How to check if an email address exists without sending an email?
We have all been doing email address validation for a very long time to make sure that the email is correctly formatted. This is to avoid users entering wrongly formatted email address but still they can accidentally give us a wrong email address.
Example of a correctly formatted email address but still wrong:
mailbox.does.not.exist@reddit.com [VALID email format but it does not exist]
Above case specifically happens when you take important customer email on phone and you type in the wrong email. So is there a QUICK solution to really check the email without sending a test message to the user? Yes.
The solution
A quick & simple check below can be implemented in most programming language including PHP, Python etc. It relies on using the same SMTP which is used to send emails.
To check if user entered email mailbox.does.not.exist@reddit.com really exists go through the following in command prompt.
First - Find mail exchanger of reddit.com
COMMAND:
nslookup – q=mx reddit.com
RESPONSE:
reddit.com MX preference = 10, mail exchanger = mail.reddit.com
mail.reddit.com internet address = 208.96.53.70
Second - Connect to mail server mail.reddit.com
COMMAND:
telnet mail.reddit.com 25
RESPONSE:
220 mail.reddit.com ESMTP Postfix NO UCE NO UEMA C=US L=CA Unsolicated electronic mail advertisements strictly prohibited, subject to fine under CA law CBPC 17538.45. This electronic mail service provider’s equipment is located in the State of California. See http://www.reddit.com/static/inbound-email-policy.html for more information.
COMMAND:
helo hi
RESPONSE:
250 mail.reddit.com
COMMAND:
mail from: <youremail@gmail.com>
RESPONSE:
250 2.1.0 Ok
COMMAND:
rcpt to: <mailbox.does.not.exist@reddit.com>
RESPONSE:
550 5.1.1 <mailbox.does.not.exist@reddit.com>: Recipient address rejected: User unknown in local recipient table
COMMAND:
quit
RESPONSE:
221 2.0.0 Bye
NOTES:
1) the 550 response indicates that the email address is not valid and you have caught a valid but wrong email address. This code can be on the server and called on AJAX when user tabs out of the email field. The entire check will take less than 2 seconds to run and you can make sure that the email is correct.
2) If email was present the server will respond with a 250 instead of 550
3) There are certain servers with a CATCH ALL email and this means all email address are accepted as valid on their servers (RARE but some servers do have this setting).
4) Please do not use this method to continuously to check for availability of gmail / yahoo / msn accounts etc as this may cause your IP to be added to a blacklist.
5) This is to supplement the standard email address javascript validation.
Telnet screenshot in windows – Check email using SMTP commands
UPDATE: PHP code added on 26th January 08
Follow us on twitter 
A quick & simple check below can be implemented in most programming language including PHP, Python etc.
How?
I had to use angle brackets <> with gmail. You will have to slightly change your instructions:
mail from: randomnonexist@gmail.com (with angle brackets)
Google came back with a long story saying that email address does not exist. Brilliant
what if the MX record resolves to an IP of a server thats configured to be a mail relay ?
A simple fsockopen command in PHP and you can open connection to any SMTP server with port 25.
$smtp_server = fsockopen("mail.reddit.com", 25, $errno, $errstr, 30);
fwrite($smtp_server, "HELO hi\r\n");
fwrite($smtp_server, "MAIL FROM:
fwrite($smtp_server, "RCPT TO:
You could also use VRFY to confirm that the mailbox exists, but it might be the case that that feature has been disabled for security purposes.
The HELO line is supposed to contain the fully qualified domain name of the client. Using ‘hi’ for this purpose may result in a rejection before the address can be checked.
Some mail servers, e.g. Microsoft Exchange, will accept all email for any address and then generate their own bounce if the address is invalid.
In Python, as a module and/or command line tool: gist.github.com/47987
It depends on how your mail server is setup. You can configure your mail server to accept any recipient and forward all mail that doesn’t match a user to a specific account.
Ah, this is really useful. Thanks a bunch!
As Capt. Sparrow mentioned with the Gmail servers, a lot more servers respond more kindly when the commands you send conform with RFC2821.
Brilliant idea, something to look into more depth. Some issues found during a couple of attempts: Gmail (At least the Google Apps servers) can take around 15 seconds to verify a domain, bit of pain but surely worth it. The larger services, Hotmail, Yahoo ect become tetchy if your servers IP doesn’t get a green light on Spamhaus.org so check your servers IP. HELO HI doesn’t always work but can be overcome with HELO as mentioned by Phil.
