How my new users couldn't create new account
Posted on: 2016-11-01
In the past, when you had your own VPS or server and needed to send email, you had two main options. If you web site was small with low requests you could have the web server send the email directly with Smpt, and if you had something with more volume could just queue the request and have a job doing it. You were mostly independent and could handle when to send the email.
These days, with cloud infrastructure, your web server is doing a single task and sending email is not done through a basic Smpt, but it uses an email service. A very popular one is SendGrid. I am specifying this one because if you are using Microsoft Azure, you have 25k email free per month. An to be honest, their integration is very simple and efficient with a nice C# Api. If you used to just create a new email account in your cPanel and use Smpt, you cannot even find any similitude with Azure -- you must use a third-party tool to send email (or create your own email server in a VM). That said, the point is that you depend on an external service to send email like many other services that you depend on. Your code business develop dependency.
Few time ago, we wanted to send email to the last 15k active users of the old system to welcome them to the version 2 of the system. A webjob queried the last 15k users per login date to get the emails and sent the email with SendGrid. Withing few minutes SendGrid suspended my account. While this is unfortunate because emails for this good news couldn't be sent, what was drastically bad was that any new account couldn't validate their account : a validation link is sent by email. For more than 24 hours no new customer could reach the system.
The reason the account got suspended is that that emails were bouncing. That means that email couldn't reach inbox of user. It can be because the email is invalid, the mailbox is full, the email doesn't exist, the server is down, the message is too big, etc. It's hard to have a valid list of email if initially the system allowed to create without having an email validation. It's also hard if once validated that you allow the user to change without validating again.
SendGrid create a list of all bounced emails. I plan to be pro-active and do a database cleanup of those accounts. A good approach is force user to modify their email on their next login with a validation email to be sent. After x number of weeks, if the user didn't change it, we can delete the account. Regarding any new users, their account is validated on creation, as well when they modify the email in their profile. We allow them to simply be removed from the email list which make them more comfortable to keep their real address in their account.
What could have been done to avoid that situation? This is very hard because their is not way to know if an email is a real one or not without sending at least once. I think a better approach could have been to send in batch of 20 emails every 10 minutes for few days instead of sending 15k emails to SendGrid. I took for granted that the service was dispatching email and throttling them if the request was too big.