Registration bug: No fallback for failed email address

Started by pbfoo, April 16, 2012, 03:54:52 PM

Previous topic - Next topic

pbfoo

I was not able to register because I never received the verification email.  The reason it failed is apparently that comcast, the owners of the hxxp:comcast.net [nonactive] domain, and the largest ISP in the US, have decided that you guys (or your domain) must be spammers, and they filter out the email before I can receive it.  I have no control over that.  You can try to persuade them otherwise.

There is no provision to get around such a problem.  In particular, if I claim I never got the verification email, I should be offered the opportunity to register with a different email address.  Hell, that could happen if I made a typo in my email address, for that matter!  But no, if I try to register again, even with a different user name, you disallow it.  I had to be clever, and register with a different browser, a different username, and a different email address.

garry383

Hmmm. I think there is a re-send verification email option.
If not surely there should be.
Laws aren't meant to be broken, any bent, squashed and shanghai'd.

Colin

Sorry for the trouble. SMF has certain protections in place to stop spammers from registering accounts.
--
Also I can't imagine comcast filters emails from SMF are you sure you entered your correct email initially?
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

pbfoo

Quote from: garry383 on April 22, 2012, 09:25:28 AM
Hmmm. I think there is a re-send verification email option.
If not surely there should be.
Yes, there is a re-send verification email option.  However, it will only send to the originally entered emal and offers no option that I could find to change that email address.

NanoSector

Are you sure the e-mail didn't get into your spam folder?

It's a horrible service for a provider to remove e-mails from a mailbox because they think it's "spam".
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

pbfoo

Quote from: Colin on April 22, 2012, 02:04:10 PM
Sorry for the trouble. SMF has certain protections in place to stop spammers from registering accounts.
--
Also I can't imagine comcast filters emails from SMF are you sure you entered your correct email initially?

I can't be sure that Comcast filtered it, but I am sure that I entered my email address correctly, which I checked multiple times, and that multiple attempts at re-send did not result in received mail, not even in my spam folder.  On the other hand, re-registering with a gmail address that forwards to my Comcast address generated a verification email that arrived immediately.

I have observed in the past that Comcast can be rather trigger-happy to blacklist entire domains, so that totally innocuous places like say IEEE get their email blocked.  This could even be the result of SM's anti-spam efforts, because if there are millions of attempts to create spam accounts, you will be sending millions of essentially identical verification emails.

However, getting back to your theory that I mistyped my email address, what is the fallback if I type my email wrong?  Currently you are SOL, unless you happen to be clever enough to realize that if you use a different browser you can register with a different email.

pbfoo

Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
Are you sure the e-mail didn't get into your spam folder?

Answered in my previous post composed while you were typing.  Yes, I'm sure.

Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
It's a horrible service for a provider to remove e-mails from a mailbox because they think it's "spam".

Well, I can sympathize with them to some extent, if it were done right, which it isn't.  I don't necessarily want them to let through 10,000 spam emails to my mailbox every day.  However, what they fail to do is provide me any mechanism to whitelist addresses or domains, or to determine whether in fact they did filter some email to me.  And, please don't tell me to tell them.  They don't provide any way to tell them anything, and if they did, they wouldn't pay any attention anyway.

NanoSector

Quote from: pbfoo on April 22, 2012, 03:07:48 PM
Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
Are you sure the e-mail didn't get into your spam folder?

Answered in my previous post composed while you were typing.  Yes, I'm sure.

Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
It's a horrible service for a provider to remove e-mails from a mailbox because they think it's "spam".

Well, I can sympathize with them to some extent, if it were done right, which it isn't.  I don't necessarily want them to let through 10,000 spam emails to my mailbox every day.  However, what they fail to do is provide me any mechanism to whitelist addresses or domains, or to determine whether in fact they did filter some email to me.  And, please don't tell me to tell them.  They don't provide any way to tell them anything, and if they did, they wouldn't pay any attention anyway.
I think an e-mail provider should at least provide a "Spam" folder if they have some kind of filtering service, in which mails get stored and for the heck of it, removed after 30 days.
Of course as you said you can't tell them anything but that's my 2 cents.

