Re: Verifying E-Mail Addresses

Mister Dookie <misterdookie@xxxxxxxxx> said (on 2006/10/24):
Is there a way to verify that an e-mail address
(e.g."johnsmith@xxxxxxxxxxx") is valid and exists or does not exist
(is a fake e-mail address) without actually sending a message to that
address and awaiting the response?

It's a pretty safe bet that any modern email addresses will have an @
sign, and at least a single '.' in the domain part. A valid email domain
must have an MX record or an A record (in DNS).

Very little filtering can be done with the username part of the email. (I
am particularly annoyed by the proliferation of web forms that refuse to
accept +, :, and . as a valid characters in email usernames.) To validate
the username, you have to talk to the destination mail server. If that's
not possible, you'll have to settle for unvalidated emails.

You can get "pretty good" assurance of valid email by just talking to
the destination mail server. Remember SMTP goes something like:
220 mail.example.com Some banner message
HELO myhost.example.com
250 myhost.example.com Nice to meet you
MAIL FROM:<>
250 2.1.0 Proceed
RCPT TO:<testuser@xxxxxxxxxxx>

If at this point the mail server returns 250 2.1.5 (or anything besides
4xx or 5xx really) you have gotten as much assurance as reasonably
possible that the email address is valid. If you get a 550 5.1.1 message
the email is invalid. Once you get your answer, you can just QUIT and no
email is ever sent.

This method is imperfect. Some mail servers refuse to accept MAIL
FROM:<> (even though it's in the RFC). Some domain's name server may
be nonresponsive (like dude.com appears to be :). The server may have
greylisting in effect -- in which case you'll get a 4xx temporary failure
error code that doesn't say whether the user is valid or not. Some mail
servers return 250 no matter whether the user is valid or not. The only
way to be sure is to send them an email and make them prove they received
it -- which you said, is not possible in this situation.



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: Blank Emails
    ... Phonebook or dictionary attack on the mail server. ... number ) to get current lists of valid usernames. ... If the username is rejected, ... The list may then be sold to other spammers. ...
    (alt.computer.security)
  • Re: using Mail::Sender
    ... Offer, everyone, I tried sending an email from a mail server and I got an ... Delivered-To: mailing list beginners@xxxxxxxx ... Surely all you need is a host, username and password? ... If indeed you are using a login method, ...
    (perl.beginners)
  • RE: Remote access denied for users in Active Directory before Exchange
    ... broadband internet connections and we are configuring the mail server ... It is not accepting the username and/or ... trouble authenticating users that were set up in Active Directory ...
    (microsoft.public.exchange.admin)
  • Simple programme - Just want to know whether this is correct way of coding
    ... username = 'username' ... MAILSERVER = MAILSERVER.strip ... print 'Connecting to mail server ', ...
    (comp.lang.python)
  • Re: Cannot change my server o.0 (username and password help)
    ... The problem is not with Windows Mail but with your account on the ... university's mail server. ... and use the username they want but i dont think my password works. ...
    (microsoft.public.windows.vista.mail)