I'm designing the user registration system for a new website. To get me going in the right direction, I want advice on a specific part of this system: detecting bounced confirmation emails.
This website will be running on a virtual hosting account that has a cPanel-type installation.
Here is my plan so far:
Write a PHP script that is run nightly by crontab. This PHP script connects to the POP or IMAP account where bounces would be received, and reads all messages. For each message, the script searches for an email address inside < > brackets near the top of the message body. The script also looks for the confirmation code that was included in the original message. If such a message is positively identified, the pending registration would be cleaned out of the database.
Things I am concerned about:
I am sending out the confirmation mails using PHP and the localhost SMTP server. Can I assume that the SMTP server will accept all mails and any errors would be received as bounces? If not, which SMTP errors should I look for? (for example, would a malformed TO: address generate a bounce, or an SMTP error instead?)
The POP or IMAP account for bounces is probably going to receive non-bounce mails sooner or later. What can I do to ensure that most bounces are handled, and most spam is ignored?
Do email bounces always include the original message's body? If not, what is the best way to authenticate incoming bounces? Obviously, I do not want to blindly delete user accounts based on incoming emails. If this procedure gets implemented in other ways (newsletters, for example), then I need to know what risks are involved in automatic bounce processing, generally.
Also, I've seen information about forwarding mail directly to a PHP script. This sounds cool but seems impractical in a virtual host account because I think the CGI version of PHP is running the crons. I think. :)
Guidance greatly appreciated.