Did anyone find any servers this trick did not work with yet?
Only testing from my own connection I’ve been unable to carry out the whole process on the Yahoo and Hotmail servers because I’m on a dynamic IP thus blacklisted on Spamhaus.org.
It’s coming up with a place for this function to take place on a production site. With a lot of servers responding 250 even if the mail box doesn’t exist, then further verification is still required. If you were to request the server with both the requested email and a couple of random hashs, and all requests returned 250 then it’s likely the server is accepting any recipient, in which case you would still have to send a verification email out.
Still love the idea though, anything to take that extra step out of the users registration process is a good thing.
“what if the MX record resolves to an IP of a server thats configured to be a mail relay ?”
I’m also curious about this. Some mail servers don’t know what is and what isn’t a valid address because their job is to forward the mail to other servers that do know.
Does this still work in that case?
The point I think Brendan was trying to make above is that this is not a valid test that works in all situations. You will get a false 550 from some mail servers, if your MAILFROM address is unknown or is ruled to likely be SPAM by their anit-SPAM measures. Conversely, you will get false 250 responses from some servers that are configured as such. Positively acknowledging all email addresses removes a mechanism employed by spammers to discover what email addresses are valid within a domain. In my experience, I have never seen a mail server configured to not provide a positive response on a RCPT TO sent to the domain of the mail server.
This wont work with qmail (although I believe there to be a patch so it can) due to the design. It will accept everything and bounce those that fail. There are positives and negatives for both approaches. The qmail way offers security (inability to probe for valid accounts) but at the cost of more spam as even random addresses seemingly get accepted.
If you want to check to see if the email address exists, then yes this works. However some people want to check to make sure the email address is valid before they, say — open a telnet session? (This is an action which could, after all, create human-perceivable delays in the app. It is also wholly impractical for servers that would have to repeat this action hundreds of times per second.)
I am continually shocked that noone knows the correct way of validating an email address in PHP. Here’s the code:
$email = getUserEmail();
$emailIsValid = filter_var($email, FILTER_VALIDATE_EMAIL);
That’s it. It only takes one line to validate an email. It will process emails correctly according to the RFC, which means “Screw you, I’m an ant-eater!”@example.com correctly passes the filter.
Qmail (and maybe some other mailservers) will always accept mail to any local address, and later bounce that address if it can’t deliver it. It does this partly for speed, and partly it is a side effect of very strict programme design.
@Brendan
“It depends on how your mail server is setup. You can configure your mail server to accept any recipient and forward all mail that doesn’t match a user to a specific account.”
–> Can a mail server (any server such as MS Exchange) allow to forward all mails with the non-existent recipients to a specific account (as you mentioned) AND still return the error 550 5.1.1 as normal ? In other says, does the sender (from gmail for example) receive the error 550 5.1.1 after sending a mail to a mail server (Exchange for example) that has been configured to enable “forward rule” above ?
There might be a problem for some users as a few SMTP servers have a thing called “SPF”
( en.wikipedia.org/wiki/Sender_Policy_Framework ) and after sending MAIL FROM: header it sends bogus like this
550 SPF Error: Please see spf.pobox.com/why.html
To ommit this You must set sender email domain to domain on wich script is fired from. Why? Because SPF checks if sender IP is the same as given e-mail domain IP.
You may try telnet to polish server mx.wp.pl to check it.
–To work around this you can easily get your IP have a reverse DNS or a PTR record from the ISP for your company domain and you will be good to go.
This solution is great for smaller organisations, but won’t work for larger organisations that use commercial spam and virus filtering services to clean their incoming mail. The MX records get changed to point to the filtering service, which does it’s filtering magic, then forwards the email to the organisations email server.
In fact, you can setup Exchange to accept and silently delete emails that are destined for non-existent mailboxes. This is a great way to stop dictionary attacks.
I have written a Ruby code following this article. It checks the mailbox using SMTP as mentioned above
github.com/skillnet/validates_email_with_smtp/tree/master
Validation is a check to ensure it is true to the specification (eg: is the number N digits long?). Not to be confused with verification which is a check to ensure it is correct within the intended system (eg: does the number work when phoned?).
This is verification, not validation.
Interesting idea.
Seems too hacky for me. Checking the domain name, why not but email verification wont be reliable either way (positive/negative)
Still i like the idea itself.
Thanks.
