How do you verify an email address?

Question: How do you validate an email address?

Answer: It depends.

The absolute answer is that you have to send mail to that address and request that the user take some action to indicate that they received the email. That might be as simple as replying to your email or logging into a webpage by providing a code included in the email that you sent. This is the only way you can really validate an email address.

But maybe you'd like to do some pre-checking before you go to all that trouble. It's easy enough to write a regular expression that matches email addresses as defined in RFC822 - and you should definitely look at that before you decide that you know what a valid address looks like! But that's just syntactically correct - it doesn't mean that the domain exists or that it has a mailserver if it does exist or that the user at that address actually exists. Still, regex checking can eliminate a lot of the worst crap people will type in to a web form

See How to Find or Validate an Email Address for more thoughts on using regexes to validate addresses.

The next step is therefore to check that the domain part has an MX record or records. If "dig mx" doesn't give back something like    7200  IN  MX  10

then it's pretty obvious that "" isn't a valid address.

If it is valid, you could try asking the server if it will accept mail for that user. That used to be a lot easier than it is now: all you had to do was connect and issue a "VRFY jack". Almost nobody lets you do that today because it was an easy way for spammers to check addresses - they would just try every name they could think of and send junk to the addresses that existed.

But you still can ask by using "rcpt to:". See How do I test an SMTP server for details; you look up the MX for the domain, connect to that and issue a "Helo", a "Mail from:" command and then a "rcpt to:". If you get a positive response (a 250 rather than a 55? or anything else, that SHOULD be a valid address. Maybe :-)

See SMTP reply codes for server responses.

However, there are any number of reasons that a server might give you back a 250 for a completely bogus user. Many servers today are configured to do exactly that to avoid giving spammers information about users. So they accept anything and then may or may not send back a bounce message later. More and more are configured to be totally silent - you'll just never know the address was bad.

(Most Kerio mail servers are configured that way.)

Even if that were not true, it may be configured to forward unknown users to some other server - again, you won't know anything unless that server chooses to tell you. That brings us back to what I said at the top: the only absolute trest is to send email that requests the recipient take some verifiable action.

Got something to add? Send me email.

(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Verifying email addresses

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Anthony Lawrence

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

FORTRAN was the language of choice for the same reason that three-legged races are popular. (Ken Thompson)

He who hasn't hacked assembly language as a youth has no heart. He who does as an adult has no brain. (John Moore)

This post tagged:

© Copyright 2018