Have Geek Brain

Can I check if the email address is valid?

How can I implement the following logic?

  • User registers with email address

  • If the email address provided is a valid email address Then the get's user account is activated

  • or if it is a fake email, then the user account is not activated

I doubt if I can catch the Failed Delivery Message, right? anyway, how would you suggest implementing the above logic?

PS. I will need to find a way, no matter what, the client wants him =)

+2


a source to share


6 answers


You probably want to make sure not only that the email address is valid, but also belongs to that particular user. The usual way to do this is to send an email with a link. The user must click the link to activate the account.

For example, a link might look like this:

http://example.com/activate?token=bc59fb46c9a0a25346889e5ab336f11c

where token

is a random string that you created and stored in your database associated with this account. The server code behind the page then activate

activates the account. If you don't get a hit for this token

inside, say, a week, you can clear the account and activation token.

Adding in response to your comment ...



An alternative way would be to initiate an SMTP connection and try to start sending email. This is similar to checking a callback among mail servers. For example ( <

- this is what the mail server says >

- this is what your script might send):

< 220 example.com ESMTP Postfix
> EHLO foobar.com
< 250 OK
> MAIL FROM: noreply@foobar.com
< 250 OK
> RCPT TO: johndoe@example.com
< 550 Recipient address rejected: User unknown in local recipient table
> QUIT
< 221 Bye

There are several serious problems with this approach, so it is not used in practice. Most of them will result in mis-received messages, some of them will crash completely:

  • If your site is behind a firewall that blocks outgoing connections on ports 25 (SMTP) and 445 (SSMTP), you can't even connect to the remote server.
  • This method will not tell you if the address was lost, but it did provide another valid address. For example, you hotmail.com

    can make almost any address you can imagine.
  • If the mail server is unavailable or unavailable, account creation will fail.
  • If the mail server is configured to accept mail for invalid addresses, any address will be accepted.
  • If the mail server is not the final recipient, but simply a relay site, any address will be accepted.
  • If you check your mail server too often, a blacklist can do it.
  • Your site could be harmed by an intruder or bot to clog up mail servers. (This also happens when you send a complete verification email. Use both in both cases.)

See also the Postfix manual and the controversial section on Wikipedia . I hope this list is long enough to convince your client that there is no good solution to his problem, and that he should stop asking the impossible from you.

+10


a source


why don't you implement a verification system. They create an account. send them an email with a confirmation number. they click the link in the email and then they run that database and activate that particular validation ID.

Many websites use this technique, and it helps to maintain some control.



Hope it helps

+1


a source


You can also use PHP function checkdnsrr ($ hostname). For instance:

if (checkdnsrr("comcast.net")) 
{ 
echo 'Email valid!'
return true;
}
else
{
echo 'Email invalid!';
return false;
}

This will return true and echo "Email valid!" because comcast.net is a valid provider. This feature will at least prevent users from entering " johndoe@foobar.com ".

+1


a source


Here is a service that will check the email address, but not sure if that was the intended route you were interested in. Service

0


a source


Have a look at Regular Expressions . This is a way that you can check the email format to make sure it is a valid email structure (ie contains "@", has a top-level domain, domain, etc.)

This will simply ensure that the email is valid, but a fake email address such as fakeMan@FakeLand.com will still get through. To make sure the email is valid, you need to send an email through the mail server and check for a refund. This process can take a while because you have to wait for the email server to respond with a bounce, which is difficult to predict how long it will take. If you want your users to wait a couple of days, then that's great.

The standard should check email to make sure it's the correct format using regular expressions. Then you send a verification key to the user's email address. They need a valid email to receive the key in order to complete the registration process.

Of course, there are users who use temporary emails to register with sites. This email that's been around for 24 hours or so is enough to get their verification key ... There is no real way to get around the users who do this other than blacklisting all the services that do it (and there are a lot of them).

0


a source


This is the true email syntax regex: http://ex-parrot.com/~pdw/Mail-RFC822-Address.html

You see, this is not a trivial task.

0


a source






More articles:


All Articles