I've trying to check if the email address exists and is alive though the smtp server, but I'm getting answers as exact as possible.
Only way to prove that an email is alive is email confirmation after registering process.
You should send to newly subscribed/registered user a link containing parmeters about his email confirmation.
for instance:
new user with email aaa#bbb.ccc is registered and his email is saved into database with id
"as23kja45".
You should send him an email message with link yoursite.com/confirmation.php?id=as23kja45. After clicking on this link you'll read id in param value, check in database does it exists, if true => you have alive email address
Before sending such link you should check email by some email validator to prove that email satisfying form of email address.
There is no 100% reliable way of checking the validity of an email address. There are a few things you can do to at least weed out obviously invalid addresses, though.
The problems that arise with email addresses is actually very similar to those of snail mail. All three points below can also be used for sending snail mail (just change the DNS record with a physical address).
1. Check that the address is formatted correctly
It is very difficult to check the format of email addresses, but PHP has a validation filter that attempts to do it. The filter does not handle comments and folding whitespace, but I doubt anyone will notice.
2. Check that the DNS record exists for the domain name
If a DNS (Domain Name System) record exists then at least someone has set it up. It does not mean that there is an email server at the address, but if the address exists then it is more likely.
3. Send a verification email to the address
This is the most effective way of seeing if someone is at the other end of the email address. If a confirmation email is not responded to in an orderly fashion -- 3 hours for example -- then there is probably some problem with the address.
Related
how do i validate Existing E-Mail Address.
in a Registration system, when a user enter a Email address it checks if the Email address is existing or not in Ymail/Gmail.
i already have a running domain(for Practice).
You have my regards.
Most registration systems validate an email address by sending an email to it with a uniquely encoded URL in it and requiring the user to go get that email and click on the link. When your server sees that the link has been clicked on the email address is know to be accessed by you.
Here's a basic flowchart for how it works:
User goes to your website
User commences registration and fills in their email address
Server checks to see if email address is in a legal and proper form and is not already registered
If the rest of the user's registration looks good and then email address looks legal, the server creates an account in your system and puts in the "unverified" state.
Then, a code is generated that corresponds to that specific user. That code is put onto an URL and that URL is put into an email which is sent to the email address the user entered.
The user receives the email with instructions to click on the enclosed link.
User retrieves email and clicks on the link.
Your server receives web request from that link. It parses out the code from the URL and checks to see if that code matches an account that is in the "unverified" state. If so, and the account has not expired from too much time elapsing since the email was sent, then the account is put into the "verified" state and is ready for use.
The basic idea of this system is that if you can retrieve an email sent to that email address then the email address must be a valid and working email address and you, the user, must be able to access that email address (it's not just some random email address you made up).
Back in the day, you could easily validate email addresses. Then the spammers came along. Now the only way you can confirm the existence of an email address is by trying to send something to it and checking for bounces. And even then, the lack of a bounce doesn't mean it exists - it could simply have been silently deleted, ignored, spam filtered into oblivion, etc...
Basically, what you want is not possible - any such system would simply help spammers hammer your box with more russian brides popping penis pills while wearing fake rolexes.
SMTP provides VRFY and EXPN verbs to check if an account or mailing list exists. However, most server admins disable these verbs from their mail configuration to prevent hackers from exploiting user lists. Gmail and Yahoo are said to have VRFY disabled.
Another option you can try for these servers is emailing the user with a link to confirm their email address. Granted, it is not as sexy as realtime email verification, but it is more secure for all parties.
It is practically not possible to validate email address with growing number of spams.
These days people send a mail to the email address entered by user to complete the registration or activate the account. You can probably do that and is a much safer way to do. You can find a number of resources online to implement this functionality.
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
How to check if an email address exists without sending an email?
Possible duplicate:
How to check if an email exists without sending an email?
I have a very big database with users (over 50000) and there are lots of automated e-mails the site sends out.
The problem is, quite a few of the addresses in the database (that users registered with years ago) have expired or have been deleted or no longer exist for whatever reason.
