New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't allow multiple variations of the same gmail address #240
Comments
Not only that, stripping all the "." would affect also the domain, so that email addresses like: myname@my.domain.tld to myname@mydomaintld, something that probably we don't want... Probably to have something like that the best is "cleanup" the email addresses before they are saved into the database and then strip the "." php-side and do the ban query on the "clean" email. |
Is this something we should implement? If strpos gmail, strip all periods prior to instance of @? |
The email spec states that some other things like + are also legal but are On Thu, Dec 6, 2012 at 10:22 AM, Matthew K notifications@github.com wrote:
|
No. Just... no. |
What part you don't agree with live627? The entire gmail (maybe others) discussion or one of the other suggestions? |
I see this becoming a form of voodoo magic. What happens when someone signs EDIT: I didn't know that Gmail discarded dots in their accounts. And I even II think my argument is null and void. On Sat, Dec 8, 2012 at 6:22 AM, emanuele45 notifications@github.com wrote:
|
I agree with not implementing it. It has come up before. If people are On Sat, Dec 8, 2012 at 1:22 PM, John Rayes notifications@github.com wrote:
|
@joshuaadickerson Banning with regular expressions wouldn't do any good here unless you can somehow say "match this string with 0 or 1 dots after each character except the last one", and even then that would only work for one specific address. I don't want to ban all dotted gmail addresses as there are legitimate uses for the feature (though I can't see any reason why you'd need to use more than one dot, and have banned "..*@gmail.com" on at least one forum), but it's a bit annoying that there's no easy way to prevent this obvious workaround. |
As of now, SMF could see "my.name@gmail.com" and "myname@gmail.com" as two completely different email addresses, although if you email both, it'll go to the same account. I personally see this as a flaw in how SMF handles Gmail addresses, which theoretically then should be resolved. It'd be as simple as stripping periods ahead of the @ symbol and THEN seeing if a member is registered with that email. Heck, you could even save them however they were entered, and then when doing the search just do the same regex. |
And all of that pales into insignificance when you realise that any domain that uses Google Apps can potentially do exactly the same thing... |
@Arantor Google Apps treat dots in the email address strictly. So john.doe@foo.com is a different box than johndoe@ and john.do.e@ |
Huh, I thought it did. Wish I'd have known that last week, I could have saved myself a silly amount of work. |
Reminder: https://support.google.com/a/answer/33386?hl=en less than a month away. Should this issue be closed? |
Google Apps and Gmail are two different things as pointed out previously and in that link. |
I misunderstood the the link as saying. I thought it was saying various dots within a gmail would no longer work or be considered different email addressed. |
I think we can close this, since it only affects a single service (GMail), it wouldn't be worth putting forth the effort to put it into effect. There are other, better way at preventing spam. |
Admins themselves can get around this by creating a ban .@gmail.com and disallowing it to register. SMF only uses * for the wildcard and uses the literal . |
GMail, unlike many other providers, allows you to format your email address using dots - someone@gmail.com is exactly the same address as "s.o.m.e.o.n.e@gmail.com", though SMF doesn't think so.
I have seen several instances of spammers registering multiple accounts using multiple variations of the same address.
Unfortunately, I'm not sure it's easy to do this as we'd have to do a WHERE STR_REPLACE(".", "", email_address) (or something similar) in the DB query, and I don't know if it's very efficient to do that, especially on large forums.
The text was updated successfully, but these errors were encountered: