How to check if an email address exists without sending an email?
We have all been doing email address validation for a very long time to make sure that the email is correctly formatted. This is to avoid users entering wrongly formatted email address but still they can accidentally give us a wrong email address.
Example of a correctly formatted email address but still wrong:
mailbox.does.not.exist@webdigiapps.com [VALID format but does not exist]
Above case specifically happens when you take important customer email on phone and you type in the wrong email. So is there a QUICK solution to really check the email without sending a test message to the user? Yes.
How to test if the email address actually exists
To check if user entered email mailbox.does.not.exist@webdigiapps.com really exists go through the following in command prompt on windows / terminal on mac. The commands you type in are in green and the server response is in blue. Please refer to MAC & PC screenshots towards the end of this post.
Step 1 – Find mail exchanger or mail server of webdigiapps.com
COMMAND:
nslookup -q=mx webdigiapps.com
RESPONSE:
Non-authoritative answer:
webdigiapps.com mail exchanger = 0 mx2.sub3.homie.mail.dreamhost.com.
webdigiapps.com mail exchanger = 0 mx1.sub3.homie.mail.dreamhost.com.
Step 2 – Now we know the mail server address so let us connect to it. You can connect to one of the exchanger addresses in the response from Step 1.
COMMAND:
telnet mx2.sub3.homie.mail.dreamhost.com 25
RESPONSE:
Connected to mx2.sub3.homie.mail.dreamhost.com.
Escape character is ‘^]’.
220 homiemail-mx7.g.dreamhost.com ESMTP
COMMAND:
helo hi
RESPONSE:
250 homiemail-mx8.g.dreamhost.com
COMMAND:
mail from: <youremail@gmail.com>
RESPONSE:
250 2.1.0 Ok
COMMAND:
rcpt to: <mailbox.does.not.exist@webdigiapps.com>
RESPONSE:
550 5.1.1 <mailbox.does.not.exist@webdigiapps.com>: Recipient address rejected: User unknown in virtual alias table
COMMAND:
quit
RESPONSE:
221 2.0.0 Bye
Screenshots – MAC Terminal & Windows
NOTES:
1) the 550 response indicates that the email address is not valid and you have caught a valid but wrong email address. This code can be on the server and called on AJAX when user tabs out of the email field. The entire check will take less than 2 seconds to run and you can make sure that the email is correct.
2) If email was present the server will respond with a 250 instead of 550
3) There are certain servers with a CATCH ALL email and this means all email address are accepted as valid on their servers (RARE but some servers do have this setting).
4) Please do not use this method to continuously to check for availability of gmail / yahoo / msn accounts etc as this may cause your IP to be added to a blacklist.
5) This is to supplement the standard email address javascript validation.
A quick & simple check below can be implemented in most programming language including PHP, Python etc.
How?
A simple fsockopen command in PHP and you can open connection to any SMTP server with port 25.
$smtp_server = fsockopen("mail.reddit.com", 25, $errno, $errstr, 30);
fwrite($smtp_server, "HELO hi\r\n");
fwrite($smtp_server, "MAIL FROM:
fwrite($smtp_server, "RCPT TO:
I had to use angle brackets <> with gmail. You will have to slightly change your instructions:
mail from: randomnonexist@gmail.com (with angle brackets)
Google came back with a long story saying that email address does not exist. Brilliant 🙂
what if the MX record resolves to an IP of a server thats configured to be a mail relay ?
You could also use VRFY to confirm that the mailbox exists, but it might be the case that that feature has been disabled for security purposes.
The HELO line is supposed to contain the fully qualified domain name of the client. Using ‘hi’ for this purpose may result in a rejection before the address can be checked.
Some mail servers, e.g. Microsoft Exchange, will accept all email for any address and then generate their own bounce if the address is invalid.
In Python, as a module and/or command line tool: gist.github.com/47987
It depends on how your mail server is setup. You can configure your mail server to accept any recipient and forward all mail that doesn’t match a user to a specific account.
Ah, this is really useful. Thanks a bunch!
As Capt. Sparrow mentioned with the Gmail servers, a lot more servers respond more kindly when the commands you send conform with RFC2821.
