[support] How to safeguard sites from unwanted users
John Summerfield
summer at js.id.au
Fri Jun 21 05:56:55 UTC 2013
On 12/06/2013 10:37 PM, Jamie Holly wrote:
> +1 to that! Also, they can't reuse the email. Make it harder on them,
> not easier.
Reread gmail's rules about its email addresses. One can generate any
number of alternatives for any one email address. Besides, unless one
requires email addresses to be verified during registration, users can
use anything at all, even fred at example.net or joe at domain.test (both of
which _can_ be valid).
Email hosts often allow +arbitrarySuffix to the localpart of email
addresses, but the "+" can be another arbitrary character, I've seen
hyphens used.
And then there are some domains where everything is delivered, if not to
a specific addressee then to a default address and that too is configurable.
--
Cheers
John
More information about the support
mailing list