I would like to identify if an email address comes from a public provider or is from an established business. I consider public email addresses to be things such as:
Open email service providers, such as
gmail, hotmail and yahoo.
Anonymization services, such as mailinator or dispostable.
I'm aware that there is no foolproof way to do this, and obviously any list based solution would require constant updates.
Is there a public listing or .NET library that can do this for me?
Are there really that many free webmail providers out there? I would go with a 'blacklisting' style solution.
For example, flag everything in this wikipedia list as free (heck I would think covering gmail/hotmail/yahoo/aol would cover a huge % of users anyway). Then if you get more than 2 (or higher number if your site has high throughput) registrations from the same email domain, it notifies the admin to check the domain to see if it needs to be added to the 'blacklist'.
I would imagine there are much more reliable ways to detect business customers though. For example in Australia you could just ask for an ABN and then check that it's valid. Are you willing to punish small business who don't have email providing and just use a generic #gmail account?
Here is a link to SpamAssasin's freemail list: http://svn.apache.org/repos/asf/spamassassin/trunk/rules/20_freemail_domains.cf.
I suppose, checking against this list is a good start.
You might want to talk to the Better-Business-Bureau ( http://www.bbb.org ) and see if they provide some kind of a feed or API. I had a quick look at their site and couldn't see anything obvious, but it would be this kind of organisation I would head to first if I wanted to find out domain names belonging to established businesses. They do have a form on their site to search by email address ( http://www.bbb.org/us/Find-Business-Reviews/ )
Consider using HubSpot blocked domains list. It is not a guarantee that it is 100% accurate or complete.
They also provide a CSV file that you can download and parse programmatically. Link to CSV file is in the linked page.
I am guessing the ultimate goal is to clean your database from unwanted contacts that will increase the monthly bill. What you can do is the following:
Create a webhook that is triggered whenever a new contact is added.
In that webhook (which can be written in any language), check if the contact is in a blacklist (which is gmail/etc...).
Remove the contact if it is in a blacklist using an API call (you will need to first get the contact ID, which can be easily retrieved using API).
Related
I'm trying to figure out how to let a user redeem a discount/ promo code in Stripe.
Looking at the documentation I think should retrieve the code using PromotionCodeService() so I can then get the discount amount to apply to the subscription, something like
var service = new PromotionCodeService();
service.Get("promo_1HMxuf2eZvKYlo2CmGXSyhRx");
But I cannot seem to get access to that service as I can the ProductService(), CouponService() etc.
Can anyone point me to any example code on where this has been done before, I'm sure it's a common enough thing.
Thanks in advance
Generally the integration would be
you accept some input from the user for the user-facing code they entered
use https://stripe.com/docs/api/promotion_codes/list#list_promotion_code-code to look up the promo code objects related
create the user's subscription and pass PromotionCode in the SubscriptionCreateOptions with the ID of one of the objects(https://stripe.com/docs/billing/subscriptions/discounts/codes#applying-promotion-codes)
But I cannot seem to get access to that service as I can the ProductService(), CouponService() etc
That almost certainly means you're using an old version of the stripe-dotnet library from before when that service was added, so upgrading should fix that. https://github.com/stripe/stripe-dotnet/blob/master/CHANGELOG.md#37290---2020-08-05
We have a web application : C# + SQL 2k5
Different companies send us information, we parse, them, do different things, and come up with a simple list for each of our customers. The list will look the same, but will have different information based on the customer.
They should not have access to each other's data.
We would like to create a page which would be embedded on their own site. I was thinking about using something like an iFrame.
Basically customer ABC would embed on his own abc.com an iframe with a URL (we will give them the parameters needed) and his clients will see our data on his site.
The other customer, lets call him xyz, has an other website xyz.com, will do the same thing, but in the url I should make a difference between them.
I would like to know how is the best, safest way to proceed.
How should I start to build up this page that is going to be embedded.
How should I make a difference between the 2 customers? The only way to get info from them is the parameters they send me, and eventually, I could get the 'parent' of my embedded iFrame, so that might help me restrict xyz to embed using url parameter info to get data from abc. See my dilemma?
Probably a unique identifier for each customer (like a GUID?) will be needed, and they woul dnot know each other's ID ... Or is there a more secure way to do things like this?
Any help would be appreciated.
Thanks
Embed a publically visible unique id in the URL and process this to extract the client id. e.g.
<IFRAME src="http://example.com/1122334455667788aabbcc">
You could check the Request.UrlReferrer to ensure that the request see this answer
However the only safe way of doing this is to provide an authenticated API that the site uses server side to process via a services API (e.g. WCF), or at the very least an authenticated HttpWebRequest; any other way leaves your data only as secure as a publically visible unique id.
Take a look at how one of the credit card processing portals do this (eg WorldPay or Paypal). There are several ways.
At the very least you need provide each customer with a unique ID that they send you.
I have to implement a single signon kind of solution on my website. Let's say my website is www.myweb.com and I want to allow the users to use this site who only come from a site www.sourceweb.com.
I thought URL Referrer would do but in IE may comes null.
