As I've watched the subscriptions to new content come in I've noticed a considerable number of folks not verifying the account. While my server is fully capable of dealing with greylisting and bounces, nothing is built into Open Blog to deal/remove those email addresses from the database.
While one of the errors is pretty easy to deal with (the bounced email error 550 No Such user) the other is more troublesome.
host alt4.gmail-smtp-in.l.google.com [18.104.22.168] SMTP error from remote mail server after RCPT TO:<redacted>: 550-5.2.1 The user you are trying to contact is receiving mail at a rate that 550-5.2.1 prevents additional messages from being delivered. For more 550-5.2.1 information, please visit 550 5.2.1 https://support.google.com/mail/?p=ReceivingRatePerm q25si23060921wra.271 - gsmtp
I suspect these are mostly SPAM bots or some other way to sign folks up for SPAM. The good thing is I've built the system where it will not send a new content notification unless an email is verified. The bad news is, I have over 200 email addresses sitting in the database unverified.
So, How should I deal with this to help keep the database clean? I do have a couple ideas.
- Add the recaptcha to the subscribe form Edit: (Implemented)
- Instead of saying "Looks like we already have that email address" say that, then offer a button to resend the verification code. Edit (Implemented)
- Create an email address and SMTP process to screen bogus emails. (This gets really tough to do for production releases as many folks won't have the technical skills to set up an email account for the site to monitor.
- Automatically expire the email address from the database after 24/48/72 hours?
If you have any other ideas, feel free to post in the comments.