Page 1 of 1

Verifying Email Recipient

Posted: Mon Jan 03, 2005 6:48 pm
by myleow
What i know so far is to use a Regular Expression and getmxrr to check the Validity of an email address.

I noticed that getmxrr is not enough because some home servers would forget to register MX Record and that would return an error.

Anyway could anyone give instruction or point me to any resource that would allow me to verify the actual recipient of an email? This is normally done from communicating with the email server and if it returns a 550 then the mailbox does not exists. 250 is ok.

I have seen these but not sure how to implement it in PHP.

here is an example of what i am talking about
Connected to host: mc6.law1.hotmail.com
< 220 mc6-f6.hotmail.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Tue, 23 Dec 2003 07:30:49 -0800
> HELO xxx-xxx.pacbell.net
< 250 mc6-f6.hotmail.com Hello [xx.xx.xx.xx]
> MAIL FROM:<amv@amailsender.com>
< 250 amv@amailsender.com....Sender OK
> RCPT TO:<susan@hotmail.com>
< 250 susan@hotmail.com
> RSET
< 250 Resetting
> QUIT
< 221 mc6-f7.hotmail.com Service closing transmission channel

Posted: Mon Jan 03, 2005 6:56 pm
by skehoe
Why not just send the person an email with a URL in it to a script on your server that sets an email flag on the user's account to 'valid'?

Posted: Mon Jan 03, 2005 7:00 pm
by protokol
[php_man]Sockets[/php_man] may be of use.

Posted: Mon Jan 03, 2005 7:01 pm
by redmonkey
You can query the mailserver using the 'VRFY' command. This is used to confirm that the user has a mailbox on the server, but this is not always reliable as some mailservers deny the VRFY command.

Posted: Mon Jan 03, 2005 7:36 pm
by w.geoghegan
You need to connect to their SMTP server and use: VRFY <email address>

Here's some code I just put together:

Code: Select all

<?
define(MAILPREFIX, 'smtp.');

$email='frank@thewebsite.com';

$bits=split("@", $email);
$server=$bits[1];

$sock=fsockopen(MAILPREFIX. $server, 25) or die("Connection failed");
fputs($sock, "VRFY $email\n");

$result=fgets($sock,64);
print "VRFY Result: $vrfy";

fclose($sock);

?>
Hope this helps.

Cheers.

Posted: Mon Jan 03, 2005 7:49 pm
by myleow
I am been combing through the Internet for additional information and indeed have found socket is the only way to verify a recipient.

I need to catch invalid email before it gets added into the Database, so i minimize invalid emails in the DB.

What is the fall back if VRFY is denied but the recipient is actually valid?

William: Could you explain the

Code: Select all

define(MAILPREFIX, 'smtp.');
Thanks in advance.

Regards
Mian

Posted: Mon Jan 03, 2005 7:51 pm
by John Cartwright
http://ca.php.net/define should explain your question

Posted: Mon Jan 03, 2005 7:52 pm
by w.geoghegan
myleow wrote:
William: Could you explain the

Code: Select all

define(MAILPREFIX, 'smtp.');
Mian
It's not actually needed. What it does is define a constant so you can call it in code.

It's probably better to just use this:

Code: Select all

$sock=fsockopen("smtp.$server", 25) or die("Connection failed");
Why not have the user verify their e-mail when it's submitted. Send them an e-mail with an activation link.

Posted: Mon Jan 03, 2005 8:10 pm
by myleow
I do have the activation link. I just want to make it so that i won't be sending out bad emails, and catching it on the spot while the user is still waiting on adding that email would be a much faster and better way to encourage them to put in valid email address.

someone@somewhere.com is a favourite.

Posted: Mon Jan 03, 2005 8:45 pm
by myleow
i keep getting 220 reply from the mail server when i send VRFY. I also notice that differrent mail server have different prefixes. Like mx1.mail.yahoo.com

Posted: Mon Jan 03, 2005 8:57 pm
by rehfeld
myleow wrote:I do have the activation link. I just want to make it so that i won't be sending out bad emails, and catching it on the spot while the user is still waiting on adding that email would be a much faster and better way to encourage them to put in valid email address.

someone@somewhere.com is a favourite.

well, the thing is its not always possible to know if an email is valid or not unless you fire off an email w/ a confirm link in it.

contacting the receiving server and trying to verify it imo is not a solution at all, because the reply you get will never tell you if the mailbox really exists or not. maybe the server denies the verify query, or maybe the server sais its always valid because they have a catch all mailbox.

also, what if thier mailbox is full, and your email would bounce?


really, imo the only good way is to do a very basic check on the email making sure the syntax is valid, and then fire an email and make em confirm it.


i dont even like to use complex regular expressions to try to validate the email first, because _some_ emails do exist and are definately valid, that do not neccesarily follow the rfc syntax. that and it is pretty difficult to validate an email to rfc specs anyway. this is all i use:

Code: Select all

function could_be_email($email) {
    return preg_match('/^[^@]{1,64}@[^@]{4,255}$/', $email);
}

if it passes that basic validation, i give it chance and fire an email for them to confirm. if it doesnt, i notify the user that their email is invalid, because if it cannot at least pass that basic syntax validation, it is certainly not valid.


i understand your desire to not even send emails out that may be pointless, but its very difficult to determine if they are truely pointless until after you have done it. unless you can be sure an email is invalid(and generally you cant), its may not be worth the risk of not giving it a chance by sending out a confirmation email.

Posted: Tue Jan 04, 2005 7:06 pm
by myleow
I notice in the Mail RFC it is said that in case the MX record is not found, you can go with the A record. Does

Code: Select all

gethostbyname()
qualifies?

I think i will not check for the recipient because it is both slow and inaccurate. I have encountered servers that block it outright.

So i just added gethostbyname after it fails MX Records. If it has it then i send the authentication request email.