email validator

Re,

No, we do not provide a way to validate email addresses. No method is foolproof and we prefer to send a confirmation email that yields the best results.

Regards,
MailPoet Team.

ok, that does not help me though. because I’m getting spammed on one of my sites and the confirmation emails are being sent to bogus email addresses (which is killing my email reputation).

I will have to code an integration of a third party tool (or role my own) to solve my problem, I guess.

Thanks!
Chris

Chris,

We’ve had customers successfully reduce (or in some cases eliminate) the number of fake signups with the WP-SpamShield Anti-Spam plugin. Could you please give it a try and report back?

Regards,
MailPoet Team.

Hi,

After setting up that plugin I was still able to send a confirmation email to a bogus email address by simply submitting a subscribe form.

verifying the legitimacy of an email before sending an email is what I’m after. (something like https://www.ads-software.com/plugins/email-validator-by-byteplant/ but that’s compatible with mailpoet). I’m happy to write my own, but if one already exists that’s compatible with mailpoet, that would be a faster solution.

thanks!

On that note, is there a hook of any kind, when a form is submitted, that I can leverage for verifying an email address before mailpoet takes any action on the submission?

Chris,

1. You should test that plugin with real visitors, not by trying to subscribe yourself ??
2. There is no hook but your request has been noted and will get to it in due time!

Cheers,
MailPoet Team.

1. I’d rather let my visitors remain visitors, and not force them to be my unwilling testers. But, to your point… the email address I tested with was equivalent to the bogus ones used by the spammers.
2. Lots of other plugins would become compatible with mailpoet if is_email were to be incorporated into your validation logic (and the logic within is_email() is simple enough that I would think it’s impact on the form submission process would be minimal at most).

In the meantime, I will work up a solution for my blogs that is compatible with the current release of mailpoet 3.

Thanks,
Chris

Chris,

WP-SpamShield Anti-Spam plugin uses other mechanisms to prevent SPAM (https://www.redsandmarketing.com/plugins/wp-spamshield/), so the fact that your email address worked does not mean that it would pass the test if a SPAM bot were to try to subscribe to the form. That said, we’ll implement hooks in due time! So much to do, so little time/few resources ??

Cheers,
MailPoet Team.

Hi MailPoet and Chris,

MP, Thanks for the recommendation! You are 100% about WP-SpamShield protecting MailPoet forms.

WP-SpamShield Anti-Spam plugin uses other mechanisms to prevent SPAM (https://www.redsandmarketing.com/plugins/wp-spamshield/), so the fact that your email address worked does not mean that it would pass the test if a SPAM bot were to try to subscribe to the form.

This is also 100% correct. The plugin is very smart, and will not block an admin-type-person, so this type of test would not yield any results.

Or is there a way, with mailpoet, to validate that an email address is legit before trying to send even a confirmation to them?

First off, WP-SpamShield will eliminate ALL non-human submissions. That leaves only the human spam. Within the human spam category, these email validation tests come into play.

WP-SpamShield does do email validation to make sure that obvious fake emails cannot be used. It adds a number of enhancements to the WordPress is_email hook (which it does use). We have developed the single best email address validation possible. We add additional RFC checks that are not in the WordPress core is_email and other specific checks for Yahoo and Gmail addresses to make sure that any addresses with these ESPs (Email Service Provider) conform to their formatting standards. The anti-spam process goes on to also include checks to make sure that the domain in the email address exists and has an MX record setup for that domain.

No method is foolproof and we prefer to send a confirmation email that yields the best results.

MailPoet is 100% correct here as well. Beyond the checks listed above, it is not possible to check for 100% email address validity. Even if these checks above are passed, it does not necessarily mean that the email address is valid, but where these tests are valuable, is to get rid of the email addresses that are guaranteed to be fake.

However, that being said, WP-SpamShield has been proven to eliminate 99.99% of all spam, including human spam, so there would not be many validation emails being sent out by your server.

Hope that helps! Feel free to let us know if you have any further questions. ??

