Javilk writes:
> People are entering bogus e-mail addresses in my subscription forms.
> Most of them are just words without the @, but more and more seem to be
> bogus addresses.
>
> Before I start writing ping routines and such, what is the quickest,
> simplest way of determining whether a host exists? I would like to do
> that while the person is waiting for an acknowlege web page, so we can
> tell him that we could not find his host or such. Many hosts have ping
> response turned off (best.com, last time I tried,) and many have finger
> turned off.
I agree with Rich; the current technology just doesn't allow for
authentication that way. If you're worried about *idiot-proofing*,
that's another thing, but there's no way to make sure that it's a
valid account - certainly not with the current state of the internet,
where mosts hosts have shut off the tools that might allow
verification, due to security threats.
One of the things I've oft mulled over is the frailty of the
current, broadly-used internet mail and what would be desirable in a
replacement. It would have to be fault-tolerant, reliable, secured,
able to handle binary files, have encryption at the server and client
level, but be easy to use, and probably have some provision for
back-checking addresses, both for verifying the point of origin and
for verifying that a given address is valid. It'll be interesting
to see if anybody comes up with something like this, with a *real*
technology, not a web-server/SSL-based hack...
Heuristics to check for idiot-proofing:
Make sure it's got an @ in the middle of it.
Make sure there's text on both sides.
Make sure the text on the right side has at least one period (.).
Make sure there's text both before and after the period.
Beyond this, you can do some further checking, but unfortunately the
state of the DNS system isn't clean enough for absolute checking.
You can check the root domain of the address for the seven TLDs
(com, org, edu, net, gov, mil, etc). However, it might be
a geographic domain
You can check the root domain of the address for the several hundred
existing country domains - but note that it's not always easy
to figure out all of the existing country domains. (If somebody
knows a whois service or *up to date* canonical list, let me
know).
If the text on the left side has a comma, it might be a compuserve
address.
If they left off the right side entirely, it might be an AOL
address(*).
Check the environment variables to see if they happen to be using
a browser with the mail address configured - compare it to
the address they entered.
(* Not to enter the AOL "lusers" debate(**), but at one large bank web
site, with a large number of "mainstream" users, they did a mass
emailing (not spam; they'd lost several days worth of form-generated
mail but had the addresses from the logs, so they asked anybody who
hadn't received an answer to resend their request). A large number of
addresses bounced; the webmaster resent them all to @aol.com and about
90% of them went through successfully...)
(** Note that the entymology (***) of the word "lusers" is actually a bit
more disdainful than the definitions given; the term was originally
coined to refer to *all* users, by the original "high-priest" style
system operators, as in "all users are losers". This is why I've never
been fond of the term.)
(*** Did I spell that right? Or was that entomology? One's words, the
other's insects. (****))
(**** Isn't this fun?)
Steven J. Owens
[EMAIL PROTECTED]
____________________________________________________________________
--------------------------------------------------------------------
Join The Web Consultants Association : Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------
