blocking other users from registering by using their email

Question

On my site, a user enters his email when creating an account. After submitting the form, a new user row is created in db with the respective email. This row has inactive flag set to True. Next, an activation email is sent to the entered email address so that the user can activate his account and login afterwards using the email and password. There is unique constraint on email in db for login to work correctly.

The problem is that someone can use an email of another person, blocking that other person from ever registering on my site. There already is an (inactive) account with the email that the legit user tries to enter so new user row can't be created. I am not sure how to tackle this problem exactly. It probably has a good solution because the registration scheme I use is pretty standard.

Answer 1

From my view point, I have a solution like that:

When user register with the email. I will generate an unique key (may be user-id) that will attach into the link activate in the email content. When user click to activate account we will get that unique key to update to confirm from user. That solution will help you disable an user following user id instead of disable following the email which can be duplicate.

Hope this help.

Answer 2

U cannot find the person's mail id who misused other's mail id so its not possible to an extent.

Answer 3

You could delete the database entry with the email after some time, if the activation link has not been clicked. Depending on your operating system, you could use cron or systemd timers (Linux) or scheduled tasks (Windows) for that.

For example to execute a MySQL query from cron this question might be helpful.