How to Validate Email Address Before Submitting Form

Hi there @generosus !

Thanks for reaching out!

The MailPoet subscription forms do have email address validation. If you type, for instance, anything without “@” or something “@” but without anything after that (e.g. subscriber@) it won’t let the subscriber submit and a warning message like this should show: https://d.pr/i/phJ5OP

Can you please clarify what sort of validation are you looking for?

Hi @guicmazeredo,

I’m not referring to validating the email syntax alone, but also whether the email exists at all (to prevent spamming). So, for example, if you type “[email protected]” in the email field of your form, it still goes through (although I can confirm this is an invalid email address).

Adding an all-encompassing email validation feature to your plugin (apparently, not available at this time) would be awesome.

Here’s what our team uses (“Email validation by third-party API)”, for example, to validate email addresses submitted via our Gravity Forms.

Hope this helps.

Cheers! ??

Hi @generosus !

Thanks for the clarification. This is currently not available in MailPoet, indeed.

From our experience though, ReCaptcha has been very effective in preventing bot attacks with invalid email addresses. It’s true that a legit user could subscribe with typo, but these are exceptional cases.

That said, the functionality you want is not on our roadmap now, but you’re welcome to add it as a suggestion here?https://feedback.mailpoet.com

Our team will take it into account when discussing new features and improvements for the plugin ??

Thank you!

hi @guicmazeredo,

Thanks for that. As stated in my first post above, reCaptcha is not a subsitute for bad actors that spam accounts by using a different (bogus) email address every time. Please try it yourself. reCaptcha will not stop them.

So, implementing a filter (similar to the one below), will help tremendously. The filter can be offered via your documentation (filters) and/or via a toggle in your plugin’s settings (WP Dashboard > MailPoet > Settings > Advanced). (Hint: Add the toggle to the Premium version of your plugin).

The third-party API can be obtained (at no-cost, no credit-card required) from quickemailverification.com. Instructions for obtaining the API are provided here.

Should not be difficult to implement. All you need is to create the hook (‘mailpoet_email_validation‘) and modify the function given below.

I provided the framework for this request, you can now make it happen ??

Cheers!

——————–

add_filter( 'mailpoet_email_validation', function ( $result, $value, $form, $field ) {
    if ( $field->get_input_type() === 'email' && $result['is_valid'] ) {
        $request_url = add_query_arg(
            array(
                'email'  => $value,
                'apikey' => 'your_api_key_here',
            ),
            'https://api.quickemailverification.com/v1/verify'
        );
  
        $response       = wp_remote_get( $request_url );
        $response_json  = wp_remote_retrieve_body( $response );
        $response_array = json_decode( $response_json, 1 );
  
        if ( rgar( $response_array, 'result' ) !== 'valid' ) {
            $result['is_valid'] = false;
            $result['message']  = 'Email is invalid';
        }
    }
  
    return $result;
}, 10, 4 );

Hi @generosus ,

Thanks very much for putting together that code snippet and getting the ball rolling on this potential modification.

In general, we do not want to make MailPoet dependent on a third party website. As QuickEmailVerification could change its terms of service, or even its existence, at any time, this makes our plugin vulnerable to breaking. In addition, an external call like this could be a potential security issue.

I have raised this issue to the attention of our development team for them to have a look but for now, I suspect they will not be able to introduce this feature as-is. But I will let you know if they have any feedback on this potential solution.

In the meantime, please do post this as a feature request on our feature requests board as that is how our development team generally tracks requests for new features, and will signal to them to investigate possible other solutions:
https://feedback.mailpoet.com/feature-requests

In addition, please do ensure you have enabled captcha of some sort on your sign-up form and enable opt-in confirmation via email to ensure bots with fake addresses are not being added to your list.

Hi Lynn,

Thank you for your detailed response. As stated before, I provided the framework for implementing the above feature request. Email validation can be implemented via other tools, functions, and filters that meet your security standards.

If the above cannot be solved by your developers then — as a minimum — it would be appreciated if you can implement the use of Cloudflare Turnstile as an option to reCaptcha. Many have requested this feature (via this platform and your feature request site), but nothing has been done. With Cloudflare Turnstile, plugin users can control and manage better the security of their Sign-Up forms created with your plugin. Google reCaptcha is antiquated and is quickly being replaced or favored by all other major forms and newsletter plugins.

Again, thank you. I look forward to Team Mailpoet implementing one (or both) of the above.

Adding to my previous comment, please take a look a this comprehensive comparison between Cloudflare Turnstile and Google reCAPTCHA. Cloudflare Turnstile is the way to go!

Cheers!

Hi again @generosus,

Thanks for this additional feedback and ideas. I’ve highlighted them to the development team as well, and they are taking an active look at these ideas.

The dev team will consider but will be balancing this request with many other customer needs and other business factors, so we cannot promise any specific ETA for introducing this feature.

Please continue to watch the release notes for our plugin to determine if or when this feature is added.

Thank you, Lynn! You won’t regret it ??