September 04, 2011

How to ban Gmail dot and plus trick on registration

For gmail users, Somerandomguy@gmail.com is same as Somerandomguy+mybox@gmail.com or Somerandomguy+anything@gmail.com or Some.random.guy@gmail.com.

Although, this feature is there for user's convenience but some cunning people use this for multiple reregistration on a site usually to carry out large scale spamming.

This small snippet can be used to stop users from using plus and dot operator trick for Gmail and hence stop multiple registrations for a single email address.


  • $email = "Somerandomguy+mybox@gmail.com";
  • if(filter_var($email,FILTER_VALIDATE_EMAIL)){
  •         $email_broken = explode('@',strtolower($email));
  •         if($email_broken[1]=='gmail.com'){
  •                 $mail_without_dot = str_replace('.','',$email_broken[0]).'@'.$email_broken[1];
  •                 $mail_without_plus = preg_replace('@\+.*$@','',$email_broken[0]).'@'.$email_broken[1];
  •         }
  • }

After this, you'll have two variables $mail_without_dot and $mail_without_plus that you can use in simple SQL queries to see if a user has already used that gmail address for registering.

No comments:

Post a Comment