Re: Verifying E-Mail Addresses
- From: Martin Knafve <martin@xxxxxxxxxxxxxxx>
- Date: Wed, 25 Oct 2006 01:14:36 +0200
> Mister Dookie wrote:
> Hello list,
>
> Is there a way to verify that an e-mail address
> (e.g."johnsmith@xxxxxxxxxxx") is valid and exists or does not exist
> (is a fake e-mail address) without actually sending a message to that
> address and awaiting the response?
Hello,
Short answer:
Both yes and no. Many SMTP servers does this kind of sender address validation to reduce the amount of spam. You can either write a script to do it, or you can buy a piece of software to do it (link below). I'm sure there's free code available to do this as well. There's no way to do it 100% safely though.
Long answer:
You cannot do it using POP3 or SMTP. There's no functionality in these protocols which can be used for this purpose. Also, there's no way for you to know what server to connect to. (You could of course ask the user to enter the host and valid log on credentials for his POP3 server so that you can confirm he exists ;)
Using the SMTP protocol, it can partially be done. The idea is that you should simply connect to the SMTP server which hosts the email for the user, and then ask this email server whether the address is correct or not. Most (?) email servers will be able to tell you if an email address is correct. But there's also many servers which will tell you that an email address is correct, even though it is not.
For example, Hotmails SMTP servers will tell you that all addresses on @hotmail.com are valid, even though they aren't. Microsoft.com's SMTP severs on the other hand will behave the way you want it to, if you ask whether fdsafdas@xxxxxxxxxxxxx exists, and it does not, Microsoft.com's SMTP server will tell you the truth...
When a SMTP server validate the sender e-mail address, this is normally what happens:
1) The SMTP server receives an email from another SMTP server.
2) The Receiving-SMTP server checks who the email is from, for example billg@xxxxxxxxxxxxxx
3) The Receiving-SMTP server does an DNS/MX lookup to determine which host manages email for the senders domain (microsoft.com)
4) The Receiving-SMTP server connects to microsoft.com's SMTP server (mailb.microsoft.com).
5) The Receiving-SMTP tells mailb.microsoft.com that it wants to send an email to billg@xxxxxxxxxxxxxx
6) If Microsofts's SMTP server says OK, the Receiving-SMTP may assume that the address is valid. It then disconnects without sending the message. If mailb.microsoft.com issues an error when you try to send to billg@xxxxxxxxxxxxx, you can probably assume that the address is not valid.
A real example. Say you need to confirm that the addresses billg@xxxxxxxxxxxxx and billgates@xxxxxxxxxxxxx are valid. First, do a DNS/MX lookup for the domain microsoft.com:
C:\Documents and Settings\Username>nslookup
> set type=mx
> microsoft.com
Non-authoritative answer:
microsoft.com MX preference = 10, mail exchanger = mailb.microsoft.com
Then connect to mailb.microsoft.com and ask whether the address exist
C:\Documents and Settings\Username>telnet mailb.microsoft.com 25
RECEIVE: 220 Microsoft ESMTP MAIL Service ready
SEND : helo mail.myhost.com
RECEIVE: 250 mail02.microsoft.com Hello [216.128.26.134]
SEND : MAIL FROM: <>
RECEIVE: 250 2.1.0 Sender OK
SEND : RCPT TO: <billgates@xxxxxxxxxxxxx>
RECEIVE: 550 5.1.1 User unknown
SEND : RCPT TO: <billg@xxxxxxxxxxxxx>
RECEIVE: 250 2.1.5 Recipient OK
You may be able to script the above yourself. But to be able to do this, you need to know pretty good how the SMTP protocol works. (There's a bunch of things which may go wrong and it's good to know which these are). A easier way is probably to use a already existing component for it.
Commercial ones: http://www.componentsource.com/features/xemaila/index.html
BSD-licensed PHP script: http://freshmeat.net/projects/emailaddressvalidationcomponent/
(Note that I haven't tried any of these myself)
Regards,
Martin Knafve
http://hMailServer.com/
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- Verifying E-Mail Addresses
- From: Mister Dookie
- Verifying E-Mail Addresses
- Prev by Date: Re: Username Discovery
- Next by Date: Re: Verifying E-Mail Addresses
- Previous by thread: Re: Verifying E-Mail Addresses
- Next by thread: Re: Verifying E-Mail Addresses
- Index(es):
Relevant Pages
|
|