I guess this is an issue with your e-mail provider though.

Anyhow, I requested to move this topic to Site Comments, since it's not directly related to SMF as the software.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

pbfoo

Quote from: Yoshi2889 on April 22, 2012, 03:13:03 PM
Quote from: pbfoo on April 22, 2012, 03:07:48 PM
Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
Are you sure the e-mail didn't get into your spam folder?

Answered in my previous post composed while you were typing.  Yes, I'm sure.

Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
It's a horrible service for a provider to remove e-mails from a mailbox because they think it's "spam".

Well, I can sympathize with them to some extent, if it were done right, which it isn't.  I don't necessarily want them to let through 10,000 spam emails to my mailbox every day.  However, what they fail to do is provide me any mechanism to whitelist addresses or domains, or to determine whether in fact they did filter some email to me.  And, please don't tell me to tell them.  They don't provide any way to tell them anything, and if they did, they wouldn't pay any attention anyway.
I think an e-mail provider should at least provide a "Spam" folder if they have some kind of filtering service, in which mails get stored and for the heck of it, removed after 30 days.
Of course as you said you can't tell them anything but that's my 2 cents.
...
Well, if you use their [horrible] website to access your email they do provide optional spam filtering and a spam folder.  However, they also blacklist sources and domains whose emails never make it far enough to get to a spam folder, because their servers refuse connection requests from those addresses or domains.  That's a reasonable strategy on their part to minimize load factors from spam, but as I said, poorly implemented.  I use pop3 and don't use their spam filtering.  I use thunderbird, and keep everything on my own machines.

emanuele

Quote from: pbfoo on April 16, 2012, 03:54:52 PM
There is no provision to get around such a problem.  In particular, if I claim I never got the verification email, I should be offered the opportunity to register with a different email address.  Hell, that could happen if I made a typo in my email address, for that matter!  But no, if I try to register again, even with a different user name, you disallow it.  I had to be clever, and register with a different browser, a different username, and a different email address.
1) two users with the same username cannot exists (that is basic);
2) two users with the same email cannot exists (basic again, we cannot allow anything like that);
3) when a person register to a forum the only thing the "forum" knows about him is the email address;
4) in order to reduce spam and/or multiple registrations a person is allowed to register only once per session (it means that if you close your browser and you open it again you will be able to register again (this is a very basic spam protection function).

That said, at the moment the moment there isn't any fall-back: if you fail to type your email you have to register again with a different username (and changing the session (i.e. close and open the browser or use another browser)).
If the email doesn't arrive you can ask for a new email (maybe the second will arrive.
If your email provider cuts down entire domains just because "they can"...well...they are just stupid.

A possible solution could be to allow to change the email based on the session of registration...that *could* work...


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

青山 素子

Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
Are you sure the e-mail didn't get into your spam folder?

I can be pretty sure Comcast is blocking the simplemachines.org outbound mail server again. They've done it in the past many times, and it always takes forever to persuade them to fix it. They're almost as bad as AT&T, where their removal service will tell you there is no block when there clearly is (I had to start pestering the actual network admins to get that fixed).


Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
It's a horrible service for a provider to remove e-mails from a mailbox because they think it's "spam".

They aren't removing it. They're rejecting all mail with a 500-series error (permanent delivery error). Since SMF doesn't process non-delivery receipts (it's not a mail tool, so it wouldn't make sense to do so), the software has no way of knowing the message wasn't delivered.

The problem is that it is entirely likely nobody on the team is dealing with NDRs and so they probably don't even have a clue that a huge ISP is blocking things.


Quote from: emanuele on April 22, 2012, 03:45:21 PM
A possible solution could be to allow to change the email based on the session of registration...that *could* work...

Another solution would be to "expire" pending registrations after a timeperiod and allow re-use of the username. Rather than leaving a bunch of accounts in pending status forever, SMF could allow re-use of any non-confirmed username 48 hours after the pending status was entered.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


pbfoo

Quote from: 青山 素子 on April 23, 2012, 02:51:27 PM
Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
Are you sure the e-mail didn't get into your spam folder?