Brilliant idea, something to look into more depth. Some issues found during a couple of attempts: Gmail (At least the Google Apps servers) can take around 15 seconds to verify a domain, bit of pain but surely worth it. The larger services, Hotmail, Yahoo ect become tetchy if your servers IP doesn’t get a green light on Spamhaus.org so check your servers IP. HELO HI doesn’t always work but can be overcome with HELO as mentioned by Phil.
Did anyone find any servers this trick did not work with yet?
Only testing from my own connection I’ve been unable to carry out the whole process on the Yahoo and Hotmail servers because I’m on a dynamic IP thus blacklisted on Spamhaus.org.
It’s coming up with a place for this function to take place on a production site. With a lot of servers responding 250 even if the mail box doesn’t exist, then further verification is still required. If you were to request the server with both the requested email and a couple of random hashs, and all requests returned 250 then it’s likely the server is accepting any recipient, in which case you would still have to send a verification email out.
Still love the idea though, anything to take that extra step out of the users registration process is a good thing.
“what if the MX record resolves to an IP of a server thats configured to be a mail relay ?”
I’m also curious about this. Some mail servers don’t know what is and what isn’t a valid address because their job is to forward the mail to other servers that do know.
Does this still work in that case?
The point I think Brendan was trying to make above is that this is not a valid test that works in all situations. You will get a false 550 from some mail servers, if your MAILFROM address is unknown or is ruled to likely be SPAM by their anit-SPAM measures. Conversely, you will get false 250 responses from some servers that are configured as such. Positively acknowledging all email addresses removes a mechanism employed by spammers to discover what email addresses are valid within a domain. In my experience, I have never seen a mail server configured to not provide a positive response on a RCPT TO sent to the domain of the mail server.
This wont work with qmail (although I believe there to be a patch so it can) due to the design. It will accept everything and bounce those that fail. There are positives and negatives for both approaches. The qmail way offers security (inability to probe for valid accounts) but at the cost of more spam as even random addresses seemingly get accepted.
If you want to check to see if the email address exists, then yes this works. However some people want to check to make sure the email address is valid before they, say — open a telnet session? (This is an action which could, after all, create human-perceivable delays in the app. It is also wholly impractical for servers that would have to repeat this action hundreds of times per second.)
I am continually shocked that noone knows the correct way of validating an email address in PHP. Here’s the code:
$email = getUserEmail();
$emailIsValid = filter_var($email, FILTER_VALIDATE_EMAIL);
That’s it. It only takes one line to validate an email. It will process emails correctly according to the RFC, which means “Screw you, I’m an ant-eater!”@example.com correctly passes the filter.
Qmail (and maybe some other mailservers) will always accept mail to any local address, and later bounce that address if it can’t deliver it. It does this partly for speed, and partly it is a side effect of very strict programme design.
@Brendan
“It depends on how your mail server is setup. You can configure your mail server to accept any recipient and forward all mail that doesn’t match a user to a specific account.”
–> Can a mail server (any server such as MS Exchange) allow to forward all mails with the non-existent recipients to a specific account (as you mentioned) AND still return the error 550 5.1.1 as normal ? In other says, does the sender (from gmail for example) receive the error 550 5.1.1 after sending a mail to a mail server (Exchange for example) that has been configured to enable “forward rule” above ?
There might be a problem for some users as a few SMTP servers have a thing called “SPF”
( en.wikipedia.org/wiki/Sender_Policy_Framework ) and after sending MAIL FROM: header it sends bogus like this
550 SPF Error: Please see spf.pobox.com/why.html
To ommit this You must set sender email domain to domain on wich script is fired from. Why? Because SPF checks if sender IP is the same as given e-mail domain IP.
You may try telnet to polish server mx.wp.pl to check it.
–To work around this you can easily get your IP have a reverse DNS or a PTR record from the ISP for your company domain and you will be good to go.
This solution is great for smaller organisations, but won’t work for larger organisations that use commercial spam and virus filtering services to clean their incoming mail. The MX records get changed to point to the filtering service, which does it’s filtering magic, then forwards the email to the organisations email server.
