wordpress 邮件
Spammers are everywhere, they use automated software that crawls the web in search of websites (such WordPress sites) with the aim of submitting and registering hundreds and thousands of accounts and spam comments.
垃圾邮件发送者无处不在,他们使用自动化软件对网络进行爬网以搜索网站(例如WordPress网站),目的是提交和注册成千上万的帐户和垃圾邮件评论。
On one of my WordPress powered sites, I discovered over 50 newly registered spam accounts, all created with disposable email addresses. To prevent a re-occurrence, I had to create a plugin that prevented the registration of accounts with disposable email addresses.
在一个由WordPress驱动的网站上,我发现了50多个新注册的垃圾邮件帐户,这些帐户都是使用一次性电子邮件地址创建的。 为了防止再次发生,我必须创建一个插件,以防止使用一次性电子邮件地址注册帐户。
In this tutorial, we’ll learn the meaning of disposable email addresses, how they work and finally, how they can be stopped in a PHP application – albeit with focus on WordPress.
在本教程中,我们将学习一次性电子邮件地址的含义,它们的工作方式,最后,如何在PHP应用程序中停止它们-尽管只关注WordPress。
DEA, an acronym for Disposable Email Address (sometimes referred to as throw-away, temporary email or self-destructive email), is a service that allows a registered user to receive email at a temporary address that expires after a certain time period lapses. Simply put, they are email accounts created to accomplish a short-term goal.
DEA是“一次性电子邮件地址”(有时称为“一次性电子邮件”,“临时电子邮件”或“自毁电子邮件”)的缩写,是一项服务,它允许注册用户使用在一定时间段后到期的临时地址接收电子邮件。 简而言之,它们是为实现短期目标而创建的电子邮件帐户。
Examples of disposable email providers include: mailinator.com, YOPmail.com, trashmail.com, and many more.
一次性电子邮件提供商的示例包括: mailinator.com , YOPmail.com , trashmail.com 等 。
The original intent behind disposable email addresses is to protect oneself from untrusted websites, typically to avoid spam.
一次性电子邮件地址背后的初衷是为了保护自己免受不受信任的网站的侵害,通常是为了避免垃圾邮件。
Wikipedia has a great explanation why disposable emails are – should I say bad or ugly?
Wikipedia很好地解释了为什么一次性电子邮件是–我应该说是不好还是很丑?
Many forum and wiki administrators dislike DEAs because they obfuscate the identity of the members and make maintaining member control difficult. As an example, trolls, vandals and other users that may have been banned may use throwaway email addresses to get around the ban. Using a DEA provider only makes this easier; the same convenience with which a person may create a DEA to filter spam also applies to trolls. As a result, forum, wiki administrators, blog owners, and indeed any public site requiring user names may have a compelling reason to ban DEAs.
许多论坛和Wiki管理员不喜欢DEA,因为它们混淆了成员的身份并使维护成员控制变得困难。 例如,可能被禁止的巨魔,破坏者和其他用户可能会使用一次性电子邮件地址来解决该禁令。 使用DEA提供程序只会使此过程更容易。 人们可以创建DEA来过滤垃圾邮件的便利同样适用于巨魔。 结果,论坛,Wiki管理员,博客所有者以及实际上需要用户名的任何公共站点都可能有令人信服的理由禁止DEA。
Because spammers can use disposable emails to perpetrate their evil activities, we really need to give serious thought to how we can stop DEAs.
由于垃圾邮件发送者可以使用一次性电子邮件进行其邪恶活动,因此我们确实需要认真考虑如何阻止DEA。
There is no algorithm (to the best of my knowledge) for detecting if an email is disposable or not.
据我所知,没有算法可以检测电子邮件是否为一次性邮件。
To detect a disposable email address: – Firstly, you will have to create and maintain a list/database of disposable email domains. – Check if the domain part of the email (e.g. in “hi@trashmail.com”, “trashmail.com” is the domain part) is in the database.
要检测一次性电子邮件地址:–首先,您必须创建和维护一次性电子邮件域的列表/数据库。 –检查电子邮件的域部分(例如,在“ hi@trashmail.com”中,“ trashmail.com”是域部分)是否在数据库中。
Below is a PHP function that accepts an email address as an argument and return true if it is disposable or false otherwise.