– Scott

Scott (and MP),

thanks for the thorough reply. I’m glad to know “bot” submissions are blocked via wp-spamshield. But I’m still not clear on something: wp-spamshield depends on the use of is_email() correct? I see nowhere in the mailpoet plugin where is_email() is actually used, so wouldn’t that make the addition of wp-spamshield irrelevant?

Please understand, I’m not doubting any of the things you’ve explained. I’m just trying to connect all the dots and this one gray area isn’t adding up for me (yet?).

In my research of email verification, I’ve learned (which your explanation confirms, Scott) that some popular mail servers (like aol.com) do not reveal that an email address is valid or not during these MX and “mailbox exists” checks; while other services (like gmail.com) are very accommodating. As many of my spam emails are coming from gmail (human or otherwise) that would be helpful.

However, as I’ve stated before, many of the existing mail verification plugins depend on the use of is_email() by the signup form and mailpoet is currently not using that function at all.

Thank you, both, for the thorough information. I will go ahead and leave wp-spamshield on my blogs and see if the spam slows down or stops with just that. I’ll be sure to report back whether it helps or not.

Thanks!
Chris

Hi Chris,

thanks for the thorough reply. I’m glad to know “bot” submissions are blocked via wp-spamshield. But I’m still not clear on something: wp-spamshield depends on the use of is_email() correct? I see nowhere in the mailpoet plugin where is_email() is actually used, so wouldn’t that make the addition of wp-spamshield irrelevant?

You’re very welcome. Perhaps I can clarify. ?? Both bot and human spam submissions are blocked by WP-SpamShield. It protects MailPoet, and all other types of third party form plugins. In our anti-spam process, it adds all the necessary functionality. When it checks MailPoet submissions for spam, it also validates the email address to eliminate definite fake email addresses.

In my research of email verification, I’ve learned (which your explanation confirms, Scott) that some popular mail servers (like aol.com) do not reveal that an email address is valid or not during these MX and “mailbox exists” checks; while other services (like gmail.com) are very accommodating. As many of my spam emails are coming from gmail (human or otherwise) that would be helpful.

The reality is that no mail servers will ever reliably reveal whether a mailbox exists, so trying to find this out is a futile effort. You can only find out if the domain is real, and if it has MX (mail exchange) records setup (for the server).

The is_email() function in the WordPress core does a fairly good job of checking for valid email address formatting, but it can be improved. Using the is_email hook contained within the function allows plugin authors to extend its functionality, which we do in WP-SpamShield. I think you may misunderstand: The plugin also uses the is_email() function in part of of the anti-spam process, so it doesn’t need to be called in any other plugin.

There are a number of other ways to make sure that an email address is valid on the front end. (HTML5 for example has basic email format validation built in.)

I hope this info helps. ??

– Scott

So, it appears I’ve still received 10 spammy signups in the past 4 hours (even with wp-spamshield installed). I do have fail2ban on my server and hooked up to my wordpress sites as well, so that may be helping to throttle the spamminess.

But at a rate of 10 spamm addresses/4 hours… that’s easily over 400 spam addresses/week! (and 400 confirmation emails/week to damage my email reputation). I’ll keep wp-spamshield and my other systems in place for any benefit they offer, but any additional suggestions are welcome at this point.

for the record: domains being used for these spam addresses are often gmail, aol, yahoo, and an assortment of other domains that all have valid MX records at their domain.

Suggestions?

Thanks,
Chris

Hi @cnesbit,

If you’re getting any spammy signups with WP-SpamShield, it means that something isn’t working…it’s likely you have a conflict, and something is causing it to bypass the plugin altogether. It would never allow that kind of spam.

I would recommend that you check out our Troubleshooting Guide and FAQs. If those don’t help you solve the issue, then you’ll want to submit a support request, and we’ll help you get to the bottom of it. ??

– Scott

will do, Scott. Thank you (Scott, and MP) for patiently working through this with me.

Thanks,
Chris

Hi Chris,

No problem! I know how frustrating all this can be. Lucky for you, we’ve dealt with troubleshooting on thousands of sites, so we’ve had the opportunity to work these issues out many, many times. Don’t worry…if you don’t get it sorted out on your own, we’ll help you get things squared away. ??

– Scott