I've recently ran into an issue with some new users (some valid and some I think are "playing games" on the site) in which their email is invalid and bounces at registration.
New user accounts that have not replied to their registration email are left in an "awaiting email confirmation" state. If their email that they used bounces, they are still left in this state. Normal users (registered) are changed to the bounced state and no more emails are sent.
And since Xenforo leaves known bounced new user accounts in the awaiting email confirmation status, those accounts can continue to request resends to that email address that is bounced. So, XenForo allows the user to keep sending that, your bounce rate keeps increasing with SES (or whomever you use) because XenForo continues to send out emails to that address (even though SES does not forward them) and your bounce rate continues to climb.
I use Amazon SES and have enabled the suppression list because of this issue that I have noticed. SES doesn't try to send them after they are in the suppression list, but apparently continued send attempts DO count against your bounce ratio (which is NOT good with SES) even though they are not sent out from SES, but ARE sent from your site to SES, affecting your bounce rate.
I was told by support that the not changing from awaiting email confirmation status to a bounced state is "normal behavior".
I'm pretty sure abuse of this is what has caused my bounced rate at SES to go up, because the users keep requesting the BOUNCED email to be resent, and resent, and resent... and if it's a wrong email address, it will keep bouncing, thereby increasing your bounce rate ratio. And I'm also pretty damned sure that an invalid email address will cause MORE issues with confirmation (in addition to increasing your bounce rate when they keep clicking on the Resend confirmation email that has the wrong address that they may not catch) than simply changing that new users status with a known bounced addressed to a bounce status and giving them this (which allows them to continue requesting resends)
instead of this (which stops all email send attempts until the address is changed).
To me, the latter makes more sense EVEN for an awaiting registration confirmation email. It tells them that their email was not able to be delivered instead of saying "hey, you want us to send it to you again" even though the system should know that the email bounced and is not a valid address. As I commented, this is an area that is RIPE for abuse by those with a grudge.
I have "sorta" got around that by modifying the phrase for the awaiting email confirmation section. But this does nothing for the abuse aspect, simply helps those that actually put in a bad address on accident.
Of course, it would be better if XenForo automatically put them in the bounce status so that they got the "update your contact details" by default along with the notice that send attempts had failed (and stopping any further send attempts until it was done)... but that would apparently make to much sense I guess.
Ideally, there would be a new status of something like
So, if you run XenForo, this is one more thing to watch for with it. If I had not been monitoring my bounce rate over at SES, I would have never had noticed it. The accounts that were used all came from the same VPN system, so I've temporarily blocked the ASN for that range at CloudFlare.
New user accounts that have not replied to their registration email are left in an "awaiting email confirmation" state. If their email that they used bounces, they are still left in this state. Normal users (registered) are changed to the bounced state and no more emails are sent.
And since Xenforo leaves known bounced new user accounts in the awaiting email confirmation status, those accounts can continue to request resends to that email address that is bounced. So, XenForo allows the user to keep sending that, your bounce rate keeps increasing with SES (or whomever you use) because XenForo continues to send out emails to that address (even though SES does not forward them) and your bounce rate continues to climb.
I use Amazon SES and have enabled the suppression list because of this issue that I have noticed. SES doesn't try to send them after they are in the suppression list, but apparently continued send attempts DO count against your bounce ratio (which is NOT good with SES) even though they are not sent out from SES, but ARE sent from your site to SES, affecting your bounce rate.
I was told by support that the not changing from awaiting email confirmation status to a bounced state is "normal behavior".
As the account hasn't been confirmed, the state won't be changed to Email invalid (bounced) because it would cause issues with confirmation.
I'm pretty sure abuse of this is what has caused my bounced rate at SES to go up, because the users keep requesting the BOUNCED email to be resent, and resent, and resent... and if it's a wrong email address, it will keep bouncing, thereby increasing your bounce rate ratio. And I'm also pretty damned sure that an invalid email address will cause MORE issues with confirmation (in addition to increasing your bounce rate when they keep clicking on the Resend confirmation email that has the wrong address that they may not catch) than simply changing that new users status with a known bounced addressed to a bounce status and giving them this (which allows them to continue requesting resends)
instead of this (which stops all email send attempts until the address is changed).
To me, the latter makes more sense EVEN for an awaiting registration confirmation email. It tells them that their email was not able to be delivered instead of saying "hey, you want us to send it to you again" even though the system should know that the email bounced and is not a valid address. As I commented, this is an area that is RIPE for abuse by those with a grudge.
I have "sorta" got around that by modifying the phrase for the awaiting email confirmation section. But this does nothing for the abuse aspect, simply helps those that actually put in a bad address on accident.
Of course, it would be better if XenForo automatically put them in the bounce status so that they got the "update your contact details" by default along with the notice that send attempts had failed (and stopping any further send attempts until it was done)... but that would apparently make to much sense I guess.
Ideally, there would be a new status of something like
awaiting confirmation(bounced)
that would give a the awaiting confirmation
notice, but change contact details
link and stop email send attempts to that address.So, if you run XenForo, this is one more thing to watch for with it. If I had not been monitoring my bounce rate over at SES, I would have never had noticed it. The accounts that were used all came from the same VPN system, so I've temporarily blocked the ASN for that range at CloudFlare.