March 2, 2014 at 4:22 pm #10115
I’m seeing a rash of people trying to get my squeeze form content by entering rubbish in the email field, despite my clear instructions that say “If your email address is incorrect, you won’t get the content”. I will probably move this particular item to offer it as a freebie for signing up on my email list, but I was thinking another solution might help:
Or in the backend in PHP (or both).
I imagine this setting could be a store option, two actually: do client side email validation (yes/no), do server side email validation (yes/no).
One of the reasons I’d like to have this, in addition to cutting down on bogus entries, is that allowing rubbish in the email field pollutes my autoresponder list.March 2, 2014 at 9:56 pm #61237
Please submit your request to the eStore feature request (wish list).March 2, 2014 at 11:48 pm #61238adminKeymaster
Just validating a domain name still doesn’t prove that it is going to be a correct email address. For example someone can still enter the following:
If you are finding that these are bots, then add the captcha to the squeeze form. eStore already has a feature to add captcha to the squeeze form.March 3, 2014 at 9:49 pm #61239
Hmmh. Why doesn’t the “Wish List” forum appear in the list of Forums? And where is the description of what has been requested? I see, for example “Black list email”.
I realize that checking the domain doesn’t verify accuracy, but an invalid domain will not be deliverable. My problem is not currently with robots… it’s people who mistype things, sometimes intentionally (to see if they can get a download), sometimes accidentally.
I’ll be glad to write the code to do the domain validation and submit it for your approval as I have done in the past. I imagine it would consist of a new Store setting: “Validate email -> On Client | On Server | On Client and Server”March 4, 2014 at 12:48 am #61240adminKeymaster
estore uses the is_email() check that comes from WordPress core. WordPress deliberately remove the dns check from that validation function. Here is some more info for you:
I am not very interested to add a dns checking function (which wordpress considers not reliable) to estore core.
I think an addon is the best way to handle this. If you can write me a PHP function that takes an email address and returns with a true of false (after the dns checking) then I will be able to use it to create a small eStore addon.March 12, 2014 at 6:40 pm #61241
To follow up on this, it appears one squeeze form has been the target of bots. I was originally thinking that implementing a client side domain check would help, but given that it’s bots, it would have to be server side so there are really only two solutions: remove the squeeze form or add a captcha. Since I find Captcha’s to be a distasteful nuisance, I’ve removed all of my squeeze forms and replaced my free items with $1 items and either an add-to-cart or a buy-now button. I also added text that says “Join my mailing list to get this for free”.
Here are just some of the items entered in one day:
And these are the IP addresses the bogus address are coming from:
I might look into plugging in the “Are You A Human” tool instead or Confident Captcha. They are not as painful as CAPTCHA (or reCaptcha).March 13, 2014 at 1:34 am #61242
The reason why WordPress no longer uses checkdnsrr() in the core is that it has become a DDoS attack vector.
[http://stackoverflow.com/questions/13750999/how-reliable-is-checkdnsrr-for-email-domain-validation]March 15, 2014 at 2:21 am #61243
Or, the hidden field could be something like “Phone Number,” or “Confirm Email,” and if the field comes back filled out…
- You must be logged in to reply to this topic.