RE: [PHP] Email verification (was: [PHP] Removing Invalid Users)

Wed, 04 Jul 2001 21:01:23 -0700 


I've had the same experience with VRFY... Our copy of sendmail was
preconfigured to allow VRFY from localhost only... 

There really isn't any surefire way to verify whether an e-mail exists
or not, except to try to send to it, correct?


-----Original Message-----
From: Steve Werby [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, July 05, 2001 12:06 AM
To: Arcady Genkin
Cc: Clayton Dukes; [EMAIL PROTECTED]
Subject: Re: [PHP] Email verification (was: [PHP] Removing Invalid
Users)


> "Steve Werby" <[EMAIL PROTECTED]> writes:
> > Like Tom said, use regex to check the email is of a valid format.  A
small
> > percentage of servers can be contacted to find whether an email 
> > address
is
> > valid, but fewer and fewer are allowing this so it's completely
unreliable.

"Arcady Genkin" <[EMAIL PROTECTED]> wrote:
> There's a nifty little open source program called `vrfy' which does 
> nice things about email veryfication.  Finding it is left as an

It is a cool tool, but like I said in my email most servers won't allow
you to test email address validity.  It's possible using the command
VRFY or the even more dangerous EXPN to determine whether an email
address is valid or in the case of EXPN to expand an alias to return a
list of all recipients. It's a good idea to disable these commands on
the server so spammers can't easily determine valid email addresses,
malicious folks can't get a list of all of your employee email addresses
and hackers can't determine valid usernames to attack the server with.
FYI, in sendmail both commands can be disabled by making sure
PrivacyOptions is set as follows:

PrivacyOptions=noexpn novrfy

Or you can set them to the following which goes a little further:

PrivacyOptions=goaway

So unfortunately vrfy will only be useful when checking servers that
haven't disabled that command.  :-(

--
Steve Werby
President, Befriend Internet Services LLC http://www.befriend.com/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] To
contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to