• 목록
• 답변
• 글쓰기
• 게시판 리스트 옵션
  • 수정
  • 삭제

- Verifying email and phone contacts

Start verification right after the user submits the form; run an automated check before you store the data.

Email verification workflow

1. 
   
2. Check syntax. Use a regular expression that matches the RFC 5322 standard. A well‑formed address reduces false‑positives by ≈ 30 %.
   
3. Lookup MX records. Query DNS for MX entries. If none exist, discard the address.
   
4. Perform SMTP handshake. Open a connection to the mail server, issue MAIL FROM and RCPT TO commands, and read the response code. A 250 code confirms that the server accepts mail for the address.
   
5. Send a confirmation link. Include a unique token that expires after 24 hours. Record the click event to mark the address as verified.
   
6. Log results. Store timestamps, response codes, and verification status in a separate audit table for future analysis.
   

Phone verification workflow

1. 
   
2. Normalize the number. Strip spaces, dashes, and parentheses; prepend the country code based on ISO 3166‑1.
   
3. Run a carrier lookup. Use an API (e.g., Twilio Lookup) to confirm the number type (mobile, landline, VOIP) and its active status.
   
4. Send a one‑time password (OTP). Deliver a 6‑digit code via SMS. Set the validity window to 5 minutes.
   
5. Validate the OTP. Compare the user‑entered code with the generated value. Record a success flag and timestamp.
   
6. Handle failures. After three unsuccessful attempts, flag the contact for manual review.
   

Best‑practice tips

• 
  
• Cache MX and carrier lookup results for 12 hours to reduce API costs.
  
• Rotate API keys every 30 days; monitor error rates and set alerts at a 2 % failure threshold.
  
• Encrypt verification tokens at rest with AES‑256.
  

Adjusting browser security settings

Set your browser to block third‑party cookies by opening Settings → Privacy → Cookies and selecting "Block third‑party cookies." This prevents hidden trackers from linking verification attempts to unrelated sites.

Activate HTTPS‑only mode: locate the security section, toggle "HTTPS‑only" or "Secure Connection" on, and confirm the change. All pages will request an encrypted link, reducing the risk of credential interception during email or SMS verification.

Adjust pop‑up and script controls for verification services. In the site settings, allow pop‑ups and JavaScript only for the domains you trust (e.g., your email provider’s verification page). This ensures OTP windows appear without exposing other sites to unnecessary scripts.

Review saved passwords and autofill entries once a month. Navigate to the password manager, delete any outdated email or phone credentials, pepeta aviator and disable autofill for fields that handle one‑time codes. Regular cleanup stops accidental leaks when a verification flow asks for personal data.