下面是一个PHP函数,该函数接受一个电子邮件地址作为参数,如果是一次性的,则返回true,否则返回false。
<?php /** * Check if an email is disposable or not. * * @param $email string email to check * * @return bool */ function detect_disposable_email( $email ) { $disposable_list = array( 'drdrb.net', 'upliftnow.com', 'uplipht.com', 'venompen.com', 'veryrealemail.com', 'viditag.com', 'viewcastmedia.com', 'viewcastmedia.net', 'viewcastmedia.org', 'gustr.com', 'webm4il.in', 'wegwerfadresse.de', 'wegwerfemail.de', 'wetrainbayarea.com', 'wetrainbayarea.org', 'wh4f.org', 'whyspam.me', 'willselfdestruct.com', 'winemaven.in', 'wronghead.com', 'wuzup.net', 'wuzupmail.net', 'www.e4ward.com', 'www.gishpuppy.com', 'www.mailinator.com', 'wwwnew.eu', 'xagloo.com', 'xemaps.com', 'xents.com', 'xmaily.com', 'xoxy.net', 'yep.it', 'yogamaven.com', 'yopmail.fr', 'yopmail.net', 'ypmail.webarnak.fr.eu.org', 'yuurok.com', 'zehnminutenmail.de', 'zippymail.in', 'zoaxe.com', 'zoemail.org', 'inboxalias.com', 'koszmail.pl', 'tagyourself.com', 'whatpaas.com', 'emeil.in', 'azmeil.tk', 'mailfa.tk', 'inbax.tk', 'emeil.ir', 'crazymailing.com', 'mailimate.com' ); //extract domain name from email $domain = array_pop( explode( '@', $email ) ); if ( in_array( $domain, $disposable_list ) ) { return true; } else { return false; } } //extract domain name from email $domain = array_pop( explode( '@', $email ) ); if ( in_array( $domain, $disposable_list ) ) { return true; } else { return false; } }The numbers of disposable email providers are increasing by the day, thus making it impossible to easily keep our list of DEAs updated.
一次性电子邮件提供商的数量每天都在增加,因此无法轻松地更新我们的DEA列表。
There exist a number of services that keep an updated list of disposable emails and also exposes an API for detecting them, such as NameAPI and block-disposable-email.com. We’ll be using the latter in coding a plugin that will block users trying to create an account with a disposable email in WordPress.
存在许多服务,这些服务保留可抛弃电子邮件的更新列表,并公开用于检测它们的API,例如NameAPI和block-disposable-email.com 。 我们将使用后者来编码一个插件,该插件将阻止用户尝试使用WordPress中的一次性电子邮件创建帐户。
As previously mentioned, we will use block-disposable-email.com. Before we delve into the plugin development, register an account at the site with a non-disposable email (of course) to grab a free API key.
如前所述,我们将使用block-disposable-email.com 。 在我们深入研究插件开发之前,请在站点上注册一个具有非一次性电子邮件的帐户(当然),以获取免费的API密钥 。
Note: the free account comes with a limitation of up to 200 requests per month. To increase the quota, see the pricing page.
注意:免费帐户每个月最多可限制200个请求。 要增加配额,请参阅定价页面 。
With that said, let’s begin the plugin development.
话虽如此,让我们开始插件开发。
First off, include the plugin header.
首先,包括插件头。
<?php /* Plugin Name: Stop Disposable Email Sign-ups Plugin URI: https://www.sitepoint.com Description: Stop users from registering a WordPress account with disposable emails. Version: 1.0 Author: Agbonghama Collins Author URI: http://w3guy.com License: GPL2 */Create a PHP class with a properties that will store the API key.
创建一个具有将存储API密钥的属性PHP类。
class Stop_Disposable_Email { /** @type string API key */ static private $api_key = 'd619f9ad24052ad785d1edf65bbd33b4';The class constructor method will consist of a filter that hooks a method (stop_disposable_email_signup) to registration_errors to validate the email address and ensure it isn’t disposable.
