How to veryify if an email address really exists.

Czardas

I need to be able to check if an email address provided by a user is real of not.
I know that this can be done somehow but I have forgotten how to do it.

bobthedog

Damn - if this was possible then we would probably be suffering from a hell of a lot more spam mail.

ANyhow - you can't check if a particular email address exists unless you actually send an email to that account and see if you get a response back, or if you try and be clever with an html version of the email and track any image requests from the mail back to the server. Unfortunately these are both flawed ideas since you will be lucky if someone just replies randomly to your email, and there are so many email clients out there which won't display your image, that you cannot guarantee anythign this way.

However, enough of what you CAN'T do. On with what you can do. You can check to see whether the domain of the email address exists and whether it accepts email. You can also perform checking on the email address and see that it is in the correct format (best done using a regular expression - and there are loads of examples of these out there - try reading the user contributed notes under the mail() function on php.net).

Anyhow - hope this helps get you started.

Czardas

Yes, I know that I can use the functions getmxrr, gethostbyname and eregi to check all that, but I just thought that it still isn't enough to be sure.
As a webmaster I depend on the trust of my visitors and if someone of them sends me an email without getting a response, chances are that he will not come back. And if he types the wrong address in the field, I will never be able to get back to him.
Anyways, thanks for your help.

planetsim

this aint the only forum i use, and many still want to be able to see if it actually exists...

Well Depending on what you want, before you recieve something you should make an aactivation system, or something to make sure it exists...

So they write in the form
You send an email, making sure that there email exists, they goto a page, which has the mail(); function there which has the information to the email, then you can get the email.. or whatever you want...

Now this is just an idea which i thought would be good... of course theres a lot of work involved.. But if you want to reply to an email or whatever your working for, id suggest this is an idea

ednark

very bad solution: won't work for all emails...

use the imap_ php library to try and open an imap connection (you can specify imap or pop3) to the imap port of the suspected hostname.... give the email username and a bogus password

it might be kind enough to give you either a bad password, or a user doesn't exist message... if it does... then you know if they exists or not....

bobthedog

Well - my experience of POP3 servers says that this solution won't work either.

As you can imagine, for security reasons, if you connect to a POP3 server and try a username/password combination it will (generally) always return you the same error whether the username exists or you just got the password wrong. Whether this can be modified by the system admin of the server I don't know. But, on the whole this does not happen so you will still have no idea whether that account exists.

Additionally, what about catch all boxes which then get distributed internally using an Exchange server (or something else with the same capabilities). The POP server will only have the catch all box and all the mail will come in through this route. The Exchange server is then responsible for distributing to the actual real accounts internally and bouncing back as required.

So - as I said before, there is no real way to perform this action without having some sort of user response to verify that the email address does actually exist.

To this end - I agree with planetsim. If you want to ensure that the mail address exists on account activation (or whatever), then you need an activation system where the user has to validate their account before continuing (i.e. before their account gets activated). This system is in use in lots of large systems (in fact most things I tend to sign up to these days uses something like this).

So - hope this helps 🙂

Czardas

Ok, I guess I have to live without it then.
Thanks!

ednark

i think the closest you can get is to check the mail syntax...

perhaps to a
[man]gethostbyaddr/man or a [man]gethostbyname[/man] on the domain part to see if the internet even knows about it the domain....

that should be good enough if you are not a spammer...

Jayson

I like to use a double opt-in on my registration system. When someone registers, it sends them an email with a unique link they must visit before their registration is activated. The link looks something like http://site.com/auth.php?auth=9x0b6w43. And then if they don't activate the account in 7 days, it reminds them with another email. And after 14 days it removes their info so it doesn't clutter the database with junk.

I lose about 1/3 of everyone that registers that way, but then again I was getting a lot of fake addresses before I implemented that, so I think its worth it.

Of course it still checks that the address could even be valid with a simple eregi statement first, but the double opt-in makes 100% sure that all your activated addresses are real and the person owns it.

ednark

i have had to invent my own email validation wheel recently...

i made a regular expression based it off rfc 2822 (part of it anyway), the logged top level domain extensions from icann, and used the gethostbyaddr and gethostbyname i recommended....

if you would like to collaborate on something like this just email: ednark@linuxmail.org

maybe we could wrap this up with somehting like Jayson's idea and put it into an object or two and have a pretty badass php email validation package

rupertbj

Try this - works well enough for me, but only verifies the structure of the e-mail address and the host - not the actual user.

<?php
// Set the form error check to false
$form_errors = array();
//E-Mail address verifications
// Make Email a required field
$Email = trim($Email);
	if ($Email == "") { $form_errors["required_Email"] = true; }
    elseif (!eregi("^([a-zA-Z0-9._-])+@([a-zA-Z0-9._-])+\.([a-zA-Z0-9._-])([a-zA-Z0-9._-])+", $Email)) { $form_errors["Email_badformat"] = true; }
// Attempt to resolve the MX host
    else {
		list($Email, $domain) = split("@", $Email, 2);
			if (! checkdnsrr($domain, "MX")) { $form_errors["Email_badhost"] = true; }
			else {
				$array = array($Email, $domain);
				$Email = implode("@", $array);
				}
		}
// Check if there are any errors
if (count($form_errors))
	{
// If the user left the e-mail field blank
	if ($form_errors["required_Email"]) {  }
// If the format of the e-mail address is incorrect
	elseif ($form_errors["Email_badformat"]) { include("emailProb.php"); exit; }
// If the mail server of the address the user provided could not be contacted
	elseif ($form_errors["Email_badhost"]) { include("emailProb.php"); exit; }
	}
?>

php-web

This website has full details and PHP code for checking emails

PHP code & details on how to check if email exists by telnet - PHP code