Email Validator

I am experimenting with an email validation script based on the one found at http://www.zend.com/zend/spotlight/ev12apr.php. I know the regular expression format check is not great, and I'm working on a new one, but I'm particularly keen on the idea of connecting to the mail server to validate the existence of the address.

I have read that this can be problematic, because some servers block such requests (because its one way that spammers collect email addresses). Does anyone have any thoughts or experience with this?

 

The commands you are looking for are VRFY and EXPN (SMTP). They indeed are blocked on most servers because of the hackers and spammers. There are other "unofficial" techniques as well.

If you want to work with *your* SMTP server (e.g. your own mailing list, etc), you can configure it to process these commands and hide it behind a relay or two. If you want to poke other people's servers that *will be* considered as hacking and you or your ISP may be contacted by the security officer of those companies and your ISP may terminate your contract.

J.D.

 

Thanks for that... I'll just play safe and validate the format and rely upon a response to sign up email within two weeks.

 

If you want to parse messages yourself, take a look at the RFC 2822, which describes message format.

If you want just to parse headers, regular expressions will work just fine - read text line-by-line and use regex to break lines down to tokens. If you want to parse entire messages, this would require significant development effort (thinking of multipart messages - HTML, MIME, etc).

J.D.

 

All I want to do is eliminate bogus sign ups to my website (www.training-directory.org.uk)... while trialling/beta testing it, I've had a few (though not many) .

Easiest way round, since they all recieve an email on sign up with a password so they can log in and enter their detals, is simply remove them if they have not logged in within 7 days of sign up.

 

Here is the expression I use

$validemailexpr="^[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*" ."@[0-9a-z~!#$%&_-]([.]?[0-9a-z~!#$%&_-])*$";
	if (!eregi($validemailexpr,$email))

PHP:

And as others have said the best you can do is verify the exisitance of the mail sever.

 

I would also add maximum length for each part:

(chars){1,32}

This will protect you from all sort of bad things.

As for the mail server, it may not work sometimes - properly configured SMTP servers accept connections only if they originate from the SMTP ports.

J.D.

 

...and how about those free/anonymous email accounts ?
is there any way to block people from using those ( untraceable ) accounts for signing up on a site ?...

i mean, of course there's one way, which is having a listing of the ( thounsands ? ) domains, check the request against this list and forbid those that match...
but such list exists and is ( freely ? ) available ( and maintened ) somewhere on the net ? i've never seen anything like this... although i haven't looked too hard...

 

You can reject domains that are known to be open relays (i.e. those that are misconfigured and often used by spammers). There are several sites you can use to check if the IP address matching the domain name in question is black-listed (e.g. dsbl.org, ordb.org).

As far as anonymous accounts go, say at hotmail.com, I don't think there's a reliable source that will tell you that a particular email address is a throw-away address (heck, I have seen businesses using accounts at aol.com as their email addresses!).

J.D.

 

This is also a major concern in the real estate industry, you have several people use your system to register and they use bogus email address. We have been trying to look at a way to curb this as well. One problem you run into however, if lets say you also ask for a phone number is I have had clients that mispelled their email address by mistake but supplied the right phone number. So if you prevent them from signing up if their email doesnt verify, you might lose some real customers.