Jump to content

Issue Information

  • #000587

  • 0 - None Assigned

  • New

  • 2.3.3

  • -

Issue Confirmations

  • Yes (0)No (0)

possible extra verification needed when validating email using DNS

Posted by wdepot on 15 March 2013 - 21:52

Recently we had an issue with a spammer using our Tell A Friend script to send spam. The tip off was that we got bounces to invalid emails bounced back to us. Turning off guest access didn't solve the problem nor did the Verify Email Through DNS which we already had turned on. The bounce backs we got began like this:

Hi. This is the qmail-send program at westerndepot.com.
I tried to deliver a bounce message to this address, but the bounce bounced!

Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4)

The MX check for thisisgreat.com now returns false but at the time both the MX and A checks returned true which is why the from address passed the validation check in Tell A Friend. The same DNS email check is used in 2.3.3 as is used on our current older RC2A site so this problem is still valid. It would probably be a good idea to add another way to verify that there actually is a mail server at the email domain beyond just looking for an MX record.

We have, of course, added anti-spam measures to Tell a Friend (see http://addons.oscommerce.com/info/8718 for 2.2 and http://addons.oscommerce.com/info/8722 for extra anti-spam on 2.3.3) but any extra measures to verify that an email domain is valid would be appreciated.