In fact, you can setup Exchange to accept and silently delete emails that are destined for non-existent mailboxes. This is a great way to stop dictionary attacks.
I have written a Ruby code following this article. It checks the mailbox using SMTP as mentioned above
github.com/skillnet/validates_email_with_smtp/tree/master
Validation is a check to ensure it is true to the specification (eg: is the number N digits long?). Not to be confused with verification which is a check to ensure it is correct within the intended system (eg: does the number work when phoned?).
This is verification, not validation.
Interesting idea.
Seems too hacky for me. Checking the domain name, why not but email verification wont be reliable either way (positive/negative)
Still i like the idea itself.
Thanks.
Another way you could do this is actually send the email BUT let the user login as it has already activated his account and catch bounces. If an email of a user bounces then you just mark him as inactive and force him to re-enter a valid email upon login. It requires a bit more on the server side but helps you a great deal and makes the user’s life easier.
Spam filtering, mail forwarding systems, mail relays, MX backup handlers and more will prevent the RCPT check from working in some cases.
Also as noted above, your HELO is not a FQDN. BUT still the verification works fine in Gmail & Hotmai & few other popular mail services I have just tried.
Pingback: PHP, Web and IT stuff » Blog Archive » Understanding FTP using raw FTP commands and telnet
Pingback: Weekly Digest for May 6th : BorkWeb
There are also several Web Services that can validate an email address.
Please tell me how to check Email ID existing or not in any domain.
Thanks in Advance
Hi,
I’ve used a class in PHP that does just that. I used the base from PHPClasses.org and extended the functionality a bit.
It searches for MX records and tries them, since some domains have multiple fall-back mechanisms etc. Most of the time it verifies correctly and is therefore reliable enough. I can’t distribute the code for it, since it is used within a company. But it works and indeed doesn’t take more than a second or two for each verification.
It also checks for valid HELO commands, since this is the first step to be allowed to proceed.
– Unomi –
The “HELO” with just “hi” is screaming for problems. Please use “HELO” and a full qualified hostname and not just “hi”. btw: Be nice with the SMTPD and send a “RSET” command before the “QUIT” command.
// Steve
Thanks for the article. After reading all the solutions to email validation – It seems this is the BEST and most obvious way is to validate the user. With that said, can anyone tell me how to make a BCC with php. I have tried everything and it only sends to my email and not the secondary email. I figure having the user reply to the confirmation proves they want to get the reply from my contact page. Adding BCC to the email headers doesn’t work for some reason. Any help would be apreciated.
Thanks a million!! This site rocks!
I want to know if this email address is a valid one, I think I might be being scammed, if not that is good, but i need to know diplomatic@drivehq.com
Hello,
can anyone present us the implementation of this solution in VB6 ? (especially how to check if an email adress exist or not in VB 6)
Thanks,
Great, i have tested this on Gmail, yahoo mail and hotmail and it works.
I have added this check as optional to our CRM system. 🙂
Sweet.
Cheers
Great. Now i can check the email exist or not for that particular domain.
530 5.7.0 Must issue a STARTTLS command first. 5sm1835826yxd.35
I get above exception after mail from: command. – This is for particular email accounts that need a EHLO instead of standard HELO.
Great. Thanks for this.
Just checked this to work with Gmail & Yahoo mail accounts. Great thanks for the detailed post.
Hi! Can someone show an example with this setup in a form? I don’t really understand what I must do with these scripts to work…. I am beginner, help
Slightly diffferent subject but if I join a blog what will the people running the blog be able to tell about me, would they know where I was emailing from for example?
Hi I tried to use this, it worked fine for gmail, and hotmail. Thanks for sharing the code too.
@Alex it is pretty easy to setup. Just download the PHP files in the “SMTP check code in PHP” make sure that it is working by just following the usage example.
I got it working in a few minutes on my LAMP server.
if i want to check vaildate mail by write programme in VB8 , from where i will start
Hey very nice blog!!….I’m an instant fan, I have bookmarked you and I’ll be checking back on a regular….See ya 🙂
don’t mean if the email was right when write or no , i want to check with servier or by domain name if was this email vaildate or no.
