Let's say I have a contact form where a user can enter his email address along with his other contact details. I need to check the validity of Generic top level domain or top level domain of the email address. An example:
scarlet.1992#examplemail.paris
I need to check if .paris is a valid top level domain.
Please refer to this link for the list of domains available, which gives a number around 1200. Storing the domain names in a local table and searching is not an option since new domains are being introduced everyday.
Please let me know if there is any web service or free API available for this, or there is any other way to validate the email address.
The simplest way to find out whether a domain exists is to check whether it has a name server.
Considering that a TLD costs around $100,000 it is very likely that every one that is purchased is in use. Also, if it doesn't have a name server, you can't send anything to it anyway.
Using dig you can run
dig NS +short paris
which will give
h.ext.nic.fr.
d.nic.fr.
g.ext.nic.fr.
f.ext.nic.fr.
whereas
dig NS +short adsfadfs
returns nothing.
There is nothing wrong with storing a list of TLDs locally when you need a quick answer for client-side validation or don't want to consume network resources for a reverse DNS lookup.
Email addresses from newer TLDs are extremely rare for most use cases. I update my list about once per year and find that it's good enough.
Related
in ACM, I always have to register the CNAME record that is provided by ACM. It says that it checks the domain ownership with this CNAME record, but how does it actually check whether the domain I specified in ACM is actually owned by me? Any explanations would be greatful!
In short a certificate authority (such as ACM) will try to resolve the CNAME record for your domain via the public DNS. After that it compares the value it retrieved from the DNS with the value it stored internally, i.e., the value send to you. If they match, your domain is validated.
In layman's terms it tells you a secret and then asks you to display that secret in say a window of your house. After that it drives by your window to check it the displayed secret is correct. If it is, it means you own the house (or at least have access to it).
Best, Stefan
luk2302 explained the idea in the comments already, I'll elaborate a bit.
As you correctly observed, ACM can use DNS validation to confirm ownership of a specific domain.
Ownership in this case is roughly defined as "the ability to make changes to the official DNS records", so it's more like control and not technically ownership.
How do you check if somebody is able to control a domain?
You ask them to set some records on the domain that contain values you have created and later check if these records exists. If they do, they control the domain.
Why does this work?
DNS is a hierarchical distributed database.
A DNS record like stackoverflow.com. (the last dot is intentional, but usually omitted) consists of multiple levels that are read from right to left.
The . on the right denotes the root zone.
The root zone holds all the records directly below it, the so called top level domains (TLDs) like .com, .net or .org.
The nameservers behind the .com TLD hold all the records directly below it, so they know who controls stackoverflow.com..
If you start at the top of the hierarchy and work your way to the bottom, you will find out which servers own a domain.
You could set up your own DNS server and create records for stackoverflow.com, but nobody is going to talk to it and explicitly query it, because it's not part of the hierarchy. You could configure your local DNS-resolver to talk to your own DNS-Server, but Amazon (who verify ownership) won't do that.
I am getting an error when trying to create a new domain for another website. I am a web developer and I host many sites so I need to have a lot of domains. How can I add more domains?
Currently on the Free plan (because my sites don't exceed the limit) however it seems like I need to upgrade... I can't find any limitations at all for domains.
Does any one know what I can do to resolve this issue?
You are correct that the free plan does not allow for custom domains. Once you add a credit card, you will be given 5,000 emails for free and a 3 month trial of the flex plan. This plan allows for up to 5 domains max. If you have more than 5 domains you may want to reach out to the sales team to see about a custom plan, they are able to accomodate adding more domains. Here is a link to the differences between plans.
Once you have upgraded (or added a credit card!), you can add a domain by following these steps:
Inside the Mailgun Control Panel (options displayed down the left-hand side on a dark column), use the following instructions:
First, click on Sending on the left-hand side of your the Mailgun dashboard. Then click the green Add New Domain button. Enter your Domain Name and choose your additional options. The region your domain will reside: US or EU.
Next step is to create DKIM Authority - you would generally leave this checked by default. Then, decide on DKIM Length - a longer DKIM key will make spoofing your emails by malicious spammer more difficult. 1024-bit is selected by default, but 2048-bit can be used as well. Keep in mind that some DNS providers may have an issue with a 2048-bit DKIM keys, as they produce a string longer than 255 characters (exceeding the maximum character limit for a DNS entry). Once your options are set, click Add Domain to save your new domain.
I am attempting to filter out some of the nasty analytics referral traffic. It doesn't touch my site, so htaccess is out.
I have to specifically go into Google to create a filter. I have a few setup already, but am looking to try something new that will hopefully make my exclusion list a bit easier to manage.
I want to block any referral traffic coming from a domain that has seo, traffic, monitize, etc. in it. This would stop about 90% of the referral traffic and would keep excluding sites.
What I currently use is this:
(seomonitizer|trafficseo|seotraffic|trafficmonitizer)\.(com|org|net|рф|eu|co)
It removes each site one by one, but when a new site hits, I have to add it to the list.
I'm not sure what the regex capabilities and limitations are of the Analytics filters, but possibly this may be the foundation, I'm just not sure what goes into the middle.
((?=())\.(?=()))
Thanks
Unfortunately you will have to TO check and add each one of them to your list as they are appearing in your account. To answer your question I use as in the following example:
.*((darodar|priceg|buttons\-for(\-your)?\-website|makemoneyonline|blackhatworth|hulfingtonpost|o\-o\-6\-o\-o|(social|(simple|free|floating)\-share)\-buttons)\.com|econom\.co|ilovevitaly(\.co(m)?)|(ilovevitaly(\.ru))|(humanorightswatch|guardlink)\.org).*
I like to use .co(m)? instead of .com for example
Remember To avoid having ghost referrals currently there are 3 methods.