Another way you could do this is actually send the email BUT let the user login as it has already activated his account and catch bounces. If an email of a user bounces then you just mark him as inactive and force him to re-enter a valid email upon login. It requires a bit more on the server side but helps you a great deal and makes the user’s life easier.
Spam filtering, mail forwarding systems, mail relays, MX backup handlers and more will prevent the RCPT check from working in some cases.
Also as noted above, your HELO is not a FQDN. BUT still the verification works fine in Gmail & Hotmai & few other popular mail services I have just tried.
[...] FTP and SMTP are simple text based protocols. A previous article showed how to check if an email address exists using SMTP commands from the terminal. Here I would like to show you how you can use raw FTP [...]
[...] " How to check if an email address exists without sending an email? – PHP, Web and IT stuff — 6:46am via [...]
There are also several Web Services that can validate an email address.
Please tell me how to check Email ID existing or not in any domain.
Thanks in Advance
Hi,
I’ve used a class in PHP that does just that. I used the base from PHPClasses.org and extended the functionality a bit.
It searches for MX records and tries them, since some domains have multiple fall-back mechanisms etc. Most of the time it verifies correctly and is therefore reliable enough. I can’t distribute the code for it, since it is used within a company. But it works and indeed doesn’t take more than a second or two for each verification.
It also checks for valid HELO commands, since this is the first step to be allowed to proceed.
- Unomi -
The “HELO” with just “hi” is screaming for problems. Please use “HELO” and a full qualified hostname and not just “hi”. btw: Be nice with the SMTPD and send a “RSET” command before the “QUIT” command.
// Steve
Thanks for the article. After reading all the solutions to email validation – It seems this is the BEST and most obvious way is to validate the user. With that said, can anyone tell me how to make a BCC with php. I have tried everything and it only sends to my email and not the secondary email. I figure having the user reply to the confirmation proves they want to get the reply from my contact page. Adding BCC to the email headers doesn’t work for some reason. Any help would be apreciated.
Thanks a million!! This site rocks!
I want to know if this email address is a valid one, I think I might be being scammed, if not that is good, but i need to know diplomatic@drivehq.com
Hello,
can anyone present us the implementation of this solution in VB6 ? (especially how to check if an email adress exist or not in VB 6)
Thanks,
Great, i have tested this on Gmail, yahoo mail and hotmail and it works.
I have added this check as optional to our CRM system.
Sweet.
Cheers
Great. Now i can check the email exist or not for that particular domain.
530 5.7.0 Must issue a STARTTLS command first. 5sm1835826yxd.35
I get above exception after mail from: command. – This is for particular email accounts that need a EHLO instead of standard HELO.
Great. Thanks for this.
Just checked this to work with Gmail & Yahoo mail accounts. Great thanks for the detailed post.
Hi! Can someone show an example with this setup in a form? I don’t really understand what I must do with these scripts to work…. I am beginner, help
Slightly diffferent subject but if I join a blog what will the people running the blog be able to tell about me, would they know where I was emailing from for example?
Hi I tried to use this, it worked fine for gmail, and hotmail. Thanks for sharing the code too.
@Alex it is pretty easy to setup. Just download the PHP files in the “SMTP check code in PHP” make sure that it is working by just following the usage example.
I got it working in a few minutes on my LAMP server.
if i want to check vaildate mail by write programme in VB8 , from where i will start
Hey very nice blog!!….I’m an instant fan, I have bookmarked you and I’ll be checking back on a regular….See ya
don’t mean if the email was right when write or no , i want to check with servier or by domain name if was this email vaildate or no.
I have just tested with gmail .It seems it’s not work
telnet alt2.gmail-smtp-in.l.google.com 25
220 mx.google.com ESMTP x6si1141525gvf.28
helo hi
250 mx.google.com at your service
mail from: supermanxp2003@yahoo.com
555 5.5.2 Syntax error. x6si1141525gvf.28
mail from: supermanxp2003@yahoo.com
555 5.5.2 Syntax error. x6si1141525gvf.28
Could you help me .Thanks.Best regards
You have to use angle brackets with gmail. You will have to slightly change your instructions:
mail from: <supermanxp2003@yahoo.com> (with angle brackets)
Thanks for reply quickly .
