My email address on www.email.it has been disabled because I haven't used it for a long time.
Now, when I go on a FB, I get this message:
"Our systems have detected that xxxxxxx#email.it is no longer a valid email. "
So my question is:
How these systems can detect if an email is valid ?
You cannot detect if an email is fake. All you can do is to detect whether a string respects the RFC 5322 of a valid email address format. You can't possibly know whether such an account has been declared at the target SMTP server unless you own this server. You can probably try to send an email to this address and see what does the remote SMTP server responds.
You can't reliably determine if an email is valid or not. SMTP servers are suppose to implement the VRFY command but many have this disabled to prevent spammers from being able to detect valid email address.
Additionally, even if an email address respects the RFC 5322 valid email address format does not mean that it is a valid email address on the destination server; many servers do not correctly implement this standard!
The best that you can do is send an email to the address with a click back link in the email. If the email address is valid and the user reads the email and the user clicks the link then it might be the case that the email address is valid (it could have been intercepted too thus giving you a false positive).
If the email bounces back, it might indicate that the email address is not valid (but it could also be the case that the destination server is down, or the mailbox is full, or who knows what else).
As you can see, SMTP is remarkably unreliable given how well it works in practice.
Most likely Facebook tried to send mail to that address. They know that the address isn't valid because the mail bounced.
Perhaps they tried to send an email (such as an update EULA) to said host and it responded in an unkind fashion -- hence "not valid"
SMTP is sort of stupid on how it handles -- or doesn't handle -- "can't deliver" messages uniformly, but the various detections may work "well enough" (VRFY, inspecting automatic reply messages, etc.)
I am pretty sure that FB had sent you any kind of email , and since that your mail is deleted or deactivated ..... there for your email will bounce back to them with the error message like :
No such user
mailbox unavailable
etc ..
so they were able to know that and deactivate your account
if you curious to know that error message just send an email and wait for it to bounce back to you
simple but handy :)
What some companies do (and possibly FB as well, though I don't know for certain) is periodically send an email to the account, simply to see if it is "live" - they will request the receiver to click a link on it to prove the email address is still in use.
After several such emails that have received no response (or were bounced), they will consider the email address "dead".
Related
I've trying to check if the email address exists and is alive though the smtp server, but I'm getting answers as exact as possible.
Only way to prove that an email is alive is email confirmation after registering process.
You should send to newly subscribed/registered user a link containing parmeters about his email confirmation.
for instance:
new user with email aaa#bbb.ccc is registered and his email is saved into database with id
"as23kja45".
You should send him an email message with link yoursite.com/confirmation.php?id=as23kja45. After clicking on this link you'll read id in param value, check in database does it exists, if true => you have alive email address
Before sending such link you should check email by some email validator to prove that email satisfying form of email address.
There is no 100% reliable way of checking the validity of an email address. There are a few things you can do to at least weed out obviously invalid addresses, though.
The problems that arise with email addresses is actually very similar to those of snail mail. All three points below can also be used for sending snail mail (just change the DNS record with a physical address).
1. Check that the address is formatted correctly
It is very difficult to check the format of email addresses, but PHP has a validation filter that attempts to do it. The filter does not handle comments and folding whitespace, but I doubt anyone will notice.
2. Check that the DNS record exists for the domain name
If a DNS (Domain Name System) record exists then at least someone has set it up. It does not mean that there is an email server at the address, but if the address exists then it is more likely.
3. Send a verification email to the address
This is the most effective way of seeing if someone is at the other end of the email address. If a confirmation email is not responded to in an orderly fashion -- 3 hours for example -- then there is probably some problem with the address.
I am working on a tool that will be sending bulk messages (not spam :) and I need to add a feature that will detect bounced messages. Is there a standard response associated with bounces? Would it be in the header of the body?
This is typically achieved by setting the Return-Path header of your outgoing Mail to a unique Address for every recipient. For example, you could use bounce+userid#example.com if you have a unique userid identifing every recipient.
If the Mail gets bounces, you recieve it and parse the reciever (which will bounce+userid#example.com), you can then take appropriate actions.
Using the + syntax makes it possible to create a single mail-user (bounces#example.com) which recieves all bounces and still distinguish between the recipients.
You can not rely on either the headers or the body of the bounced message to be able to reliably identify the original recipient, especially if you want to automate the process. Even if you add your own custom headers, it's likely that the bouncing server will strip them when it sends notification back to you. And trying to parse text in the body of the message in order to pull out the recipient's email address can be dodgy at best, as there's no standard format and every bounce you get will be different. The only piece of information that will remain completely untouched in a bounce is the return path email address -- the address that your server advertises it wants bounces sent to. Thus, the only way to automate truly accurate bounce catching is to encode the recipient directly into the return path address itself.
