustedsite@gmail.com rather than my actual saeed@gmail.com. That way, I would know who's the culprit and deserves a whipping, and all without compromising my actual email address.
Click to expand...
I use this sort of thing with My own domain mail taking advantage of the catchall email and when I need to give an email I use the subjects name like aol@mydomain.com or publix@mydomain.com
 
Brandon Sheley said:
I don't understand, are we not able to block *@someURL.com email address from registering?
Click to expand...
Of course, but what I'm saying is that the multiple permutation usernames discussed above that are available to Gmail, are available to countless other domains by virtue of them using Gmail as their mail handler.
 
Kier said:
Let's also not forget that you can't actually identify Gmail by the @gmail.com address - Google Apps means that any email address could actually be using Gmail.
Click to expand...
Damn fine point, totally forgot about that. That's kinda a bit of an issue there. Didn't know about the + being usable on other email systems though, you learn something everyday!
 
Top Bottom