It’s worked well for me for gmail .But i have some problem with yahoo.It required authentication login .
telnet smtp.mail.yahoo.com 25
helo hi
mail from:
Could help me this one.Thanks
Best regards
To be clear, the article here is for advanced email validation to actually check if the user has an account. Before doing this, you have to check if the email is valid. Here is the code to do that, this is the first step that you should do.
function emailcheck($email) {
return preg_match(‘/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/’, $email);
}
Thanks for very helpful to replied.It’s also worked well for me for livemail.
This is used now for certain email addresses and especially valid domains that we have for the first time in our database. Works great, thanks for the code.
Thank you for the great information. I have been searching for this question and finally got it.
For all of your peoples information… I see many regular expression checks that do not correctly check the domain extension length, for example the .museum domainname extension length is 6 characters and the minimum length is two:
function check_email($email) {
$rx =”^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,8})$”;
return eregi($rx,$email);
}
In real terms the function:
$emailIsValid = filter_var($email, FILTER_VALIDATE_EMAIL);
doesnt work (does what is says on the tin but doesnt ‘check). This will allow anything that sits within standard. That means that anything that is correctly formatted will go through, doesnt have to be an actual valid address. For example xxx@staleproperty.com.uk will go through, it is valid because the RFC defines this as ok (allowing for future growth in the standard) but the reality is it is not valid because ‘.com.uk’ is not a valid base domain.
Hello Everyone,
I want to validate my bunch of email addresses, some free softwares can validate only max 50 email id’s at one go and takes time for validation. Can any one of you tell me if you have any such software which is available free and validate my email ids, your support will be appreciated. thanks a bunch in advance.
Thanks for sharing. It’s important information for SEO people.
One again, your idea is very
good.thank you!very much.
I’ve just had an odd situation. I was buying an Apple product through Apple Finance (Barclays Bank). The tool they use to process the application validates the email address before accepting it. It failed to validate my email address on harper.org.uk and it also failed to validate my google mail address. I’ve also had issue with other companies attempting to validate email addresses and this validation failing for these two domains, particularly Vodafone’s Blackberry servers and an electronic magazine that I have attempted to subscribe to. There appears to be a common problem out there with email validation.
nick 9th june is so right I am always having this problem
This is nice posting. Its helping to many friends say to me.
Doing good..
Thanks a lot..!
Well…. this is a nice feature to have. Though you should only use it to hint the user to pay extra close attention to their input. As this method of validation is not failsafe, you should only indicate a possibly incorrect email address, and not blocking the user from using it anyway.
i got an error when run the script (Class ‘SMTP_validateEmail’ not found in D:\xampp\htdocs\mac\checkemailexamplephp.php on line 8)
please help
Hi ,
Is there a way to check in .NET (C#) whether the email entered by the user actually exists or not.
I am using the SMTPclient. Or is there a way where we can check that the email was actually sent to the email address.
Any help would be greatly appreciated.
Thanks,
Meenakshi
[...] 2) Usage example - DOWNLOAD [...]
tanks
[...] I have come across this PHP code to check email address using SMTP without sending an email. [...]
Before you check the validity of your email, you can also check the validity of the domain. In PHP:
$domain = explode(‘@’, $_POST['email']);
if (!checkdnsrr($domain[1]))
…
http://php.net/manual/en/function.checkdnsrr.php
please verify this id………
[...] y si ese correo noe xiste no lo valiede como real? en este link prueba la coneccion al correo How to check if an email address exists without sending an email? – PHP, Web and IT stuff no es 100% [...]
Thanks for this useful trick. Unfortunately it does not work with the server I tried. It says:
554-….
554 Your access to this mail system has been rejected due to the sending MTA’s p
oor reputation. If you believe that this failure is in error, please contact the
intended recipient via alternate means.
Looks like there’s no workaround?
Live demo would be appreciated !
Wow, these code snippets are really good. I have been looking for a way to check if an email is valid on gmail! This code will be very helpful!
I get error “Warning: SMTP_validateEmail::require_once(Net_DNS.php) [function.SMTP-validateEmail-require-once]: failed to open stream: No such file or directory in D:\Hosting\4356713\html\smtpvalidateclass.php on line 233
“
@newvalidate you have to download NET_DNS class drom PEAR library!!
I am having my IP reported as spammers !! how to solve this problem ?
I understand your code but this command not executed
nslookup – q=mx reddit.com
nslookup: couldn’t get address for ‘q=mx’: not found
please help me
For me I encountered a lot of problem to send a resume through internet because of some error flash of my yahoomail so what can i do for this …
Hi frnds i did not understood how to check, where to keep the email of users want to check var $user if ikeep like this $user=username of email iwant to check
I found the perfect tool:
gives you 5 free validation for an email with the headers!!!!