This would typically be done by overriding your server's default return path address for each outgoing message, using a unique value per recipient, like bounce-XXXXX#yourdomain.com, where XXXXX is some encoded and/or obfuscated representation of the recipient's email address or some other internal identifier. This technique requires the use of an email server which can support this type of wild card catch-all address so that you don't have to set up a new bounce account for each email address you're sending to. Assuming that, you simply configure the server to dump all such bounce-* emails to your script, which needs only to decode the XXXXX in order to determine who the original recipient was.
If your tool is going to be talking directly to the recipients' SMTP servers, it
might be more advisable to check the error codes returned via the SMTP protocol for
4xx (temporary failure, e.g. "mailbox full") or 5xx (error, e.g. "no such user")
responses. Due to antispam/backscatter prevention mechanisms, you shouldn't rely on
the recipient's server to reply with a non-delivery report whenever a message doesn't
go through.
How to check whether an email id exists or not using PHP? and to get information about the owner of the email id? is it possible to get the information about the owner of the email id? do have to work with some protocols like POP? Please help me.
There is no 100% guaranteed way of knowing if an email address is valid without sending an email and having the user respond in some way. There are checks you can do to increase the chances of knowing if an email address is valid or not. You can do a DNS lookup and see if the domain has an MX record. There are also parts of the SMTP protocol you can use, but nothing mandates that an SMTP server will respond to these commands. Centralops.net provides a product that can help, but again, it isn't guaranteed.
If there was a sure way of handling this, then why would virtually every site that has a registration feature require you to respond to an email in some way? The question isn't meant to be a snide one; I'm just hoping it helps you see that other sites have not been able to perform the very same check you are asking for.
HTH
Lets say a user submits the following email address:
stackuser#stackoverflow.com
The checks you would want to perform in order are like so:
Is the address valid
Does the domain run a mail server / MX Records
Is it blacklisted
Firstly within PHP you can validate an email by using filter_var like so:
$is_valid = filter_var("stackuser#stackoverflow.com",FILTER_VALIDATE_EMAIL);
Secondly you would want to check if the domain runs a email server, to do this you can check the dns records for MX like so:
$has_dns_mx_record = checkdnsrr("stackoverflow.com","MX");
You might also want to open the port on the domain like so:
$socket = fsockopen("stackoverflow.com", 25);
$mail_running = (bool)$socket;
fclose($socket);
You can also check to see if the SMTP Server responds with a 550, i.e email does not exist, like so:
SEND > helo hi
250 stackoverflow.com
SEND > mail from: <youremail#yoursite.com>
250 2.1.0 Ok
SEND > rcpt to: <stackuser#stackoverflow.com>
> 550 5.1.1 <stackuser#stackoverflow.com>: Recipient address rejected: User unknown in local recipient table
Looking at the above you can send commands to a valid smtp server such as helo > mail from <...> and check the 550 response.
Take a look here for some response codes: http://www.greenend.org.uk/rjk/2000/05/21/smtp-replies.html
Also you should take note of #slebetman's comment stating that a small percentage of mail > servers are configured to respond 550 to prevent the sniffing out of valid email addresses.
The black list check is pretty simple, you would just find a decent DNSBL Server that provides a gateway for you check check the domain to see if it has been blacklisted, if it has the email may well be valid and active but has been marked as spam, therefore its an untrusted email and you should request an alternative email address to authorize against
These are some of the validation techniques used to validate an email address, now there is plenty more validation methods but these are a few of the main ones.
I am using phpmailer to send email. I need to know how to hide or mask sender email address
You can specify any sender email address anyway, since SMTP by itself does not place any requirements on sender email addresses.
If the actual SMTP server you use places restrictions on email addresses (e.g. corporate servers which do not allow sender emails outside of the company domain) there's no way around that, unless of course you can influence the mail server configuration.
Update:
You say in a comment that you want to use gmail to send email where the sender's address is not a gmail address. There is no way to do that.
This is a rare situation you have here... if you do not have a mail server you can still tell PHPMailer to send from a different address just set the From attribute of the PHPMailer object to the address you want. But Wait! if your server doesn't exists, the client can't verify the account and then your mail will more likely be deleted (moved to spam in the more benevolent scenario). If you are trying to mimic third party mail, I'll help you no futher.
Note: Your mail server may be valid but clients are still unable to verify it, and thus you are getting mails delivered to spam or deleted. Check "Must Read" to below to have some inside on how to solve this.