类构造函数方法将由一个过滤器组成,该过滤器将一个方法( stop_disposable_email_signup ) stop_disposable_email_signup到registration_errors上,以验证电子邮件地址并确保该地址不是可使用的。
public function __construct() { add_filter( 'registration_errors', array( $this, 'stop_disposable_email_signups' ), 10, 3 ); }Next we use a helper is_email_disposable() method that will send a GET request to the block-disposable-email.com API via wp_remote_get using the WordPress HTTP API to check the status of the email – that is, if it is disposable or not.
接下来,我们使用一个辅助方法is_email_disposable()方法,该方法将使用WordPress HTTP API通过wp_remote_get将GET请求发送到block-disposable-email.com API,以检查电子邮件的状态-即是否可处理。
/** * Check if an email is disposable or not. * * @param $email string email to check * * @return bool true if disposable or false otherwise. */ public static function is_email_disposable( $email ) { // get the domain part of the email address // e.g in hi@trashmail.com, "trashmail.com" is the domain part $domain = array_pop( explode( '@', $email ) ); $endpoint = 'http://check.block-disposable-email.com/easyapi/json/' . self::$api_key . '/' . $domain; $request = wp_remote_get( $endpoint ); $reponse_body = $body = wp_remote_retrieve_body( $request ); $response_in_object = json_decode( $reponse_body ); $domain_status = $response_in_object->domain_status; if ( $response_in_object->request_status == 'success' ) { if ( $domain_status == 'block' ) { return true; } elseif ( $domain_status == 'ok' ) { return false; } } }Here is the code for stop_disposable_email_signups() that will stop users of disposable email addresses from creating an account.
这是stop_disposable_email_signups()的代码,该代码将阻止一次性电子邮件地址的用户创建帐户。
/** * Stop disposable email from creating an account * * @param $errors WP_Error Registration generated error object * @param $sanitized_user_login string sign-up username * @param $user_email string sign-up email * * @return mixed */ public function stop_disposable_email_signups( $errors, $sanitized_user_login, $user_email ) { if ( self::is_email_disposable( $user_email ) ) { $errors->add( 'disposable_email', '<strong>ERROR</strong>: Email is disposable, please try another one.' ); } return $errors; }Finally, we close the plugin class.
最后,我们关闭插件类。
} // Stop_Disposable_EmailI created a class property and manually added my block-disposable-email.com API key to it. Ideally, a settings page for the plugin should have been created with a form field that will save the key to the database for reuse by the plugin.
我创建了一个类属性,并手动向其添加了block-disposable-email.com API密钥。 理想情况下,应该为插件设置页面创建一个带有表单字段的表单,该表单字段会将密钥保存到数据库以供插件重复使用。
Let’s make this an assignment for you. This is one way on how you might do this.
让我们为您分配一项任务。 这是您如何执行此操作的一种方法。
Create a settings page for the plugin with an input field that will save the key to the database, here is a great guide.
使用输入字段为插件创建一个设置页面,该页面会将密钥保存到数据库, 这是一个很好的指南 。
Retrieve the API key from the database with get_option function and use that instead.
使用get_option函数从数据库中检索API密钥,并改用它。
In this article, we learned the meaning of DEAs, modus-operandi and the good, the bad and the ugly of disposable email address systems. We learned how DEAs can be stopped, and finally created a plugin for stopping users from registering an account with a disposable email address in a WordPress powered site.
在本文中,我们了解了DEA,modus-operandi以及一次性电子邮件地址系统的好,坏和丑陋的含义。 我们了解了如何停止DEA,并最终创建了一个插件,用于阻止用户在WordPress支持的站点中使用可丢弃的电子邮件地址注册帐户。
The plugin is available on GitHub in case you want to use it on your site or further extend it.
该插件可在GitHub上使用,以备您在网站上使用或进一步扩展。
If you have any questions or contributions, please let us know in the comments.
如果您有任何疑问或贡献,请在评论中告知我们。
翻译自: https://www.sitepoint.com/stop-the-use-of-disposable-email-addresses-in-wordpress/
wordpress 邮件