This creates an issue, because each user should have a valid e-mail.
I've been trying to find out if there's a way to detect whether an e-mail address is active, so we could update the database and prompt those users to enter a new e-mail? Something like a ping for e-mail addresses?
There's some code here that I've tried to figure out but to no avail:
http://www.webdigi.co.uk/blog/2009/how-to-check-if-an-email-address-exists-without-sending-an-email/smtpvalidateclassphp/
Does anyone have a solution?
Please note that I need a PHP solution, not command line since I have 50k e-mails to check.
Two things, first you should stop the influx of potentially in-valid email addresses by implementing a 'closed-loop' email verification system. Basically, when a user signs up for your site, you send an email with a link confirming their email address, and when they confirm, their account gets full access to your site.
Secondly, there is no real way to determine if an an email address is invalid strictly using PHP. I had to tackle this problem a few months ago, and we ended up using the mail-server to tell us if an email address has been bounced back or not. When your mail server sends an email, and the email cannot be delivered, the recipient mail-server will respond with a bounce notification to your mail-server which includes information as to why the email was bounced. Information such as a Delivery Status Notification (DSN) code which identifies why the email address couldn't be delivered.
Some example codes:
511: Bad Mailbox
512: Bad System
516: Mailbox Moved
These codes are made up of a prefix (4 or 5) to indicate a transient (temporary) or permanent failure. The following two digit code indicates an error range; two digit codes between 10 and 19 indicate an error relating to the email address, whereas codes between 20 and 29 indicate an error relating to the email mailbox.
From these codes you can determine, based on business requirements, a 'hard bounce' or a 'soft bounce'. A hard bounce would be something like 511 (bad mailbox), where it's certain that this email address is not currently valid. A soft bounce would be something like 445 (network congested), which indicates that it was a temporary issue as to why the email could not be delivered.
So in your instance, you could send out an email blast, and then track the bounces on your mail server. By looking at each bounce and the respective DSN code, you can flag whether an account's email is valid or not (we used PHP to gain access to the mail server and parse the bounce notifications for the DSN codes)
Here is more information on DSN codes.
-- Edit --
As Dagon wisely mentioned, you can pipe bounced emails into a PHP script upon their receipt. To do this you will need to read up on your mailserver config, but ours looks similar to the following:
bouncehandler unix - n n - - pipe
user=nobody argv=/usr/bin/php /path/to/BounceHandler.php
<% end %>
The only way to check if an e-mail address is expired or not is to send an e-mail message to it and see if you get a response. But note that doing so may be considered spamming, since it is an unsolicited message.
You can check if an e-mail address if properly formed, and if the mail server it specifies actually exists, but thats about it. There is no way that I know of to check if the account exists (and if a human is reading the mail sent there) without sending a mail with a link and requesting that the user click the link.
I am trying to build a email messaging system for a classified site ( a la craigslist), so that users can email each other. emails of registered users are stored in a database.
What I want is for the recipients email address to be hidden from the sender's . If I just use the mail() function and dynamically get the recipients email from the database, will this email be visible to the person sending the mail ??
if the recipients email is indeed hidden from the sender's when using mail() this way, then why does craigslist anonymize's email ? isn't it already anonymous ?
Edit: so the email won't be visible to the person filling the form. SO the question remains is why does craigslist anonymizes email addresses? and whether I should implement the same ?
Craigslist doesn't use a form to submit. They provide an email address. When the users send the email using their own email system to #craigslist.org, then their servers get that email, look up the appropriate record, and forward the email to the real email address, so the sender never sees the real email address of the person.
If you're providing a form for the users to fill out, then you're doing something completely different from craigslist. You don't have to show the person's real email address on the form, and they're using your form, not their own email program, to do the reply, so there's no need to show any email address at all, anonymous or real.
If you're going to let people use their own email programs and provide them with an email address, then use the anonymizing service, which will add some load to your servers since they'll have to parse and process incoming emails at a variety of addresses. If you're using a form, you don't have to show any email addresses at all.