I have just tested with gmail .It seems it’s not work
telnet alt2.gmail-smtp-in.l.google.com 25
220 mx.google.com ESMTP x6si1141525gvf.28
helo hi
250 mx.google.com at your service
mail from: supermanxp2003@yahoo.com
555 5.5.2 Syntax error. x6si1141525gvf.28
mail from: supermanxp2003@yahoo.com
555 5.5.2 Syntax error. x6si1141525gvf.28
Could you help me .Thanks.Best regards
You have to use angle brackets with gmail. You will have to slightly change your instructions:
mail from: <supermanxp2003@yahoo.com> (with angle brackets)
Thanks for reply quickly .
It’s worked well for me for gmail .But i have some problem with yahoo.It required authentication login .
telnet smtp.mail.yahoo.com 25
helo hi
mail from:
Could help me this one.Thanks
Best regards
To be clear, the article here is for advanced email validation to actually check if the user has an account. Before doing this, you have to check if the email is valid. Here is the code to do that, this is the first step that you should do.
function emailcheck($email) {
return preg_match(‘/^(?:[\w\!\#\$\%\&\’\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\’\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/’, $email);
}
Thanks for very helpful to replied.It’s also worked well for me for livemail.
This is used now for certain email addresses and especially valid domains that we have for the first time in our database. Works great, thanks for the code.
Thank you for the great information. I have been searching for this question and finally got it.
For all of your peoples information… I see many regular expression checks that do not correctly check the domain extension length, for example the .museum domainname extension length is 6 characters and the minimum length is two:
function check_email($email) {
$rx =”^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,8})$”;
return eregi($rx,$email);
}
In real terms the function:
$emailIsValid = filter_var($email, FILTER_VALIDATE_EMAIL);
doesnt work (does what is says on the tin but doesnt ‘check). This will allow anything that sits within standard. That means that anything that is correctly formatted will go through, doesnt have to be an actual valid address. For example xxx@staleproperty.com.uk will go through, it is valid because the RFC defines this as ok (allowing for future growth in the standard) but the reality is it is not valid because ‘.com.uk’ is not a valid base domain.
Hello Everyone,
I want to validate my bunch of email addresses, some free softwares can validate only max 50 email id’s at one go and takes time for validation. Can any one of you tell me if you have any such software which is available free and validate my email ids, your support will be appreciated. thanks a bunch in advance.
Thanks for sharing. It’s important information for SEO people.
One again, your idea is very
good.thank you!very much.
I’ve just had an odd situation. I was buying an Apple product through Apple Finance (Barclays Bank). The tool they use to process the application validates the email address before accepting it. It failed to validate my email address on harper.org.uk and it also failed to validate my google mail address. I’ve also had issue with other companies attempting to validate email addresses and this validation failing for these two domains, particularly Vodafone’s Blackberry servers and an electronic magazine that I have attempted to subscribe to. There appears to be a common problem out there with email validation.
nick 9th june is so right I am always having this problem
This is nice posting. Its helping to many friends say to me.
Doing good..
Thanks a lot..!
Well…. this is a nice feature to have. Though you should only use it to hint the user to pay extra close attention to their input. As this method of validation is not failsafe, you should only indicate a possibly incorrect email address, and not blocking the user from using it anyway.
i got an error when run the script (Class ‘SMTP_validateEmail’ not found in D:\xampp\htdocs\mac\checkemailexamplephp.php on line 8)
please help
Hi ,
Is there a way to check in .NET (C#) whether the email entered by the user actually exists or not.
I am using the SMTPclient. Or is there a way where we can check that the email was actually sent to the email address.
Any help would be greatly appreciated.
Thanks,
Meenakshi
Pingback: CAP Marketer - How to check if an email address exists without sending an email?
tanks
Pingback: How to check if an email address exists without sending an email? — HTMLCoderHelper.com
Before you check the validity of your email, you can also check the validity of the domain. In PHP:
$domain = explode(‘@’, $_POST[’email’]);
if (!checkdnsrr($domain[1]))
…
http://php.net/manual/en/function.checkdnsrr.php
please verify this id………