See here
Please suggest me some alternate solution.
Thanks,
Gaurav
If you have access to www.sourceweb.com and can modify the source then a possible solution would be:
Create a webservice on www.myweb.com.
Create a link on www.sourceweb.com
When the link is clicked call the webservice to retrieve a unique id.
Redirect the user to www.myweb.com and provide the unique id in the querystring.
On www.myweb.com confirm that the unique id is valid and remove it/mark it as used.
There are many ways to skin a cat, one way in your case would be to set a cookie on the 2nd site, using a pixel gif (1x1 pixel small picture) embedded on a page of the main site. The 2nd site then can later allow access only when the cookie is already set.
To make this secure, you have to add a token to the pixel gif URL, containing a timestamp and signed using a HMAC or something similar establishing a shared secret with the other site. Then you only set the cookie when the timestamp is recent (less than a minute ago) and properly signed.
URL_REFERER is your best bet.
Keep in mind that like most HTTP headers, it is easy to forge and does not have to be provided.
The very short answer. Don't implement this yourself.
Security solutions should not be implemented but bought. The only exception being if you actually develops security solutions for other to buy of course.
Choose one of many available SSO solutions and go with that. We use Microsofts ADFS, though not perfect it gets the job done for us with very little maintance and the only real hazle is for our applications hosted on non-windows platforms like AIX.
There so many chance of screwing things up when you try to implement your own security solutions. If you disagree than just remember than anual contests are held to break the security systems of companies such as Apple,Microsoft,Mozilla and Goggle and most of the years some one takes home the price for breaking each of them.
I know this has been posted before, but never really answered, I'm using the DotNetOpenAuth to try and do GoogleID login, and every time I do details = OResponse.GetExtension<ClaimsResponse>(); I always, always, always get back null, I don't get whats the point of the GoogleID if I can't get back any information, I would think at the very least I would get an email address, so I could associate it other login information in my databse. I just don't understand could really use some help, Im probably just looking at openID in the wrong way.
I'm using ASP.NET and looking to use openID/Facebook as my sole means of logging in users, I really don't want to mess with membership roles, or extra junk that ASP.NET likes to add.
Yes, this has been asked and answered many times. Google does support AX. But it ignores any attributes marked as "optional". So if you want the email address, you have to say that email address is a required attribute.
The ClaimsResponse extension you're checking for isn't AX -- it's Simple Registration. But if you have AXFetchAsSregTransform behavior turned on (highly recommended) then it allows you to just use ClaimsRequest and ClaimsResponse exclusively, and DotNetOpenAuth will automatically translate to and from AX behind-the-scenes for you.
Alternatively, you can use FetchReqest and FetchResponse to speak AX directly to Google.
But (and I can't hammer this hard enough), do not use the email address as the user's unique identifier!!! Instead, use the IAuthenticationResponse.ClaimedIdentifier string as the unique identifier. Email address should generally be considered just a helpful hint that can be used to prefill a registration form. You shouldn't even trust that the email address you get is really under the user's control (that's one reason why it shouldn't be considered their unique id) since the Provider can lie to you. Google and Yahoo are two providers that promise (if you choose to trust them) that the email addresses have been verified, so you can skip the email validation step for users from them if you wish.
It doesn't appear that Google's OpenID server supports AX or sreg.
Well, for my program(s) I'd like to let the user send me an e-mail with any errors. Instead of relying on a forsaken SMTP server, I decided to let the user use his very own e-mail client to send an e-mail to a specified address.
So what I need is:
A sender (should not be changeable) (example: mysupportemail#gmail.com)
An attached file (should not be changeable) (example: "C:\a file.log")
(Optional) A body (changeable)
I hope it is possible!
You can use the mailto command for this. See http://msdn.microsoft.com/en-us/library/aa767737(VS.85).aspx for more information. Some mail clients support attachments on this. See the comments of the MSDN page for some information on this.
The mailto protocol has limitations, such as not being able to specify an attachment (some mail clients support it, but it's not in the official protocol). Your best option is probably to use the MAPISendMail function to let MAPI do the hard work. See this article for details:
Sending files via the default e-mail client
I used this technique in the past, it seems to work perfectly.
Using mailto directly from you application cause potential problems. If you have specified mail account for receive e-mails you can be sure, that someone will use it somehow to sent you spam or thousands unwanted emails. In our company we struggled with this problem many times - at last, we decided to allow our customers to report problems in any other way - web page form.
Now, when customer click 'report problem' this option displays a form for reporting bugs in default web browser. Opened link include some additional information which causing partial fill of the form opened by customer. Now, we have an intermediate layer and absolute control on server side who report problem (ip) and we can limit reporting for specified users. Next advantage of these solution is that you can forward emails to different departments depending on what form fields are marked/filled with.
Well, I have found the perfect solution!
For those who want to see it...
http://social.msdn.microsoft.com/Forums/en/netfxnetcom/thread/a75533eb-131b-4ff3-a3b2-b6df87c25cc8
http://www.eggheadcafe.com/community/aspnet/2/10019665/email-through-gmail-in-c.aspx