Not a bug User can use one google email to register multiple accounts.

[duydangle]

This is a bug with gmail: User can use one google email to register multiple accounts.


Details: my email is abcxyz@gmail.com. I can use my email to register new account with this tricks: insert dots between the name of the mail. For example, abc.xyz@gmail.com, or a.bcxyz@gmail.com. Xenforo understands they are separate emails, but actually any mails to abc.xyz@gmail.com come to abcxyz@gmail.com.

 

[Jake Bunce]

I am unable to reproduce this. When I register a new account and enter an email address with a period I can confirm that the activation email is being sent to that full email address. No periods are being omitted.

Can you reproduce this problem yourself? Or is it just a user claiming to have done this? He might be registering all of those variations of the same email address. Spammers often register multiple email accounts.

 

[Kevin]

I am unable to reproduce this. When I register a new account and enter an email address with a period I can confirm that the activation email is being sent to that full email address. No periods are being omitted.

Can you reproduce this problem yourself? Or is it just a user claiming to have done this? He might be registering all of those variations of the same email address. Spammers often register multiple email accounts.

Jake, what the OP is a describing is really a feature of Gmail itself. Take, for example, the email address of johndoe@gmail.com who then creates an account on your site named John Doe. If you send an email to johndoe@gmail.com it will work fine. However, Gmail allows you to use non-alpha characters in your email and it will also work. By that I mean if you send an email to john.doe@gmail.com it will work and go to the same person. Both emails will be received by the user with no problems.

However, the OP is talking about a case when John Doe then tries to register a second account, Jane Doe on your site using the john.doe@gmail deviation. XenForo will create the account as normal and the email will be sent John Doe.

Summary: The user is able to create multiple accounts due to a feature of Gmail and XenForo will not block it. However, I don't know of any forum software that takes Gmail's quirks into account and will block the second fake account.

 

[Saeed]

That is just how Gmail works. Even using alias addresses would probably allow the same, e.g. in your example above, emails sent to abcxyz+one@gmail.com, abcxyz+two@gmail.com etc etc would all be sent to your primary gmail address (before the plus sign).

http://mail.google.com/support/bin/answer.py?answer=12096

 

[duydangle]

The bug is fully described by Kevin.

The problem here is email cannot be duplicated, but user can easily create a new account with the same email they used... Spammer have to create multiple emails, but use the same email with "dots" is much easier.

//Some administrators block gmail, but I think that solution is not effective and not beneficial for the forum and users, because many people use gmail.

 

[jonsidneyb]

Is there anyway around this?

 

[duydangle]

The solution may be: Xenforo detects "dots" or "plus" in gmail account when users sign up.

 

[Jake Bunce]

Jake, what the OP is a describing is really a feature of Gmail itself. Take, for example, the email address of johndoe@gmail.com who then creates an account on your site named John Doe. If you send an email to johndoe@gmail.com it will work fine. However, Gmail allows you to use non-alpha characters in your email and it will also work. By that I mean if you send an email to john.doe@gmail.com it will work and go to the same person. Both emails will be received by the user with no problems.

However, the OP is talking about a case when John Doe then tries to register a second account, Jane Doe on your site using the john.doe@gmail deviation. XenForo will create the account as normal and the email will be sent John Doe.

Summary: The user is able to create multiple accounts due to a feature of Gmail and XenForo will not block it. However, I don't know of any forum software that takes Gmail's quirks into account and will block the second fake account.

That's a dumb feature...

 

[kkm323]

yes, I see this as a bug and need to be fix. I can't really think of any solution?

 

[Kevin]

The solution may be: Xenforo detects "dots" or "plus" in gmail account when users sign up.

I think we can already do that...

ACP => Options => User Registration => Username Validation

I don't know though if you can get away with just putting "." in the "Disallowed Words In User Names" (blacklist) or if you would need to add an entry to the "User Name Match Regular Expression" (whitelist) value.

 

[Hoffi]

And Google also has more than one domain. gmail.com and googlemail.com - both works.
You really can't get a perfect solution for this. There are too many ways of geeting an email-address.

 

[duydangle]

I think we can already do that...

ACP => Options => User Registration => Username Validation

I don't know though if you can get away with just putting "." in the "Disallowed Words In User Names" (blacklist) or if you would need to add an entry to the "User Name Match Regular Expression" (whitelist) value.

They are for usernames, not email :-s?

 

[Kevin]

They are for usernames, not email :-s?

Oops, my bad, you are correct. Have I mentioned I've been sick for a few days and am still in a bit of a fog.

 

[MGSteve]

yes, I see this as a bug and need to be fix. I can't really think of any solution?

I wouldn't say its a bug, its a peculiarity with gmail that XF could do with stopping. It shouldn't really even be too hard to do - I don't know where the hooks are, but perhaps it could even be handled via a addon?

 

[James]

That's a dumb feature...

When used correctly, it's a great feature. I use it often to filter my emails.

Register to XenForo with: james+xenforo@gmail.com

Open up gmail filters and in the to field, input +xenforo

Run a test search, voila! I can now target xenforo-specific e-mails.

http://gmailblog.blogspot.com/2008/03/2-hidden-ways-to-get-more-from-your.html

 

[Jeremy]

I can see reasons for it. For example, a parent may like to filter emails coming to their child, so their child must use parentemail+childname@gmail.com so that its delivered to them. Or if I did something like this:

dentel@gmail.com -> family account.
dentel+jeremy@gmail.com -> mine.

This would essential destroy that. True, that's an out htere case, but I can see it being annoying for someone.

 

[James]

I believe it's possible to filter (I know there was a vBulletin add-on), you just have to strip all instances of + and . from the email field before validating.

The other solution (to retain their +ing or .ing) would be to strip all instances of the characters in the email, match it to all other emails (stripping their dots or pluses) and comparing, if it doesn't exist then allow it with all its plusdot magic.

 

[Saeed]

Exactly. The feature itself is brilliant. I can't imagine using my Gmail without this feature. Apart from helping you with filters / labels, it can be used on sites which you do not trust with your personal email address.e.g.

If I am registering at a new site which I do not know much, I could use an alias like saeed+untrustedsite@gmail.com to register there. Now, if let's say this site sells / exports my email address to any spam / ad agency, the email I would receive would be addressed to saeed+untrustedsite@gmail.com rather than my actual saeed@gmail.com. That way, I would know who's the culprit and deserves a whipping, and all without compromising my actual email address.

 

[duydangle]

So instead of seperate emails, should Xenforo have a feature or addon: Check if that's a gmail account and if there are "dots" or "plus", that new account's gmail can be compared with others'.

 

[James]

I notice XF validate e-mails using Zend_Validate, I would've thought Zend would've had this covered.