Simple Machines Community Forum

SMF Development => Feature Requests => Topic started by: mrhope on February 05, 2021, 04:02:28 PM

Title: Remove extra periods from Gmail addresses
Post by: mrhope on February 05, 2021, 04:02:28 PM
As most probably know, Gmail e-mail addresses ignore periods allowing the user to have different e-mail addresses. For example, "simplemachineexample@gmail.com" could also be "simple.machine.example@gmail.com," "sim.ple.mac.hine.exa.mple.@gmail.com," etc.

This feature is nice. However, it's also used by spammers. I just fished deleting over 1,000 spam accounts using this technique to spam our forum.

I think it could help if SMF forums removed the periods for any @gmail.com or @googlemail.com submitted e-mail address or not treat Gmail addresses with extra periods as different addresses.

Having this ability can give a spammer the potential to create dozens of accounts for a single e-mail address.

Tip for those suffering from the same problem, to help find accounts using these tactics, you can search your forum members using search e-mail strings similar to the following examples.

*.?.*@gmail.com
*.??.*@gmail.com
*.???.*@gmail.com
Title: Re: Remove extra periods from Gmail addresses
Post by: vbgamer45 on February 05, 2021, 04:42:38 PM
I can write a quick piece of code to do it for you.

I like keeping those accounts since it is easier to tell if it is a spammer or not.
Title: Re: Remove extra periods from Gmail addresses
Post by: Kindred on February 05, 2021, 04:59:16 PM
you know, there are much easier ways to spot and stop spammers.....
Title: Re: Remove extra periods from Gmail addresses
Post by: mrhope on February 05, 2021, 05:09:33 PM
Quote from: vbgamer45 on February 05, 2021, 04:42:38 PM
I can write a quick piece of code to do it for you.

Might take you up on that vbgamer45, am I ok to PM you?

Quote from: Kindred on February 05, 2021, 04:59:16 PM
you know, there are much easier ways to spot and stop spammers.....

Well, I'd welcome suggestions. I've read and tried a lot of different suggestions and we have always got hammered with spammers. I've tried various captcha mods, re-create random questions on registration, and right now are doing verified posts for new users and temporarily verifying new accounts through Admin account. I believe a lot of our issues right now is using Cloudflare, which means we cannot ban off IP address, because it's using shared Cloudflare IP's and cannot get real IP from Cloudflare because IPv6 isn't supported SMF without heavy modification with the IPv6 mod.

Title: Re: Remove extra periods from Gmail addresses
Post by: vbgamer45 on February 05, 2021, 05:11:54 PM
Sure
Title: Re: Remove extra periods from Gmail addresses
Post by: GL700Wing on February 05, 2021, 05:21:35 PM
Quote from: Kindred on February 05, 2021, 04:59:16 PM
you know, there are much easier ways to spot and stop spammers.....
Agreed - especially as this would effectively invalidate what are otherwise perfectly valid email addresses.

I use several gmail accounts with one or more period characters in them and AFAIK none of the forums/websites I use them on have ever stripped the period character(s) from my email address.

Also, the '+' character is also valid in email addresses to enable one email address to be used in multiple ways - example:
simplemachineexample+webmaster@gmail.com
simplemachineexample+forumadmin@gmail.com
simplemachineexample+memberadmin@gmail.com

I think the approach should be to use verification questions/challenges to prevent spammers from registering  - I have done this for many years with my SMF forums with a success rate of more than 99.5% (ie, less than 1 in 200 new members is a spammer) - rather than creating work for admins who then have to deal with these spammers after they've been allowed them to join.


Quote from: mrhope on February 05, 2021, 05:09:33 PM
Well, I'd welcome suggestions. I've read and tried a lot of different suggestions and we have always got hammered with spammers. I've tried various captcha mods, re-create random questions on registration

I also use the BadBehavior for SMF (https://custom.simplemachines.org/mods/index.php?mod=2502), httpBL (https://custom.simplemachines.org/mods/index.php?mod=2155), Image for Anti-Spam Verification Questions (https://custom.simplemachines.org/mods/index.php?mod=4278) and StopSpammer (https://custom.simplemachines.org/mods/index.php?mod=1547) mods.
Title: Re: Remove extra periods from Gmail addresses
Post by: Kindred on February 05, 2021, 05:53:55 PM
build 20-30 questions, ask 2 during registration -- you do have to cycle them every year or so.

I have not had a spammer register in 3 years now.
Title: Re: Remove extra periods from Gmail addresses
Post by: Matthias on February 05, 2021, 06:14:37 PM
gmail should be a goal these days.
A lot of human spammers somewhere in dark rooms use it, because you can generate unlimited email addresses...
A nice way to get protect of them, is like kindred described. You can use questions for registration, maybe about 20 or above, regularly changing.
Title: Re: Remove extra periods from Gmail addresses
Post by: vbgamer45 on February 05, 2021, 06:45:56 PM
For 2.0.x Sources/Subs-Members.php
Find

// !!! Separate the sprintf?
if (empty($regOptions['email']) || filter_var($regOptions['email'], FILTER_VALIDATE_EMAIL) === false || strlen($regOptions['email']) > 255)
$reg_errors[] = array('lang', 'profile_error_bad_email');



Add Before

    $spacesDomainList = array('gmail.com','googlemail.com');
    foreach($spacesDomainList as $spaceDomain)
    {
        $tmp = explode("@", $regOptions['email']);
        $emailDomainCheck = array_pop($tmp);
        if ($emailDomainCheck === $spaceDomain)
        {
            $regOptions['email'] = str_replace(".","",$tmp[0]) . '@' . $spaceDomain;
        }   
   
    }
Title: Re: Remove extra periods from Gmail addresses
Post by: Shambles on February 06, 2021, 05:33:27 AM
Good one VB, though to catch @Gmail.com and @GMAIL.com derivatives, I'd make a slight change:

$emailDomainCheck = array_pop($tmp);

to

$emailDomainCheck = strtolower(array_pop($tmp));