Menu
I created a form in which you have to insert an email address.
I already have a validation method. But i need to make sure that the email actually exists.
Is it possible?
618
asked Nov 17 '16 23:11
How to tell if an email is real: Look at the sender's email address, the content of the message (grammar, spelling, punctuation, etc.). and check the domains of any embedded links to see if they direct to you the company's legitimate website.
For Gmail and Google Apps Accounts If that address is not valid, Google will throw an error saying No account found with that email address. Alternatively, you can go to the Gmail Sign-up page at accounts.google.com/SignUp and try creating a new Gmail account with the address that you are trying to verify.
In the general case it is not possible without user interaction.
A few things you can do to validate an email address:
You can use a regex to validate the email address format. It does not guarantee that the address exists, but at least your user input will be well formed. Validating email addresses by a regular expression is not straightforward though, see here for difficulties. You can find guidelines here.
Once the address is well-formed, you can check with a simple DNS query whether the domain name actually exists and has an associated MX record. If it does not, the email is obviously invalid. If it does, it can still be any valid domain, and there is no proof that there actually is a valid user of the name specified on that domain.
If the domain exists, you can issue an SMTP VRFY command to the smtp server read from the MX record of the domain. VRFY will tell you whether the user name (the part before @) is a valid email address on that server. The caveat is that some server will not tell you the truth and deny all usernames or not implement the VRFY command as it is a security risk (in many cases, email accounts are valid usernames for the server, so this would allow username enumeration).
So if a VRFY command tells you the address is valid, there is a good chance that it really is. If it tells you it is not valid or VRFY is not implemented on the SMTP server, you basically gained no info. Because of this, you may not want to do this at all.
More info on this is here and here (among many others).
Ultimately, you should send a confirmation email with a one-time token to the given email address, and store that token in your database for future reference. If the user can click a link in the email sent (ie. can send the token back), he proves that the email address is valid and it actually belongs to him.
142
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