On the other hand, if you already have a mail server, then tell PHPMailer you want to use it, set the Host and Port attributes to your domain name and port respectively. The same if you want to use an account form a different server, remember to set the attributes Username and Password correctly, you may also need to set SMTPAuth = true; and SMTPSecure = 'ssl'; depending on the server. [Note: Username and From may differ]
Now, if you want to use an account from Gmail, you could easily set an alias in Gmail to send as another account [Go to Settings-> Accounts And Import -> Send mail as -> (click) Send Mail From Another Address], that can be the case if you have a mail server but you cannot afford to have it online, you will need to start your server so you can receive the confirmation code Gmail generates to verify your account. Check recommended read for PHP side configuration details.
Lastly if for some rare circunstancies you can't tell PHPMailer to use your mail server, but you do in fact have one, and that one is able to recieve the mail... you can use AddReplyTo('me#example.com', 'My Name'); Most clients will understand that any reply to the message must be (unless explicitly defined by the user) directed to "me#example.com" in this case.
Disclaimer: I take no responsibility of any harm result of the use of the method I mention here, such as (but not limited to) your mail account getting banned.
Must read:
Coding Horror on sending mail via code
Recommended read: PHPMailer Tutorial (old version)
No need (neither a good way) to hide or mask whatsoever.
I assume you already know how to use the class you are talking about.
You probably have some variable for sending email, like
var $From = "someguy#whatever.com";
you can type whatever you want into that email address. Gmail dont care what email things is sent from.
And no, this dosent sound very legit.
One more thing: Gmail requires a gmail account to relay mails. Its no problem, it wont be visible.
You want to "show the company email address as sender" but you "didn't (sic) have any email server"?
Can anyone actually send you email at your company email address? If so, use that server which is hosting your email to send out from.
If you don't really have a company email address, then I suggest you get a gmail address like companyname#gmail.com and just send from that. Otherwise the email will appear as spam to a great many of your recipients.
Now, if the people you are about to send an email to actually signed up to be on your mailing list then you can use a third party application like Constant Contact to do your broadcasts from.
If they haven't, then I suggest you not send an email at all.
in mail headers you can have both a Sender: and a From: header which in most mail clients is displayed as either just the From or in some cases Sender on behalf of From, using this way is a nice and clean way to be able to send From a different mail address then the actual Sender mail server
This is highly illegal.
var $From = "someguy#whatever.com";
Is the only option your have for trying to hide email address. But no matter what your email will be inscribed with IP. Someone who knows what they are doing will still be able to trace the email back to the source.
I have a website, example.com hosted at godaddy. I was just messing around with PHP's mail function and uploaded the following to my website at example.com:
mail( "someone#yahoo.com", "test", "test message", "From: someone#gmail.com" );
Why does this work? I mean, it shouldn't, right? The "From" address domain isn't "#example.com". Yet, when I check my email at someone#yahoo.com, I get the message from someone#gmail.com... How is it that I'm able to (potentially) send an email from anyone's email account without their password?
This is possible, as in, you can put into the E-Mail headers whatever you want, including a totally arbitrary sender address. You are right, though, security-conscious providers will usually configure their outgoing mail services in a way that allows only sender addresses residing on the server the mail gets sent from; but they don't have to.
Also, on the receiving end, messages where the sender address belongs to a domain that is not associated with the sending mail server very often end up in the Spam folder.
It's (as you already know) very bad practice to make use of this. As to whether the provider is at fault - it could be anything from a sign of trust (if you are the only user on the server, or one of select few clients) to carelessness. You may have reason to complain because if one of your web hosting neighbours misuses this to send spam, the server's IP address might get blacklisted, causing any E-Mail coming from it (legit or not) to get caught in spam filters.
it's because of email format specification.
have a look at the email's header specification, you might refer to the http://en.wikipedia.org/wiki/Email#Header_fields
that is the reason why one should never trust the "from" information once you receive an email.
This is why systems like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) have been introduced.
SPF allows admins to define where email for a particular domain is supposed to originate. In your example, and assuming that SPF records were set up, the records would show that the Go Daddy host from which the mail was sent was not an authorised sender for the gmail.com domain. A (Yahoo) mail server that receives that mail and does SPF validation would probably reject the mail.
DKIM uses digital signatures to allow a sending mail server to show that an email came from the domain it says it came from. In your example, you wouldn't be able to sign your email and make it look like it really came from Gmail, because you don't have their key.
Both these systems require proper SPF/DKIM records to be set up, and also require that the mail server that handles the email for its recipient actually performs the validation.
So don't worry: this problem is being worked on :-)
Whether you should be able to do this is basically a matter of who you ask. The email RFC states that you should. Best practice for hosting and ISP says you shouldn't.
So seen from PHP point of view. Yes you should
Edit:
And btw you're not sending the mail from somebody's account your simply stating that you email is something differrent from what's actually true. Which is basically the same as introducing yourself to a stranger as, let's say "Bill Clinton". If the receiver is paying attention they'll know it's wrong. In the real world because you don't look like him and in the email world you can simply test if the sending server is allowed to rely from that specific domain.