Customer using same domain email to signup

[mm1250]

Hello All,

 

I have an issue that has been cropping up weekly now. Customers that signup for hosting will sometimes use the same domain name email address when they signup. (example: xxx.com and customer uses john@xxx.com to signup) .So what happens is they will get the first 2 emails (invoice and order conf). Than when WHMCS sets up cPanel account, it will than send an email to client with his welcome email. But now the account is on my server so it will attmept to deliver the email to the local account and will always bounceback since the user doesn't exsist, and the client never gets his welcome email.

 

How can we setup a way to restrict the user's email address not to contain the same email as the hosting account they are signing up for?

 

As anyone else get this issue? If so, how do you work around it?

[Lesli]

I put a warning on the sign-up page, reminding clients that if they sign up with an email going to the domain they intend to host with us, they may not receive their initial account email. Then I created a custom client field for a backup email address (those can be at a free service.) This secondary email is used to cc: their welcome email, and to contact them at a later date if we get bounces from their primary email.

 

It's not a perfect workaround - but it does make people stop and think while signing up.

[mm1250]

Has anyone figured a way to get around this by somehow checking the email to make sure the domain doesn't match what they signup on the hosting account. It is starting to get pretty much something that happens every other day. I feel like an idiot having to email the customer using my Yahoo account. There has to be a way to do this, how do all the other large hosts setup this?

[nielsenj]

I basically did the same as above but put the warning right above the email field.

 

It's difficult to override the encoded validation function.

 

The only other work around i could suggest is to create your own registration page in which you validate all the user entered data against your own requirements and then either (1) post the validated information back to the original registration file OR (2) use the API to create the user and then forward them to the next step.

 

With (1) you have the issue of showing all the post variables in the URL, a possible security issue.

 

With (2) you have to figure out what the next step is and how to get to it.

 

With either, you have a ton of work to validate all of the user data against what is required by WHMCS and you have to do the homework to figure out exactly what WHMCS requires as far as formatting etc.

 

PS:

 

I have seen some javascript that can check form variables for validity before submission, but i'm not sure how they work or how you can obtain the information you need or force the user to enter new data. I think you'd have to use AJAX or the like.

 

You could look at IPB or VB or some other software and see how they check validity on the fly for things like usernames. If you own it you should be able to see the entire source and how it's done.

[joe123]

EDIT

nielsenj is quicker and what i wanted to say he said it !

[mm1250]

I was considering using an SMTP server within WHMCS that was not using any of my servers and wouldn't be resolving domains via my DNS servers. Would this be the absolute way to avoid these issues?

[ur]

Doing the validation with some AJAX will cut down on most of these cases. You can custom script an email validation by using a php script to check if a domain accepts mail, by checking for a valid MX or domain. Yes, not perfect, but it will serve this case.

 

Also note that not all email servers have an MX so you need to check A and CNAMEs too. If you only want to check MX, then delete the A an CNAME lines... here's an example:

 

list($user, $host) = split("@", $email);

 

function check_host_mx($host) {

$host=strtolower($host);

if ( @eregi('\.[a-z][a-z]+$', $host ) ) /*customize this if needed*/

{

if(checkdnsrr($host.'.', 'MX') ) return true;

else if(checkdnsrr($host.'.', 'A') ) return true;

else if(checkdnsrr($host.'.', 'CNAME') ) return true;

else return false;

}

return false;

}

[chickendippers]

Aren't we just trying to make sure the email address they enter in the Email Address file isn't the same as the domain name in the cart?

[PPH]

Aren't we just trying to make sure the email address they enter in the Email Address file isn't the same as the domain name in the cart?

That's what I thought this thread started out as. A simple way to make the verification just check that the domain is not for the assount being set up would be great.

 

I would vote for it if someone set this up as a feature request/poll

[nielsenj]

Aren't we just trying to make sure the email address they enter in the Email Address file isn't the same as the domain name in the cart?

 

LOL that's what i thought, i mean.. if they are ordering a new domain then there's no server associated with it to begin with so why would you need to check for ability to recieve mail?

[PPH]

I added a feature request/poll for this option.

