I'm trying to validate if a Yahoo! email account is valid and active for a giveaway signup form to prevent scam and spam. There are services that do this out there, but it makes no sense because the giveaway is free and too many signup.
Basically Yahoo! returns a "special status" when an email address is "inactive" and then responds automatically with an email about this.
I would like to detect this somehow before sending an email to the user - as it makes no sense sending email if the email is inactive.
I've tried the basic telnet method:
telnet mta7.am0.yahoodns.net 25
Trying 98.136.96.76...
Connected to mta7.am0.yahoodns.net.
Escape character is '^]'.
220 mtaproxy412.free.mail.ne1.yahoo.com ESMTP ready
hello hi
502 Command not implemented tnmpmscs
mail from: <....#yahoo.com>
250 sender <....#yahoo.com> ok
rcpt to: <....#yahoo.com>
250 recipient <....#yahoo.com> ok
Connection closed by foreign host.
But as you can see the status is "ok", even though the email itself is invalid. If I email this address, I get the following email back in a few seconds:
554 30 Sorry, your message to ...#yahoo.com cannot be delivered. This mailbox is disabled (554.30).
So my question is, how can I "detect" this status via code? If this is even possible...
I'm using a PHP framework.
Thanks
Related
I using phpBB 3.0.12 and encountered with issue:
some mail services like mail ru recognising activation emails from my from like spam messages and return them with 550 error
Oct 27 10:37:02 26sp postfix/smtp[31754]: 33347587974:
to=, orig_to=,
relay=mxs.mail.ru[217.69.139.150]:25, delay=2.5,
delays=0.01/0/0.08/2.4, dsn=5.0.0, status=bounced (host
mxs.mail.ru[217.69.139.150] said: 550 spam message rejected.
Please visit
http://help.mail.ru/notspam-support/id?c=Jdo_XLgUDbBjA8QmVnqeZQShDEMZPvTFdwpE_P3-ufG-37333wCzdKLWRJxdUdKdCgAAAPSVAAAAriEj
or report details to abuse#corp.mail.ru. Error code:
5C3FDA25B00D14B826C40363659E7A56430CA104C5F43E19FC440A77F1B9FEFDF7BDDFBE74B300DF9C44D6A29DD2515D.
ID: 0000000A000095F42321AE00. (in reply to end of DATA command))
550 error means that users marked as spam mailings from forum and mail.ru categorized any mailings as spam. I already send request to support remove forum from spam lists but any email notifications sended by forum doesnt eaven get to emails in mail.ru.
Question: i want write something like don't send email activation if user entered ****#mail.ru in registration. But im not familiar with phpBB.
can someone help me where find function for sending activation emails.
I'll be very appreciate for any help.
IMPORTANT! Before making any changes, make sure you have a back up just in case things go wrong.
Using FTP download from your site this file - language/xx/ucp.php (where xx is the language code, eg. for English it is en)
Open it in a proper text editor that is capable of saving files as UTF8 without BOM and NOT a word processor or Notepad as these can cause problems.
I'll give you the example using the English version as thats what I use on my site...
Look for:
'UCP_ADMIN_ACTIVATE' => 'Please note that you will need to enter a valid e-mail address before your account is activated. The administrator will review your account and if approved you will receive an e-mail at the address you specified.',
and:
'UCP_EMAIL_ACTIVATE' => 'Please note that you will need to enter a valid e-mail address before your account is activated. You will receive an e-mail at the address you provide that contains an account activation link.',
You can change the message in these two lines to suit your needs. Once done, save and upload back to your server using FTP.
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
How to check if an email address exists without sending an email?
Possible duplicate:
How to check if an email exists without sending an email?
I have a very big database with users (over 50000) and there are lots of automated e-mails the site sends out.
The problem is, quite a few of the addresses in the database (that users registered with years ago) have expired or have been deleted or no longer exist for whatever reason.
This creates an issue, because each user should have a valid e-mail.
I've been trying to find out if there's a way to detect whether an e-mail address is active, so we could update the database and prompt those users to enter a new e-mail? Something like a ping for e-mail addresses?
