Thanks Viktor for these suggestions. I will reconsider my implementation.
Regards.
Viktor Dukhovni wrote:
On Apr 30, 2020, at 3:27 AM, Walter Peng <pen...@web.de> wrote:
Is there a library existing to validate all those variants to make sure
they are exactly the same account?
Why do you feel you need to do this? What if a user opens multiple Gmail
accounts? Or uses multiple accounts at more than one of Gmail, Hotmail,
Outlook.com, protonmail.ch, ... Or self-hosted personal vanity domains?
You're not supposed to make assumptions about the structure of localpart
addresses in remote domains, it is entirely their prerogative to manage
the namespace in any way they see fit.
To reduce account creation about, charge enough money for each account
to thwart abuse. If registration is free, but you want to monetise
surveillance of each user's interaction with your site, I'm afraid
that doesn't work against users who are sufficiently determined to
keep coming back with a different identity each time. (I'm then also
not sympathetic to your business model, but that's not important).
Nigerian 419 scammers are pretty good at this for example.