You are the one sending it, and it really comes from your server, not the person who filled out the form on your website. So no, there is absolutely no way they can see the real address it went to.
Why does craigslist take it a step further? Not sure, but its not for that reason.
My email address on www.email.it has been disabled because I haven't used it for a long time.
Now, when I go on a FB, I get this message:
"Our systems have detected that xxxxxxx#email.it is no longer a valid email. "
So my question is:
How these systems can detect if an email is valid ?
You cannot detect if an email is fake. All you can do is to detect whether a string respects the RFC 5322 of a valid email address format. You can't possibly know whether such an account has been declared at the target SMTP server unless you own this server. You can probably try to send an email to this address and see what does the remote SMTP server responds.
You can't reliably determine if an email is valid or not. SMTP servers are suppose to implement the VRFY command but many have this disabled to prevent spammers from being able to detect valid email address.
Additionally, even if an email address respects the RFC 5322 valid email address format does not mean that it is a valid email address on the destination server; many servers do not correctly implement this standard!
The best that you can do is send an email to the address with a click back link in the email. If the email address is valid and the user reads the email and the user clicks the link then it might be the case that the email address is valid (it could have been intercepted too thus giving you a false positive).
If the email bounces back, it might indicate that the email address is not valid (but it could also be the case that the destination server is down, or the mailbox is full, or who knows what else).
As you can see, SMTP is remarkably unreliable given how well it works in practice.
Most likely Facebook tried to send mail to that address. They know that the address isn't valid because the mail bounced.
Perhaps they tried to send an email (such as an update EULA) to said host and it responded in an unkind fashion -- hence "not valid"
SMTP is sort of stupid on how it handles -- or doesn't handle -- "can't deliver" messages uniformly, but the various detections may work "well enough" (VRFY, inspecting automatic reply messages, etc.)
I am pretty sure that FB had sent you any kind of email , and since that your mail is deleted or deactivated ..... there for your email will bounce back to them with the error message like :
No such user
mailbox unavailable
etc ..
so they were able to know that and deactivate your account
if you curious to know that error message just send an email and wait for it to bounce back to you
simple but handy :)
What some companies do (and possibly FB as well, though I don't know for certain) is periodically send an email to the account, simply to see if it is "live" - they will request the receiver to click a link on it to prove the email address is still in use.
After several such emails that have received no response (or were bounced), they will consider the email address "dead".
I'm developing an email marketing system which allows users to send emails to multiple addresses. I have a list of tasks that need to be done, probably I will have many questions regarding to these tasks. Here's one of them: As I said, users are sending out emails to multiple addresses. I want to check for every sent out emails if the receipient address blocks the email and the reason of the block.
Usually this is coming back to an email from Mail Delivery System. I think the solution has to be somewhere around the idea of checking the incoming emails somehow. Please help me finding the best solution.
Thanks
**
UPDATE:
**
I'm going to update the content of the question. I forgot to say that these emails are sent our from a valid SMTP server with username and password, there should be a way to get the content of inbox from PHP somehow.
I want to check for every sent out emails if the receipient address blocks the email and the reason of the block.
Forget it. Most spam filters will just swallow unwanted E-Mail without comment (so as to not give spammers any hint about their success or failure).
Also, you won't be able to find out if a user simply deleted your E-Mail straight away, or had a rule set up in their E-Mail client to delete it. This is information that you will never get hold of unless the recipient tells you.
Only a tiniest fraction of rejected E-Mails will actually cause a reply to go out to the E-Mail sender address - if any! I, for one, have had mails swallowed by spam filters, but I've never received a reply saying "your E-Mail was filtered as spam". Have you?
What you can do is catch E-Mails whose delivery failed for technical reasons - unknown recipient, recipient mailbox full, relaying failed... Those will be returned as "mailer-daemon" error messages to either the sender address, or the address specified in the errors-to header. Those mails you could parse using PHP. But I don't think this is what you want.