473,573 Members | 2,853 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

checking if email address is live and real?

There's all kinds of ways to validate an email address to make sure
it's well formed and whatnot, but what about checking to see if it's a
valid e-mail account?
Like how you can use checkdnsrr() to check to see if a URL is valid.

I know finger used to be used at one time, no? But server block finger
requests, and I'm not sure many e-mail accounts out there are even
fingerable type accounts anyway.

Thanks for any suggestions!
Liam

Jul 17 '05 #1
9 4959
*** ne**@celticbear .com wrote/escribió (22 Jun 2005 06:51:59 -0700):
There's all kinds of ways to validate an email address to make sure
it's well formed and whatnot, but what about checking to see if it's a
valid e-mail account?
Like how you can use checkdnsrr() to check to see if a URL is valid.


Generate a random string, send it through email and make user type it back
in the site (for example, making a link). Believe me, there's no other way.

--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--
Jul 17 '05 #2
On Wed, 22 Jun 2005 16:07:04 +0200, Alvaro G Vicario wrote:
*** ne**@celticbear .com wrote/escribió (22 Jun 2005 06:51:59 -0700):
There's all kinds of ways to validate an email address to make sure it's
well formed and whatnot, but what about checking to see if it's a valid
e-mail account?
Like how you can use checkdnsrr() to check to see if a URL is valid.


Generate a random string, send it through email and make user type it back
in the site (for example, making a link). Believe me, there's no other
way.

--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group


They must be a way, MSN did it when I mistyped my email address in
the sign up box it told me straight away that it was invalid and it was
only invalid because I typed a 'd' in place of an 's' in the part before
the @ sign.
Jul 17 '05 #3
*** BearItAll wrote/escribió (Wed, 22 Jun 2005 15:56:42 +0100):
They must be a way, MSN did it when I mistyped my email address in
the sign up box it told me straight away that it was invalid and it was
only invalid because I typed a 'd' in place of an 's' in the part before
the @ sign.


Without sending mail, you can check whether the domain has a valid DNS
entry or even it the server is up and running. It's really hard to check
whether the domain is registered and it's impossible to check whether a
mailbox exists: the VRFY SMTP command is disabled for security/privacy
reasons in many mail servers.

So you can work a lot to create a validation system that offers unreliable
results or you can write a very simple random code system that works 99% of
the time*.
(*) Some mail servers lose mail due to incorrectly configured antispam
systems.

--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--
Jul 17 '05 #4
>Without sending mail, you can check whether the domain has a valid DNS
entry or even it the server is up and running. It's really hard to check
whether the domain is registered and it's impossible to check whether a
mailbox exists: the VRFY SMTP command is disabled for security/privacy
reasons in many mail servers.
If the domain isn't registered, it won't have a MX record or an A
record in DNS. This is easy to check, and it's done every time a
mail server tries to send mail to determine WHERE to send it. I
also suggest you reject as invalid a MX or A record that points to
a bogus IP address (e.g. 127.0.0.1, or an IP in private address
space).

Try to send a bounce message to that email address.
Look up MX server.
HELO my.host.name
MAIL FROM:<>
RCPT TO:<em***@Im.te sting>
QUIT
Stop short of actually sending a body. This is what Exim callout
verify does. And note that "VRFY" doesn't appear anywhere in
the conversation. This does have some problems:

(1) FALSE POSITIVE: some servers accept anything during the SMTP
conversation and bounce it later. However, at least you checked
that there IS a server in DNS to send it to. And quite a few
servers do check on the spot.

(2) FALSE NEGATIVE: some servers don't accept bounce messages
(MAIL FROM:<>) at all.

(3) If the server (or various DNS servers) is down at the point you
try the test, you get a temporary failure. Handing back a temporary
failure to a mail server trying to send IN the message (which Exim
callout verify does) is generally not a problem: the sender will
retry. Handing back a temporary failure on a web page is more
likely to be seen as a problem.
So you can work a lot to create a validation system that offers unreliable
results or you can write a very simple random code system that works 99% of
the time*.
The random code system defends against bots, not against people
who enter fake email addresses. How important this is depends
on why you want to check for a valid email address. If the problem
is relay-raping, the random code is a good solution. If you want to
verify that the person can actually RECEIVE email at the address
they gave, sending a confirmation email with a link they need to
click on is fairly effective.[1]
(*) Some mail servers lose mail due to incorrectly configured antispam
systems.


And some mail servers lose mail in the spool when the hard disk has
a head crash.

[1] A few anti-spam systems can be configured to effectively click
on every link in every email to filter the web page as though it
were part of the email, looking for, for example, phishing scams.
How many admins actually do this, I don't know. It seems like
a lot of emails with links to unreachable sites would have the effect
of a denial-of-service-attack on the site doing the filtering.

Gordon L. Burditt
Jul 17 '05 #5
BearItAll wrote:
They must be a way, MSN did it when I mistyped my email address in
the sign up box it told me straight away that it was invalid and it was
only invalid because I typed a 'd' in place of an 's' in the part before
the @ sign.


Was the email address an MSN one? Then they just checked their database.

Cheers,
Nicholas Sherlock
Jul 17 '05 #6
On Wed, 22 Jun 2005 16:13:36 -0000, go***********@b urditt.org (Gordon
Burditt) wrote:
(2) FALSE NEGATIVE: some servers don't accept bounce messages
(MAIL FROM:<>) at all.


That's not a false negative. If they deliberately break their config
and ignore RFC requirements, then they should not be allowed to
send/receive e-mail. Their problem ;-)

--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto:ph***@ds v1.co.uk http://w3.z-add.co.uk/ -
Jul 17 '05 #7
*** Gordon Burditt wrote/escribió (Wed, 22 Jun 2005 16:13:36 -0000):
The random code system defends against bots, not against people
who enter fake email addresses.


I someone manages to get a random code sent to a fake e-mail address, I
guess it wouldn't be a problem to use the address for further contact :)

What I said was:

"Generate a random string, send it through email and make user type it back
in the site (for example, making a link)."

You missed my original message and you're thinking about a bot prevention
system, something the original poster never mentioned he needed.
--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--
Jul 17 '05 #8
"Alvaro G Vicario" <al************ ******@telecomp uteronline.com> wrote in
message news:14******** *************** ******@40tude.n et...
*** Gordon Burditt wrote/escribió (Wed, 22 Jun 2005 16:13:36 -0000):
The random code system defends against bots, not against people
who enter fake email addresses.
I someone manages to get a random code sent to a fake e-mail address, I
guess it wouldn't be a problem to use the address for further contact :)

What I said was:

"Generate a random string, send it through email and make user type it

back in the site (for example, making a link)."

You missed my original message and you're thinking about a bot prevention
system, something the original poster never mentioned he needed.
--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--


....and don't forget that now alot of people are using those 'temporary'
email addresses to avoid spam themselves. But the problem is that you as a
host/webmaster don't want those addresses. I use an email address as a
username for my business (as they are all unique to each person). I want to
know I can reach that person if needed.

Norm
--
FREE Avatar hosting at www.easyavatar.com
Jul 17 '05 #9
Hello,

on 06/22/2005 10:51 AM ne**@celticbear .com said the following:
There's all kinds of ways to validate an email address to make sure
it's well formed and whatnot, but what about checking to see if it's a
valid e-mail account?
Like how you can use checkdnsrr() to check to see if a URL is valid.

I know finger used to be used at one time, no? But server block finger
requests, and I'm not sure many e-mail accounts out there are even
fingerable type accounts anyway.


This e-mail validation class does exactly what you ask:

http://www.phpclasses.org/emailvalidation
--

Regards,
Manuel Lemos

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/

Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
Jul 17 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

117
11775
by: Steevo | last post by:
Any suggestions as to the best programs for cloaking email addresses? Many thanks -- Steevo
99
5070
by: Mikhail Teterin | last post by:
Hello! Consider the following simple accessor function: typedef struct { int i; char name; } MY_TYPE; const char *
6
3181
by: Steven Nagy | last post by:
Howdy, I want to write an application, with some functionality that will detect my "Real World" ip address, ie that of my router, as opposed to the actual IP it is running on which is a 192.168.1.x address. So the .NET app needs to some how find out what real world IP address it is running on. There are web pages (such as...
26
2694
by: libsfan01 | last post by:
Hi all! Can anyone show me how to check and email field on a form for the existence of these two characters. Kind regards Marc
16
2598
by: lawrence k | last post by:
I've made it habit to check all returns in my code, and usually, on most projects, I'll have an error function that reports error messages to some central location. I recently worked on a project where someone suggested to me I was spending too much time writing error messages, and that I was therefore missing the benefit of using a scripting...
125
6508
by: jacob navia | last post by:
We hear very often in this discussion group that bounds checking, or safety tests are too expensive to be used in C. Several researchers of UCSD have published an interesting paper about this problem. http://www.jilp.org/vol9/v9paper10.pdf Specifically, they measured the overhead of a bounds
10
8283
by: frakie | last post by:
Hi 'body, is there a method to check if a pointer is pointing a freed memory location?
15
3364
by: Florian Lindner | last post by:
Hello, is there a function in the Python stdlib to test if a string is a valid email address? Thanks, florian
3
8932
by: IGD | last post by:
I don't know if this is the right place to post this or not. If not, could someone direct me elsewhere where I would find more information on how to solve my problem? Thanks! My problem is this: I am writing an application for work. This application sends a basic html email via SMTP to a group. In this group are individual people's emails,...
0
7679
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7996
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8191
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7760
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8049
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6392
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
5284
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3723
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2185
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.