1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Live email validation

Discussion in 'PHP' started by digitalpoint, Jul 7, 2005.

  1. #1
    Here's something I just threw together real quick because I had a need for it. But others might find it useful:
    <?
    $split = preg_split('/^(.*)<(.*)>(.*)/', $_REQUEST['email'], -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
    $email = array_pop ($split);
    $split = explode ("@", $email);
    $domain = $split[1];
    
    getmxrr ($domain, $a, $b);
    if ($a) {
    foreach ($a as $key => $val) {
    $c[$b[$key]] = $val;
    }
    ksort ($c);
    } else {
    $c[0] = $domain;
    }
    
    $fp = fsockopen (array_shift($c), 25, $errno, $errstr, 30);
    $return = fgets ($fp, 1024);
    fputs ($fp, "helo none.com\r\n");
    $return = fgets ($fp, 1024);
    fputs ($fp, "mail from:<postmaster@none.com>\r\n");
    $return = fgets ($fp, 1024);
    fputs ($fp, "rcpt to:<" . $email . ">\r\n");
    $return = fgets ($fp, 1024);
    fputs ($fp, "quit");
    
    fclose($fp);
    
    if (substr($return, 0, 3) > 250) {
    echo "Bad email";
    } else {
    echo "Good email";
    }
    ?>
    PHP:
    If you pass an email address as an email variable to the script, it will look up the domain's SMTP server, contact it, and see if the email address is legit or not.
    SEMrush
    You should change the none.com domain to your domain and probably will want to use something more useful (like a true/false variable) instead of echoing out Good Email/Bad Email.

    Some mail servers will not tell you if an address is good or not with the RCPT TO command, so for those mail servers, it wouldn't work all that well, since it would always accept emails for any address.
     
    digitalpoint, Jul 7, 2005 IP
    SHT likes this.
    SEMrush
  2. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    64
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Those SMTP servers that support Sender Policy Framework (SPF) will not accept your connection at all unless the IP address of your web server is on the list of valid IP addresses that can send mail.

    And another thing. If someone wanted to exploit your web server, they could run a script against your email address page, going through all possible email addresses (presumably this page will have different output when the address is valid). This way the attacker could harvest a few email addresses and your IP address would eventually be banned.

    J.D.
     
    J.D., Jul 7, 2005 IP
  3. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,285
    Likes Received:
    2,600
    Best Answers:
    460
    Trophy Points:
    710
    Digital Goods:
    29
    #3
    Well, it has nothing to do with SPF. Also, the script is not intended to be on a public web server (especially not as a stand alone script). In my case, it's used from the shell only.
     
    digitalpoint, Jul 7, 2005 IP
  4. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    64
    Best Answers:
    0
    Trophy Points:
    0
    #4
    I'm not following. The SMTP server you are connecting to will lookup your domain's SPF record and if it exists, it would have to contain the IP address (in one form or another) of your SMTP client (the thing that runs your script in this case). If it doesn't, the connection will be rejected even before you get to the rcpt to part.

    J.D.
     
    J.D., Jul 7, 2005 IP
  5. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,285
    Likes Received:
    2,600
    Best Answers:
    460
    Trophy Points:
    710
    Digital Goods:
    29
    #5
    I would guess that VERY few domains use SPF. digitalpoint.com has no SPF record, and it works fine for me. Either way, if someone cared about SPF, they could use it. Still wouldn't affect the script itself if someone chooses to use SPF in their server setup or not.
     
    digitalpoint, Jul 7, 2005 IP