|
|
Posted by toedipper on 12/15/05 10:06
Thanks for your advice Gordon.
Gordon Burditt wrote:
>>I imagine I will have a text box that users enter their email address
>>into and a button that says 'subscribe'
>>
>>To stop people entering other peeps email address I will need some
>>verification so I reckon I will need to send a verification email to the
>> email address was that entered and assuming the user wants to
>>subscribe they will click a link in this email that adds their address
>>to a subscriber table in a dbase on my site.
>
>
> Please be sure that your site cannot be used as a weapon to mailbomb
> people with verification emails. You shouldn't send a verification
> email to any given address more often than, say, once every 2 days,
> and if you've already sent 10 verification emails to that address
> and it was not verified, maybe you should wait a month before sending
> another one. Eventually you should back off to no more often than
> the FTC Do Not Call List: no more than once a year.
>
> Oh, yes, it's probably a good idea to send the IP address used to
> sign up the address in the verification email sent TO that address.
>
> The verification link should probably NOT add an address to a
> subscriber table. It should change the status of the address already
> in the table from 'Pending Verification' to 'Subscribed'.
>
> You should consider limiting the number of simultaneous "pending
> verification" addresses a given IP address should be able to sign
> up. After, say, 10 signups from a given IP, that IP can't sign up
> any more until one of them either verifies or they expire after,
> say, 2 weeks.
>
> Gordon L. Burditt
Navigation:
[Reply to this message]
|