How to check if an email address is real or valid using PHP

Question

I found some websites that claim to verify if email addresses are valid. Is it possible to check if an email address is valid using just PHP?

<?php     if($_POST['email'] != ''){         // The email to validate         $email = $_POST['email'];          // An optional sender         function domain_exists($email, $record = 'MX'){             list($user, $domain) = explode('@', $email);             return checkdnsrr($domain, $record);         }         if(domain_exists($email)) {             echo('This MX records exists; I will accept this email as valid.');         }         else {             echo('No MX record exists;  Invalid email.');         }     } ?> <form method="POST">     <input type="text" name="email">     <input type="submit" value="submit"> </form> 

This is what I have right now. It checks if the domain exist, but it cannot check if the user's email exist on that domain. Is it possible to do that using PHP?

Answer 1

You should check with SMTP.

That means you have to connect to that email's SMTP server.

After connecting to the SMTP server you should send these commands:

HELO somehostname.com MAIL FROM: <[email protected]> RCPT TO: <[email protected]> 

If you get "<[email protected]> Relay access denied" that means this email is Invalid.

There is a simple PHP class. You can use it:

http://www.phpclasses.org/package/6650-PHP-Check-if-an-e-mail-is-valid-using-SMTP.html

Answer 2

You can't verify (with enough accuracy to rely on) if an email actually exists using just a single PHP method. You can send an email to that account, but even that alone won't verify the account exists (see below). You can, at least, verify it's at least formatted like one

if(filter_var($email, FILTER_VALIDATE_EMAIL)) {     //Email is valid } 

You can add another check if you want. Parse the domain out and then run checkdnsrr

if(checkdnsrr($domain)) {      // Domain at least has an MX record, necessary to receive email } 

Many people get to this point and are still unconvinced there's not some hidden method out there. Here are some notes for you to consider if you're bound and determined to validate email:

1. Spammers also know the "connection trick" (where you start to send an email and rely on the server to bounce back at that point). One of the other answers links to this library which has this caveat

   Some mail servers will silently reject the test message, to prevent spammers from checking against their users' emails and filter the valid emails, so this function might not work properly with all mail servers.

   In other words, if there's an invalid address you might not get an invalid address response. In fact, virtually all mail servers come with an option to accept all incoming mail (here's how to do it with Postfix). The answer linking to the validation library neglects to mention that caveat.

2. Spam blacklists. They blacklist by IP address and if your server is constantly doing verification connections you run the risk of winding up on Spamhaus or another block list. If you get blacklisted, what good does it do you to validate the email address?

3. If it's really that important to verify an email address, the accepted way is to force the user to respond to an email. Send them a full email with a link they have to click to be verified. It's not spammy, and you're guaranteed that any responses have a valid address.