There's some code here that I've tried to figure out but to no avail:
http://www.webdigi.co.uk/blog/2009/how-to-check-if-an-email-address-exists-without-sending-an-email/smtpvalidateclassphp/
Does anyone have a solution?
Please note that I need a PHP solution, not command line since I have 50k e-mails to check.
Two things, first you should stop the influx of potentially in-valid email addresses by implementing a 'closed-loop' email verification system. Basically, when a user signs up for your site, you send an email with a link confirming their email address, and when they confirm, their account gets full access to your site.
Secondly, there is no real way to determine if an an email address is invalid strictly using PHP. I had to tackle this problem a few months ago, and we ended up using the mail-server to tell us if an email address has been bounced back or not. When your mail server sends an email, and the email cannot be delivered, the recipient mail-server will respond with a bounce notification to your mail-server which includes information as to why the email was bounced. Information such as a Delivery Status Notification (DSN) code which identifies why the email address couldn't be delivered.
Some example codes:
511: Bad Mailbox
512: Bad System
516: Mailbox Moved
These codes are made up of a prefix (4 or 5) to indicate a transient (temporary) or permanent failure. The following two digit code indicates an error range; two digit codes between 10 and 19 indicate an error relating to the email address, whereas codes between 20 and 29 indicate an error relating to the email mailbox.
From these codes you can determine, based on business requirements, a 'hard bounce' or a 'soft bounce'. A hard bounce would be something like 511 (bad mailbox), where it's certain that this email address is not currently valid. A soft bounce would be something like 445 (network congested), which indicates that it was a temporary issue as to why the email could not be delivered.
So in your instance, you could send out an email blast, and then track the bounces on your mail server. By looking at each bounce and the respective DSN code, you can flag whether an account's email is valid or not (we used PHP to gain access to the mail server and parse the bounce notifications for the DSN codes)
Here is more information on DSN codes.
-- Edit --
As Dagon wisely mentioned, you can pipe bounced emails into a PHP script upon their receipt. To do this you will need to read up on your mailserver config, but ours looks similar to the following:
bouncehandler unix - n n - - pipe
user=nobody argv=/usr/bin/php /path/to/BounceHandler.php
<% end %>
The only way to check if an e-mail address is expired or not is to send an e-mail message to it and see if you get a response. But note that doing so may be considered spamming, since it is an unsolicited message.
You can check if an e-mail address if properly formed, and if the mail server it specifies actually exists, but thats about it. There is no way that I know of to check if the account exists (and if a human is reading the mail sent there) without sending a mail with a link and requesting that the user click the link.
It's widely known, that probably the best method to achieve that is the SMTP transaction with the MX server during which we're "emulating" sending the mail (HELO, MAIL FROM, RCPT TO - 250 response to rcpt to = e-mail is OK).
It works good, however many servers (e.g. Hotmail, MSN) are black-listing the hosts which are communicating like that (starting transaction without sending the e-mail).
Is there any better method to verify that e-mail exists - without user interaction and, if possible - without sending a message?
Unfortunately anything that helps legitimate apps determine if an email account is real and active are exploitable by spammers that are looking for live accounts.
Your best bet is (presuming a user is signing up on your site)... is to send them an email with a link (or code) that they click on (or type in) to "verify" this is a real account.
Note: Even doing this, only "guarantees" the account was active. It doesn't ensure that it wasn't a temporary service (e.g. mailinator or other disposable email address). ;-)
How to check whether an email id exists or not using PHP? and to get information about the owner of the email id? is it possible to get the information about the owner of the email id? do have to work with some protocols like POP? Please help me.
There is no 100% guaranteed way of knowing if an email address is valid without sending an email and having the user respond in some way. There are checks you can do to increase the chances of knowing if an email address is valid or not. You can do a DNS lookup and see if the domain has an MX record. There are also parts of the SMTP protocol you can use, but nothing mandates that an SMTP server will respond to these commands. Centralops.net provides a product that can help, but again, it isn't guaranteed.