I can be pretty sure Comcast is blocking the simplemachines.org outbound mail server again. They've done it in the past many times, and it always takes forever to persuade them to fix it. They're almost as bad as AT&T, where their removal service will tell you there is no block when there clearly is (I had to start pestering the actual network admins to get that fixed).


Quote from: Yoshi2889 on April 22, 2012, 02:57:49 PM
It's a horrible service for a provider to remove e-mails from a mailbox because they think it's "spam".

They aren't removing it. They're rejecting all mail with a 500-series error (permanent delivery error). Since SMF doesn't process non-delivery receipts (it's not a mail tool, so it wouldn't make sense to do so), the software has no way of knowing the message wasn't delivered.

The problem is that it is entirely likely nobody on the team is dealing with NDRs and so they probably don't even have a clue that a huge ISP is blocking things.


Quote from: emanuele on April 22, 2012, 03:45:21 PM
A possible solution could be to allow to change the email based on the session of registration...that *could* work...

Another solution would be to "expire" pending registrations after a timeperiod and allow re-use of the username. Rather than leaving a bunch of accounts in pending status forever, SMF could allow re-use of any non-confirmed username 48 hours after the pending status was entered.
Thank you for a response that doesn't pooh-pooh everything I have said, and actually analyzes the real problem.  What a breath of fresh air!

emanuele

Quote from: 青山 素子 on April 23, 2012, 02:51:27 PM
Another solution would be to "expire" pending registrations after a timeperiod and allow re-use of the username. Rather than leaving a bunch of accounts in pending status forever, SMF could allow re-use of any non-confirmed username 48 hours after the pending status was entered.
That would be another very good option...


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

SleePy

Quote from: 青山 素子 on April 23, 2012, 02:51:27 PM
I can be pretty sure Comcast is blocking the simplemachines.org outbound mail server again. They've done it in the past many times, and it always takes forever to persuade them to fix it. They're almost as bad as AT&T, where their removal service will tell you there is no block when there clearly is (I had to start pestering the actual network admins to get that fixed).

Well that worries me if somebody is almost as bad as AT&T/scglobal.  My experience with them and removing a block was not a pleasant one.  However from what a co-worker had to deal with, this is all better than what AOL does.

pbfoo,
Would you mind sending me a pm with the email from comcast you tried to use?  I will use that to confirm the block is removed once I have communicated with comcast.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

青山 素子

Quote from: pbfoo on April 23, 2012, 03:59:22 PM
Thank you for a response that doesn't pooh-pooh everything I have said, and actually analyzes the real problem.  What a breath of fresh air!

No problem. Unfortunately, most (if not all) of the prior responses to you were from people that really don't have experience in the whole dealing with ISP blocking area. Given my day job (server admin), I have way too much experience. That's why I knew right away about the issue.

As for the re-using names issue, that's mostly from general experience.


Quote from: SleePy on April 23, 2012, 11:04:34 PM
Would you mind sending me a pm with the email from comcast you tried to use?  I will use that to confirm the block is removed once I have communicated with comcast.

If they're (Comcast) doing a straight block, you shouldn't need to use any specific address. Simply use telnet to talk SMTP to Comcast's servers. You can do everything right up to the data command without actually sending a message - just QUIT instead. Make sure to run the test from the outbound relay, if you're still using it.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


pbfoo

Quote from: SleePy on April 23, 2012, 11:04:34 PM
Quote from: 青山 素子 on April 23, 2012, 02:51:27 PM
I can be pretty sure Comcast is blocking the simplemachines.org outbound mail server again. They've done it in the past many times, and it always takes forever to persuade them to fix it. They're almost as bad as AT&T, where their removal service will tell you there is no block when there clearly is (I had to start pestering the actual network admins to get that fixed).

Well that worries me if somebody is almost as bad as AT&T/scglobal.  My experience with them and removing a block was not a pleasant one.  However from what a co-worker had to deal with, this is all better than what AOL does.

pbfoo,
Would you mind sending me a pm with the email from comcast you tried to use?  I will use that to confirm the block is removed once I have communicated with comcast.
Done.

Advertisement: