473,324 Members | 2,239 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

checking if email address is live and real?

There's all kinds of ways to validate an email address to make sure
it's well formed and whatnot, but what about checking to see if it's a
valid e-mail account?
Like how you can use checkdnsrr() to check to see if a URL is valid.

I know finger used to be used at one time, no? But server block finger
requests, and I'm not sure many e-mail accounts out there are even
fingerable type accounts anyway.

Thanks for any suggestions!
Liam

Jul 17 '05 #1
9 4940
*** ne**@celticbear.com wrote/escribió (22 Jun 2005 06:51:59 -0700):
There's all kinds of ways to validate an email address to make sure
it's well formed and whatnot, but what about checking to see if it's a
valid e-mail account?
Like how you can use checkdnsrr() to check to see if a URL is valid.


Generate a random string, send it through email and make user type it back
in the site (for example, making a link). Believe me, there's no other way.

--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--
Jul 17 '05 #2
On Wed, 22 Jun 2005 16:07:04 +0200, Alvaro G Vicario wrote:
*** ne**@celticbear.com wrote/escribió (22 Jun 2005 06:51:59 -0700):
There's all kinds of ways to validate an email address to make sure it's
well formed and whatnot, but what about checking to see if it's a valid
e-mail account?
Like how you can use checkdnsrr() to check to see if a URL is valid.


Generate a random string, send it through email and make user type it back
in the site (for example, making a link). Believe me, there's no other
way.

--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group


They must be a way, MSN did it when I mistyped my email address in
the sign up box it told me straight away that it was invalid and it was
only invalid because I typed a 'd' in place of an 's' in the part before
the @ sign.
Jul 17 '05 #3
*** BearItAll wrote/escribió (Wed, 22 Jun 2005 15:56:42 +0100):
They must be a way, MSN did it when I mistyped my email address in
the sign up box it told me straight away that it was invalid and it was
only invalid because I typed a 'd' in place of an 's' in the part before
the @ sign.


Without sending mail, you can check whether the domain has a valid DNS
entry or even it the server is up and running. It's really hard to check
whether the domain is registered and it's impossible to check whether a
mailbox exists: the VRFY SMTP command is disabled for security/privacy
reasons in many mail servers.

So you can work a lot to create a validation system that offers unreliable
results or you can write a very simple random code system that works 99% of
the time*.
(*) Some mail servers lose mail due to incorrectly configured antispam
systems.

--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--
Jul 17 '05 #4
>Without sending mail, you can check whether the domain has a valid DNS
entry or even it the server is up and running. It's really hard to check
whether the domain is registered and it's impossible to check whether a
mailbox exists: the VRFY SMTP command is disabled for security/privacy
reasons in many mail servers.
If the domain isn't registered, it won't have a MX record or an A
record in DNS. This is easy to check, and it's done every time a
mail server tries to send mail to determine WHERE to send it. I
also suggest you reject as invalid a MX or A record that points to
a bogus IP address (e.g. 127.0.0.1, or an IP in private address
space).

Try to send a bounce message to that email address.
Look up MX server.
HELO my.host.name
MAIL FROM:<>
RCPT TO:<em***@Im.testing>
QUIT
Stop short of actually sending a body. This is what Exim callout
verify does. And note that "VRFY" doesn't appear anywhere in
the conversation. This does have some problems:

(1) FALSE POSITIVE: some servers accept anything during the SMTP
conversation and bounce it later. However, at least you checked
that there IS a server in DNS to send it to. And quite a few
servers do check on the spot.

(2) FALSE NEGATIVE: some servers don't accept bounce messages
(MAIL FROM:<>) at all.

(3) If the server (or various DNS servers) is down at the point you
try the test, you get a temporary failure. Handing back a temporary
failure to a mail server trying to send IN the message (which Exim
callout verify does) is generally not a problem: the sender will
retry. Handing back a temporary failure on a web page is more
likely to be seen as a problem.
So you can work a lot to create a validation system that offers unreliable
results or you can write a very simple random code system that works 99% of
the time*.
The random code system defends against bots, not against people
who enter fake email addresses. How important this is depends
on why you want to check for a valid email address. If the problem
is relay-raping, the random code is a good solution. If you want to
verify that the person can actually RECEIVE email at the address
they gave, sending a confirmation email with a link they need to
click on is fairly effective.[1]
(*) Some mail servers lose mail due to incorrectly configured antispam
systems.


And some mail servers lose mail in the spool when the hard disk has
a head crash.

[1] A few anti-spam systems can be configured to effectively click
on every link in every email to filter the web page as though it
were part of the email, looking for, for example, phishing scams.
How many admins actually do this, I don't know. It seems like
a lot of emails with links to unreachable sites would have the effect
of a denial-of-service-attack on the site doing the filtering.

Gordon L. Burditt
Jul 17 '05 #5
BearItAll wrote:
They must be a way, MSN did it when I mistyped my email address in
the sign up box it told me straight away that it was invalid and it was
only invalid because I typed a 'd' in place of an 's' in the part before
the @ sign.


Was the email address an MSN one? Then they just checked their database.

Cheers,
Nicholas Sherlock
Jul 17 '05 #6
On Wed, 22 Jun 2005 16:13:36 -0000, go***********@burditt.org (Gordon
Burditt) wrote:
(2) FALSE NEGATIVE: some servers don't accept bounce messages
(MAIL FROM:<>) at all.


That's not a false negative. If they deliberately break their config
and ignore RFC requirements, then they should not be allowed to
send/receive e-mail. Their problem ;-)

--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto:ph***@dsv1.co.uk http://w3.z-add.co.uk/ -
Jul 17 '05 #7
*** Gordon Burditt wrote/escribió (Wed, 22 Jun 2005 16:13:36 -0000):
The random code system defends against bots, not against people
who enter fake email addresses.


I someone manages to get a random code sent to a fake e-mail address, I
guess it wouldn't be a problem to use the address for further contact :)

What I said was:

"Generate a random string, send it through email and make user type it back
in the site (for example, making a link)."

You missed my original message and you're thinking about a bot prevention
system, something the original poster never mentioned he needed.
--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--
Jul 17 '05 #8
"Alvaro G Vicario" <al******************@telecomputeronline.com> wrote in
message news:14*****************************@40tude.net...
*** Gordon Burditt wrote/escribió (Wed, 22 Jun 2005 16:13:36 -0000):
The random code system defends against bots, not against people
who enter fake email addresses.
I someone manages to get a random code sent to a fake e-mail address, I
guess it wouldn't be a problem to use the address for further contact :)

What I said was:

"Generate a random string, send it through email and make user type it

back in the site (for example, making a link)."

You missed my original message and you're thinking about a bot prevention
system, something the original poster never mentioned he needed.
--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--


....and don't forget that now alot of people are using those 'temporary'
email addresses to avoid spam themselves. But the problem is that you as a
host/webmaster don't want those addresses. I use an email address as a
username for my business (as they are all unique to each person). I want to
know I can reach that person if needed.

Norm
--
FREE Avatar hosting at www.easyavatar.com
Jul 17 '05 #9
Hello,

on 06/22/2005 10:51 AM ne**@celticbear.com said the following:
There's all kinds of ways to validate an email address to make sure
it's well formed and whatnot, but what about checking to see if it's a
valid e-mail account?
Like how you can use checkdnsrr() to check to see if a URL is valid.

I know finger used to be used at one time, no? But server block finger
requests, and I'm not sure many e-mail accounts out there are even
fingerable type accounts anyway.


This e-mail validation class does exactly what you ask:

http://www.phpclasses.org/emailvalidation
--

Regards,
Manuel Lemos

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/

Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html
Jul 17 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

117
by: Steevo | last post by:
Any suggestions as to the best programs for cloaking email addresses? Many thanks -- Steevo
99
by: Mikhail Teterin | last post by:
Hello! Consider the following simple accessor function: typedef struct { int i; char name; } MY_TYPE; const char *
6
by: Steven Nagy | last post by:
Howdy, I want to write an application, with some functionality that will detect my "Real World" ip address, ie that of my router, as opposed to the actual IP it is running on which is a...
26
by: libsfan01 | last post by:
Hi all! Can anyone show me how to check and email field on a form for the existence of these two characters. Kind regards Marc
16
by: lawrence k | last post by:
I've made it habit to check all returns in my code, and usually, on most projects, I'll have an error function that reports error messages to some central location. I recently worked on a project...
125
by: jacob navia | last post by:
We hear very often in this discussion group that bounds checking, or safety tests are too expensive to be used in C. Several researchers of UCSD have published an interesting paper about this...
10
by: frakie | last post by:
Hi 'body, is there a method to check if a pointer is pointing a freed memory location?
15
by: Florian Lindner | last post by:
Hello, is there a function in the Python stdlib to test if a string is a valid email address? Thanks, florian
3
by: IGD | last post by:
I don't know if this is the right place to post this or not. If not, could someone direct me elsewhere where I would find more information on how to solve my problem? Thanks! My problem is this:...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.