The BuyVIP email verification script should be designed to block all the most common forms of erroneous and malicious email address without blocking the user from registering on the BuyVIP site.
On our online form for signing up for membership of the site there is the form box for the email address. Once the user has entered the email address the script should check the address against the list below. It should then show a message (the email address entered is not accepted, please enter an alternative email address).
We also need a java program that can do exactly the same checks on a list of email addresses (CSV) file.
In both cases there needs to be a common administration interface that controls which domains and IP addresses are blocked and the internal list of disposable email addresses
It should cover the following verification steps:
1. Block wrong formatted emails E.g. without a domain or the @ symbol
2. Block wrongly entered top level domains
3. Block disposable email addresses (internal list and check against [url removed, login to view]). Disposable e-mail addressing (DEA) refers to an alternative way of sharing and managing e-mail addressing. DEA aims to set up a new, unique e-mail address for every contact or entity, making a point-to-point connection between the sender and the recipient. Subsequently, if anyone compromises the address or utilises it in connection with any e-mail abuse, the address-owner can easily cancel (or "dispose" of) it without affecting any other contact. Following the cancellation or replacement of a disposable e-mail address, the (ex-)owner need notify no more than one person/contact of the change.
4. Block domains and/or subdomains. Using the administration interface a domain (e.g. [url removed, login to view]) or a sub-domain (e.g. [url removed, login to view]) can be blocked
5. Block IPs or IP ranges. Using the administration interface block a single or range of IP addresses
6. Block bots by checking against BotScout database. BotScout helps prevent automated web scripts, known as "bots", from registering on forums, polluting databases, spreading spam, and abusing forms on web sites. They do this by tracking the names, IPs, and email addresses that bots use and logging them for future comparison
7. Perform DNS lookup on email domains.
8. Perform Spamhaus lookup on IP addresses (SBL, XBL)
9. Reject contact submissions containing URLs.
10. Reject contact submissions based on Undisposable, BotScout, StopForumSpam.
11. Reject common users such as info, admin, postmaster, abuse
12. Create a log of all activity - you can see what it is doing: who was blocked, and who was passed.