1) The first one (the one you are using) would be to create a filter that will blacklist all the bad traffic, but there is a limit for the amount of character you can use, so you might end up creating multiple similar filters to cover all the nasty analytics referral traffic. Here is a link with a complete list of bad bots.
2) the second method is to check the box "Exclude all hits from known bots and spiders" in your Google Analytics Account >Property >View
3) Create a hostname Filter following this article steps.
I'm looking for a United States Address Validation web service, as the title says. Also:
I don't need maps
I don't need Geo coding
I do need:
Validation that an address is real
Address parsing
Google's Maps / Bing Maps seemed good, but won't work for me because of these:
Prohibits use if not plotting points on a map image
Low request limits (100,000 / day) for premium account. I need more like 1,000,000 / day
Does Geocoding, which I don't need, which is resource intensive, which means it's slow
Any suggestions?
Maybe USPS?
https://www.usps.com/business/address-management-products.htm
use FedEx's API. They have an API to validate addresses.
Also:
https://webgis.usc.edu/Services/AddressValidation/Default.aspx
You can try Pitney Bowes “IdentifyAddress” Api available at - https://identify.pitneybowes.com/
The service analyses and compares the input addresses against the known address databases around the world to output a standardized detail. It corrects addresses, adds missing postal information and formats it using the format preferred by the applicable postal authority. I also uses additional address databases so it can provide enhanced detail, including address quality, type of address, transliteration (such as from Chinese Kanji to Latin characters) and whether an address is validated to the premise/house number, street, or city level of reference information.
You will find a lot of samples and sdk available on the site and i found it extremely easy to integrate.
You could, in theory, run desktop software and plug into any kind of API it provides, but then you become responsible for things like uptime, data updates, and associated overhead. You may also run into issues with the software threading model--is it multi-threaded or single-threaded software? You don't want to find that out in production.
There are a handful of web services out there that can verify US-based addresses, including the USPS official web service. The USPS one is very limited in the fields that it returns. For example, if you're looking for the "delivery point" which is used to make a full barcode, the USPS API doesn't return that information. I believe the USPS web service also limits the number of queries that you can perform, although I don't remember the exact limit.
A few things that you'll want to look for in a web service include the price (obviously) as well as geo-distribution of their servers. If a company has all of their servers in one location and that data center goes offline (which can and does happen), you're left out in the cold. If they have multiple physical locations, it can help to prevent unnecessary outages. Also, you'll want to make sure that the service call returns all necessary fields as per your requirements--like delivery point code, barcode, and DPV code (which tells you how deliverable an address is).
Lastly, you'll want to determine how you feel about interacting with the company. When you call them on the phone, are they responsive and concerned about your needs? Or are you talking to some front-line person that can't answer questions and is only able to gather information about your company size and revenue so they can evaluate how big of a fish you are and determine which salesman gets to call you back. Can you talk to the engineers that wrote the web service on the phone or via email?
There are a few choices out there and you'll have to choose the one that best fits your requirements and unique situation. Do a Google search to find a list of companies. In the interest of full disclosure, I'm the co-founder of SmartyStreets. We have an address verification web service API called LiveAddress. You're more than welcome to contact me directly with questions on my personal Twitter account or the company Twitter account.
Question
How can you determine if a user is unique or not?
I understand there are many ways to do this using cookies, but what about methods that don't use cookies?
For example, go to Urban Dictionary and click one of the up/down vote buttons. Even if you delete your cookies and come back to the page, you will not be allowed to cast a vote on the same definition.
How do they do this?
Purpose
Eventually, I'd like to use this unique user detection method on a site where users create accounts. New signups are given a type of "reward" and I want to prevent people from creating multiple accounts in order to exploit the reward system.
Ultimately, I don't really care what techniques are used to achieve this. I understand that no method will be 100% reliable. Even preventing this for 70-90% of users with an average computer skill level would satisfy me.
I'm guessing that Urban Dictionary (and other voting sites, such as a variety of image boards) use IP addresses to track visitors. Not 100% fool-proof, but probably pretty good for most of the time.
Note that with many of these sites, you can vote again, usually once per 24 hours (or however long they log IP addresses for).
Some things that will break this scheme: People who know how to spoof IP addersses, NAT routers, proxies (possibly). Another thing: many home ISPs these days use dynamic IP addresses, so the IP address you have right now might be different in a few hours. If you want to force a new IP address, it's usually enough to unplug your high-speed modem for a few minutes then plug it back in. Some routers also have a feature to demand a new IP from the ISP.
Urban Dictionary is probably only allowing one vote per IP. Or they could be taking a browser fingerprint https://panopticlick.eff.org/.
For tracking whether a user has been to your site before, cookies are a probably your best bet
Besides IP address and "normal" cookies, FLASH cookies may be used. FF has an add-on called "BetterPrivacy" that delete those cookies when you exit the browser. But they're less known.
Some use cookies, some force a login/email address, and some track IP address.
As FrustratedWithFormsDesigner alludes to above, if you're not going to use cookies then you've got to use IP addresses. You can combine this with the user-agent, but even that is not infallible.
IP address is commonly used but fallible, as others have said. Note that AOL (and perhaps other ISP's) use shared proxy servers for content-type requests and caching, so that a single user's requests for images may show up to your server as coming from several different IP addresses. Conversely, all AOL users' requests for images will therefore comme from these same IP numbers.