 

http://forum.whmcs.com/showthread.php?t=10168

[ask21900]

LOL that's what i thought, i mean.. if they are ordering a new domain then there's no server associated with it to begin with so why would you need to check for ability to recieve mail?

 

That's right but checking for the ability to receive mail takes it one step further.

 

If the domain doesn't have the ability to receive mail, then it could mean that the domain has not propagated yet (it is new), or it could mean that the email was mis-typed. Either way, there is a problem that needs to be resolved.

 

Also, this is one extra step you could take against fraud. This addition would require a working email, even though they could bypass it by using someone else's address.

[chickendippers]

But I think the problem that needs addressing here isn't one of fraud, it's one where the customer enters an email address that doesn't yet exist.

[mm1250]

Hello, this pretty much happens to most of the clients that signup and are transferring from another host. They would signup for my hosting account using the same domain name. but since all my servers are using same DNS it will create the account and quickly bounce the emails via delivering it to he local hosting account. How do the large hosts manage this, from what I can tell they do no validation of email.

[nielsenj]

Alrighty,

 

So i've been playing around with AJAX and i *THINK* i've figured out a way to do this.

 

I just have to add checking for multiple domains in the order and do some more testing.

 

Only issue i can see so far is it only works if the user has Java working.

 

If they don't.. then there's no protection as it would have to be checked upon submission and the only way to do that is to have intermediary code between the signup form and the next WHMCS form which i've done before and is a pain.

 

Anywho, i'll keep you posted, worst case i should have a working version before the end of the week.

[brianoz]

Sounds like a great idea, can't wait to see more details.

 

It's seemed to me for a while that WHMCS should do some bounce processing somehow. It's common for WHMCS messages to bounce and we should be able to track this somehow. Maybe it's as simple as making sure they bounce back to the support queue?

[nielsenj]

Sounds like a great idea, can't wait to see more details.

 

It's seemed to me for a while that WHMCS should do some bounce processing somehow. It's common for WHMCS messages to bounce and we should be able to track this somehow. Maybe it's as simple as making sure they bounce back to the support queue?

 

Not sure really, i have all of my emails sent with the outgoing address of "no-reply", that address is piped into my Kayako installation where it is attached to users emails but doesn't send out a staff notification or auto-reply.

 

It helps if a user complains about not recieving the welcome email as i just bring up their address and it'll show up as a bounce if it was actually bounced.

 

Back on the original topic, the AJAX mod works with WHMCS to prevent users from signing up with any domain in their order. I have to pretty it up a bit though.

 

I'm experimenting with includeing banned domains and possibly already registered domains, both of which are checked upon submit regardless.

[nielsenj]

Here's an update for those of you who are interested.

 

I have created AJAX checking for valid email syntax, domains in the order, domains that are contained in the banned table.

 

The last two items are optional, you can protect against both, one or neither.

 

I'm going to pretty it up a bit (maybe some dynamic images instead of the txt) and now that i've gotten started i'm thinking about AJAXing the entire form.

 

Status text is updated onchange (when they leave the email box).

 

I've tested it with validating on every keystroke, it works fine BUT with banned domain checking enabled it lags for half a second on the TLD part. It's probably worse on slower machines, but it's polling the DB every time you type a key.

 

Tested on IE 7 and FF 2, both work fine.

 

Your feedback would be appreciated.

 

Screens of the various protections can be found here:

 

http://www.mcintegrator.com/downloads/screens/orderemail/

 

Regards,

J

[chickendippers]

That looks spiffing

[Redsign]

Very nice work

[apollo1]

Thank you. Can you post this contrib in the WHMCS Wiki?

http://wiki.whmcs.com/Category:Contributions

[nielsenj]

Thank you. Can you post this contrib in the WHMCS Wiki?

http://wiki.whmcs.com/Category:Contributions

 

Sure, Matt asked me to put my stuff into the Wiki a few days ago.

 

I've only gotten around to one at the moment and i'm holding off on adding the Kayako stuff as Varun is in contact with me about the modifications. I'm hoping those will be added into the official release making my mods uneeded.

 

When i release this (or the full AJAX mod) i'll toss it up on the wiki.