Can I be accused of spamming for this? - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Can I be accused of spamming for this?

(email notification system)

bobriggs

6:46 pm on Jul 19, 2002 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I've set up an email notification system on one of my sites to alert the user when any new item becomes available in the database based on the users's criteria. A simple form, fill in a few fields (including their email address), save the data entered in a file, etc.

Then each evening, a cron job is run to check the notification file against any new entries to the database for that day. An email is sent to the user if a match is found with a link to the new database entry, and a link to delete the notifier. Great for the user who wants notifications, great for my site that wants hits.

So far, so good. Everything is hunky-dory as long as all users behave. But I have thought of a hole: suppose someone puts a bogus email address in the form field (not theirs) so that the notification would be sent elsewhere?

I thought about setting up a password system to verify that that person is the person with the email address entered. (put in your email address, get your password kind of thing, then log on with it). But its really a small site and the extra time for the user to check the email seems kind of a waste.

I've seen other VERY large sites do what I'm doing without any verification of email. On top of that, what about 'send this page to a friend' stuff. Isn't that the same kind of thing?

I'm open to suggestions on this, and any comments about any other caveats that I might run into.

Nick_W

6:50 pm on Jul 19, 2002 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I shouldn't worry about it, but if you built your stuff in PHP then I recently built an email verification system and it was very simple to do.

I'll send you the scripts if you like and you can adapt them to your site...

Nick

bobriggs

6:56 pm on Jul 19, 2002 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Nick_W: Perl. Yeah, I could do the verification thing but it's the extra time involved for the casual user on the site. Mostly worried about a real spammer using the form to have email sent elsewhere.

Could I use a disclaimer and be safe?

volatilegx

6:57 pm on Jul 19, 2002 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

You ought to make the notifications "double opt-in" meaning your system will send an email to the user when they sign up, and the email will contain a code which they must input into a verification field to finish the sign up process.

bobriggs

7:06 pm on Jul 19, 2002 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Great, I just hadn't thought of that.

Just send a link back to the email address that will activate the notication system, otherwise, nothing gets sent to it further.

Thanks a lot.

txbakers

8:29 pm on Jul 19, 2002 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I wouldn't consider it spam as they signed up to receive notification.

gcross

8:43 pm on Jul 19, 2002 (gmt 0)

10+ Year Member

I agree with volatilegx. And I think that is a standard practice with most large, commercial entities on the net. When one signs up for something, they send a confirmation email to that email address. It usually contains a choice of either sending a response back to the Mailer Daemon or clicking on a link that takes one to a confimation page or provides a computer generated code that they can enter into the webpage they are currently on in order to confirm. Another variation is to assign the password and send it in an email, and the recipient has to logon using that password before the opt-in is activated and they can then edit their preferences to change to some other password, if they feel like it. Yet another variation might include a computer generated username as well; although I've never personally experienced those, it seems a logical follow-through.

:)