If there was a sure way of handling this, then why would virtually every site that has a registration feature require you to respond to an email in some way? The question isn't meant to be a snide one; I'm just hoping it helps you see that other sites have not been able to perform the very same check you are asking for.
HTH
Lets say a user submits the following email address:
stackuser#stackoverflow.com
The checks you would want to perform in order are like so:
Is the address valid
Does the domain run a mail server / MX Records
Is it blacklisted
Firstly within PHP you can validate an email by using filter_var like so:
$is_valid = filter_var("stackuser#stackoverflow.com",FILTER_VALIDATE_EMAIL);
Secondly you would want to check if the domain runs a email server, to do this you can check the dns records for MX like so:
$has_dns_mx_record = checkdnsrr("stackoverflow.com","MX");
You might also want to open the port on the domain like so:
$socket = fsockopen("stackoverflow.com", 25);
$mail_running = (bool)$socket;
fclose($socket);
You can also check to see if the SMTP Server responds with a 550, i.e email does not exist, like so:
SEND > helo hi
250 stackoverflow.com
SEND > mail from: <youremail#yoursite.com>
250 2.1.0 Ok
SEND > rcpt to: <stackuser#stackoverflow.com>
> 550 5.1.1 <stackuser#stackoverflow.com>: Recipient address rejected: User unknown in local recipient table
Looking at the above you can send commands to a valid smtp server such as helo > mail from <...> and check the 550 response.
Take a look here for some response codes: http://www.greenend.org.uk/rjk/2000/05/21/smtp-replies.html
Also you should take note of #slebetman's comment stating that a small percentage of mail > servers are configured to respond 550 to prevent the sniffing out of valid email addresses.
The black list check is pretty simple, you would just find a decent DNSBL Server that provides a gateway for you check check the domain to see if it has been blacklisted, if it has the email may well be valid and active but has been marked as spam, therefore its an untrusted email and you should request an alternative email address to authorize against
These are some of the validation techniques used to validate an email address, now there is plenty more validation methods but these are a few of the main ones.
My email address on www.email.it has been disabled because I haven't used it for a long time.
Now, when I go on a FB, I get this message:
"Our systems have detected that xxxxxxx#email.it is no longer a valid email. "
So my question is:
How these systems can detect if an email is valid ?
You cannot detect if an email is fake. All you can do is to detect whether a string respects the RFC 5322 of a valid email address format. You can't possibly know whether such an account has been declared at the target SMTP server unless you own this server. You can probably try to send an email to this address and see what does the remote SMTP server responds.
You can't reliably determine if an email is valid or not. SMTP servers are suppose to implement the VRFY command but many have this disabled to prevent spammers from being able to detect valid email address.
Additionally, even if an email address respects the RFC 5322 valid email address format does not mean that it is a valid email address on the destination server; many servers do not correctly implement this standard!
The best that you can do is send an email to the address with a click back link in the email. If the email address is valid and the user reads the email and the user clicks the link then it might be the case that the email address is valid (it could have been intercepted too thus giving you a false positive).
If the email bounces back, it might indicate that the email address is not valid (but it could also be the case that the destination server is down, or the mailbox is full, or who knows what else).
As you can see, SMTP is remarkably unreliable given how well it works in practice.
Most likely Facebook tried to send mail to that address. They know that the address isn't valid because the mail bounced.
Perhaps they tried to send an email (such as an update EULA) to said host and it responded in an unkind fashion -- hence "not valid"
SMTP is sort of stupid on how it handles -- or doesn't handle -- "can't deliver" messages uniformly, but the various detections may work "well enough" (VRFY, inspecting automatic reply messages, etc.)
I am pretty sure that FB had sent you any kind of email , and since that your mail is deleted or deactivated ..... there for your email will bounce back to them with the error message like :
No such user
mailbox unavailable
etc ..
so they were able to know that and deactivate your account
if you curious to know that error message just send an email and wait for it to bounce back to you
simple but handy :)
What some companies do (and possibly FB as well, though I don't know for certain) is periodically send an email to the account, simply to see if it is "live" - they will request the receiver to click a link on it to prove the email address is still in use.
After several such emails that have received no response (or were bounced), they will consider the email address "dead".