|
|
Posted by Gordon Burditt on 12/15/05 08:37
>I imagine I will have a text box that users enter their email address
>into and a button that says 'subscribe'
>
>To stop people entering other peeps email address I will need some
>verification so I reckon I will need to send a verification email to the
> email address was that entered and assuming the user wants to
>subscribe they will click a link in this email that adds their address
>to a subscriber table in a dbase on my site.
Please be sure that your site cannot be used as a weapon to mailbomb
people with verification emails. You shouldn't send a verification
email to any given address more often than, say, once every 2 days,
and if you've already sent 10 verification emails to that address
and it was not verified, maybe you should wait a month before sending
another one. Eventually you should back off to no more often than
the FTC Do Not Call List: no more than once a year.
Oh, yes, it's probably a good idea to send the IP address used to
sign up the address in the verification email sent TO that address.
The verification link should probably NOT add an address to a
subscriber table. It should change the status of the address already
in the table from 'Pending Verification' to 'Subscribed'.
You should consider limiting the number of simultaneous "pending
verification" addresses a given IP address should be able to sign
up. After, say, 10 signups from a given IP, that IP can't sign up
any more until one of them either verifies or they expire after,
say, 2 weeks.
Gordon L. Burditt
Navigation:
[Reply to this message]
|