Confirm user has entered a real email address

[alexhaydock]

For example: https://www.blocked.org.uk/control/ispreports/BT-Strict/http://whitehouse.com

I don't know how strict we want to be in terms of ensuring reports can/can't be submitted anonymously but either way I suppose it's not that helpful to allow people to submit malformed or garbage addresses in the email field.

[dantheta]

We already do :) The first time a report is sent by a user with a particular email address, the user is sent a validation link by email.
Their reports won't be sent until the validation link is clicked.

The reports will stay at the "awaiting user validation" stage for up to

days before the report is cancelled. This isn't completely bulletproof (self-destructing anonymizing forwarders, etc). There's probably still room for some regex validation and helpful UX, but deliverability is the primary test.

[JimKillock]

From your POV @alexhaydock, these can be ignored as they aren't sent off as @dantheta says. Perhaps it needs to be flagged on the admin pages that these reviews are not relevant?

[alexhaydock]

Ah that makes sense. Thanks for the confirmation. I suppose now that I understand the "Cancelled" status a bit more it's probably not necessary to add a specific UX element to indicate reports that can be safely ignored, but it may be useful for future users.

[dantheta]

I've started to add filter tabs at the top of the ISP report listing to show relevant subsets of the reports table; this is one of the use cases I had in mind, and should get added soon.

[dantheta]

I've spun off another ticket for catching obviously syntactically invalid email addresses and checking with the user. I don't think there's anything to do for this issue.