Joel Maslak wrote:
is not. But there is value in not passing utter garbage to another program (it has a tendency to clog mail queues, if for no other reason) - just make sure you do it right.
I fail to see why you wouldn't be able to throttle any abuse of your webform so it wouldn't clog a mail queue. Besides it's very hard to clog or otherwise overload an MTA, since it's purpose built to handle that kind of thing. I also fail to see why it would be so hard to install an MTA listening on localhost which sole purpose would be to validate email addresses and nothing else. And just dumps any possible outgoing email to /dev/null. If you're afraid of clogging the mail queue then only hand it off to the sending MTA after validation succeeded. But to be honest why would you care? MTAs are purpose made to handle such things. I can't really think of a scenario where validating an email address using a separate service would create such a performance bottleneck. If you have robots flooding your web forms 1000s of times a second (still peanuts for the average MTA) you need to rethink your security and abuse prevention...not your email validation...I would say. :-) People us a separate database instance for database queries, the database server has its own code to validate input. We don't code our own database server as part of the web form handling code. Why not hand of email validation the same way?
Okay, I'll step off the soap box and let the next person holler about how I was wrong about all this!
You're mostly right, but I disagreed about the email validation part. I just don't see a point in re-inventing the wheel when there are perfectly capable free alternatives that can do it for you with no noticeable performance penalty. Greetings, Jeroen -- Earthquake Magnitude: 4.8 Date: Saturday, March 17, 2012 01:49:29 UTC Location: Banda Sea Latitude: -7.0313; Longitude: 123.4175 Depth: 632.60 km