Hi All,
I have a newsletter option which sends nearly 20,000 emails to my customers. I need to check if the email address is exist and active in real time before sending. Can anyone have the code to check this in PHP ? Please help me to resolve this issue
Thanks. simple and clear. I want to know is there any restriction to verify email addresses using this SMTP method.
I want to verify 1 million email addresses. is it possible??
Thanks in advance
You could use this application to check thousands of email account on more email addresses you have: bstdownload.com/reviews/valid-email-verifier-1/
Thanks for the snippet.
I’ll try to extend my service for detecting disposable email addresses (see block-disposable-email.com) with this kind of testing for the real existence of an email address as a second step. Unfortunately services like yahoo are always answering with “250″, so we have to assume that any email address exists there ..
Gerold
Awesome technique !
[...] telling me that the email address is valid. I also found this script, which is most accurate and most important reliable ? PHP [...]
well i am not for sure that there is a web site and this a phone nu.22998933573 they sent me.I am just trying to find out if this a leget place of bussines or a company.
Very nice guide, presented beautifully and easy to understand.
Sorry for being noobish but is this supposed to work with Windows? nslookup doesn’t understand the first line. There’s an identical question above. This would be a very useful function but the instructions are way, way, way, way, way, over mere mortals heads, assume you know the syntax of everything on any OS and Apollo 11′s LEM computer and mumble RFCs in your sleep.
Dont know if there is anything wrong with my email address. If not how is it i cannot locate it and where do i access this. Having roblems cannot subscribe anywhere or receive emails. What am i doing wrong
Is there like a download that can do all that for you
ok so i took the python code from above and entered into my python idle shell script and got a syntax error??
COMMAND:
nslookup – q=mx bigcompanydomain.com
can i issue these commands thru a macintosh terminal?
Good article. But this assumes that the smtp server runs on port 25 whcih may not be always true. for example, if the mail server uses secure SMTP, the port no will be 465 and we can’t get connection with simple telnet as it is secured.
[...] our portal. However, if you are interested to check through PHP forcefully, you may want to visit webdigi. They create a mail class to verify an email through checking the port of mail SMTP 25 but like i [...]
If smtp is running on different port other than default (25), how to check this info? Any way using commands like nslookup?
This function giving me error while i am exicuting code, the error is
Warning: Invalid argument supplied for foreach() in C:\wamp\www\Email Validation\smtpvalidateclass.php on line 90
my email id has been hacked now password is change how can i recover or delete my email id
thanks… it was great….
Hi. Just wanted to leave a quick remark and tell you that I’ve enjoyed viewing your personal site and will be recommending it to my mates. Keep up the good work! Thanks again.
Very useful. Bundle of Thanks.
In the PHP download, there is the following statements:
// windows, we need Net_DNS
require_once ‘Net/DNS.php’;
Where can I download that include file?
hi ,
i have a question please give the answer if anybody knows about follwing question .
i wnat to know how can i check the email address present in gmail and facebook in my website?
i mean email address present in gmail or facebook, from using that emial address , user can login in my website withought registration..
I just love to add it at ysapak.com thanks for sharing it
This is a very helpful article, and I did have a chance to modify the script to suit my need. The modified script is available at:
webtrafficexchange.com/smtp-email-address-validation
I would like to contribute my change to Google Project, and need your help adding it to the project if you don’t mind.
This doesn’t work with servers that use alternative SMTP ports (465 or 587) and I doubt it works if SSL is required or passwords are required.
Hi all and thank you for the code. It did really help me out a lot.
However, I still have a problem on hotmail email address
I did check it out and enabled SSL on my server, so now it’s working. The problem is that I still get this message back: error 530, could it means authentication required?
Can you please help me?and give me some avdice?
I am even thinking of buying it, if someone has a proper working script on PHP o ASP.
Please write me at pcdevelopers@hotmail.com
Thank you
Great thanks to this usefull utility.
I have just a comment. If I call the fonction with the following sequence, it doesn’t work.
$email = ‘foo@gmail.com’;
$result = $SMTP_Valid->validate($email, $sender);
To be usable I have added this line in the function setEmails($emails) :
settype($emails, “array”);
Any reaction is welcome.