Niels Mayer wrote: > FYI, one thing a future mail-rearchitecture might consider supporting: > A better way of querying whether SMTP is working and the registration email > address is valid prior to creating the user being registered. It would > probably be a good idea to add the user and the user-document only after > successful SMTP delivery of the registration message. Or cleanup the created > user/document in a catch() on SMTP failure in > com.xpn.xwiki.XWiki.sendMessage().
Good idea, but note that many counter-spam features will make it unreliable. Many systems when presented with an address like [email protected], where xxx is an user who does not exist, will simply say it's accepted and trash it immediately. What can and should be done is to 1) check if an address looks real according to http://tools.ietf.org/html/rfc5321 , 2) check if the target domain exists. There's no reliable way of checking if an user exists (I believe SMTP has such a feature, but it's usually turned off to not make spammers' lives easier). The only reliable way of dealing with real-looking but invalid addresses is to give an user (for example) 24-72 hours for activation, then delete them (not necessarily after the exact number of hours - a cleaning thread running once per day at whatever time is considered low-traffic will do just fine). Of course the number should be configurable - one admin would set it to 2h which is a sensible minimum (long re-send delay + gray list = up to a little above one hour until the user gets it), another would want one week to give the user a chance to contact them and allow for manual activation if needed for some reason. For checking addresses see http://commons.apache.org/validator/api-1.3.1/org/apache/commons/validator/EmailValidator.html Greetings, Lilianne _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
