History:Email Verification Feature

From MusicBrainz Wiki

This page described a possible new server feature.

Aims:

  • (1) to automatically stop sending mail to an address when that address goes bad (i.e. when messages bounce)
  • (2) to periodically require users to re-verify their address

The implication of (2) is that if the user doesn't re-verify their address in time, it will be disabled (see below).

Assume that the fate of each email is exactly one of bounced/not-received/ignored/read. (2) verifies that, at least for the verification emails, they are "read". (1) is to verify that "not too many" emails get "bounced".

You could argue that (2) makes (1) redundant; if you assume that all emails sent to any given address meet the same fate (e.g. they all bounce, or they all get read), then (2) verifies that the answer is "read", therefore bounce detection is not needed. However it's likely that (2) will probably ask users to re-verify maybe once every 6 months, whereas it's probably desirable that (1) disables a dead address much quicker than that.

Periodic re-verification

  • add to user table:
    • email_expiry_date (when the email address listed on this record will expire)
    • email_last_verify_sent (the last time we sent a verification email for this address)

Start by setting email_expiry_date of all users (with non-blank email addresses) to: MAX(1 month from now, (signup date + 6 months)). email_last_verify_sent will be null.

Whenever the click back occurs and the address is written to the user's record), set email_expiry_date to now + 7 months.

Whenever a verification email is sent, if the target address matches the existing stored email address (i.e. we are re-verifying their existing address), update email_last_verify_sent to now.

Nightly (?) cron job:

  • expiry:
    • based on moderator where email != '' and email_expiry_date < now
    • send email to user telling them that the address is being removed from their profile
    • similar message to the system notice board? (see http://bugs.musicbrainz.org/ticket/3583)
    • remove email from profile? Or keep, and make sure the address is only used if not expired?
  • re-verification emails:
    • based on moderator where datesub(email_expiry_date - NOW)<'1 month' and datesub(now-email_last_verify_sent)>'160 hours' # just under one week
    • send re-verification email to user; maybe various forms of wording such as:
      • if you don't verify within N days, the email address will be removed from your profile (possibly with more urgent wording as N gets smaller)
    • set email_last_verify_sent to now

Removal of dead addresses

Much harder. Would need to be based on handling incoming bounces (i.e. use unique encoded sender address?).

Could configure local (www server's) MTA to not verify RCPT, i.e. instead of rejecting RCPT just bounce the message (therefore avoiding duplicated code).

However this is likely to be problematic - see Mailman.