[PHP] Re: Email Verification
Per Jessen wrote: Lupus Michaelis wrote: Richard Heyes a écrit : New domain name extensions can be accounted for easily, eg: \.(?:[a-z]){2,4} It excludes .museum tld. Don't make assumptions about which TLDs that are or are not allowed - the domain part of an email address could be validated with this: and .anythingyouwant now that the TLD space has been opened up @[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+ A test for total length and valid use of hyphens should be added. See RFC1034. Then look up the A record. Or better, the MX record... :) Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email Verification
On 18 Sep 2008, at 09:44, Colin Guthrie wrote: Per Jessen wrote: Lupus Michaelis wrote: Richard Heyes a écrit : New domain name extensions can be accounted for easily, eg: \.(?:[a-z]){2,4} It excludes .museum tld. Don't make assumptions about which TLDs that are or are not allowed - the domain part of an email address could be validated with this: and .anythingyouwant now that the TLD space has been opened up @[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+ A test for total length and valid use of hyphens should be added. See RFC1034. Then look up the A record. Or better, the MX record... :) An MX record is not required to accept email for a domain. The relevant RFC (can't recall the number right now) states that it should fall back to using the A record if no MX record is present. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email Verification
Stut wrote: Or better, the MX record... :) An MX record is not required to accept email for a domain. The relevant RFC (can't recall the number right now) states that it should fall back to using the A record if no MX record is present. Excellent. That's my new thing learned for the day. May as well go home :) Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mandriva Linux Contributor [http://www.mandriva.com/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email Verification
Tom Chubb wrote: Can anyone offer advice on best practices for email address verification? Obviously for user registration it's common to click a link in your email to complete the process thereby verifying the email, but if you want to keep things very simple for the end user, what are the best methods? I have been looking at getmxrr and the examples feature some good advice, etc. One that I've found that I'm thinking of using is http://www.tienhuis.nl/php-email-address-validation-with-verify-probe which tries to connect to the SMTP server as well as mx lookup, etc. How reliable are these? With new domain name extensions appearing all the time I wanted to find something better than a regex which might become outdated after a while and I'd never know about it! Thoughts please and thanks in advance Here's what I use. It's simple, uses php5 functions and appears to catch most obvious user input errors. function checkEmailAddr($emailAddr) { if(!filter_var($emailAddr, FILTER_VALIDATE_EMAIL)) throw new Exception(Email address error. Syntax is wrong.); $domain = substr(strchr($emailAddr, '@'), 1); if(!checkdnsrr($domain)) { throw new Exception(Email address warning. Specified domain \$domain\ appears to be invalid. Check carefully.); } return true; } Use in try/catch code, e.g., try { $emailAddrOK = checkEmailAddr($userSubmitedDataArray[EMAIL_ADDR_FIELD]); } catch (Exception $e) { $errorMsg = $e-getMessage(); //Message text in check function $emailAddrOK= false; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email Verification
On Wed, 2008-09-17 at 09:59 -0400, Al wrote: Tom Chubb wrote: Can anyone offer advice on best practices for email address verification? Obviously for user registration it's common to click a link in your email to complete the process thereby verifying the email, but if you want to keep things very simple for the end user, what are the best methods? I have been looking at getmxrr and the examples feature some good advice, etc. One that I've found that I'm thinking of using is http://www.tienhuis.nl/php-email-address-validation-with-verify-probe which tries to connect to the SMTP server as well as mx lookup, etc. How reliable are these? With new domain name extensions appearing all the time I wanted to find something better than a regex which might become outdated after a while and I'd never know about it! Thoughts please and thanks in advance Here's what I use. It's simple, uses php5 functions and appears to catch most obvious user input errors. function checkEmailAddr($emailAddr) { if(!filter_var($emailAddr, FILTER_VALIDATE_EMAIL)) throw new Exception(Email address error. Syntax is wrong.); $domain = substr(strchr($emailAddr, '@'), 1); if(!checkdnsrr($domain)) { throw new Exception(Email address warning. Specified domain \$domain\ appears to be invalid. Check carefully.); } return true; } Use in try/catch code, e.g., try { $emailAddrOK = checkEmailAddr($userSubmitedDataArray[EMAIL_ADDR_FIELD]); } catch (Exception $e) { $errorMsg = $e-getMessage(); //Message text in check function $emailAddrOK= false; } I don't think that was the sort of verification he was after, but that looks like a lot of code just to validate an email address, you should look at regular expressions maybe. For validating that an email address is *real* rather than just valid, you really need to have a verification link in the email. You can do this simply by putting a link in the email you send to them that points to a script on your site. The link will contain some sort of hash in the URL parameters, which you just need to match against a record in the database (made when you sent out the email to them) Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Email Verification
Steven Walker wrote: Does anybody know any good ways (or available code) for verifying email addresses? Checking syntax is not enough.. I'd like to actually be able to test whether the email address exists. Nothing is 100%, so don't exclude people because you can't verify them. There are 2 types of email addresse: verifiable unverifiable The 'type' is determined by talking to the mail host of the domain, but this is, at best, an inexact science. Verifiable means that you've connected to the mail host and indicated you had mail for a specific user account and it did not reply back 'user unknown'. That is the best you can hope for, because once that mail system accepts it for delivery, it may still not be delivered to the end user for a number of reasons - no mailbox space left, for example. Or in fact, the specific user account DOESN'T exist, but the mail server is set to accept all incoming mail first, and does more precise error checking at a later time. Unverifiable would mean that the mail server will actually tell you up front that an account doesn't exist, or isn't accepting mail from you, or has a full mailbox, or whatever. So you might be able to tell if an account specifically DOES NOT exist, but you can never be certain that an account actually does exist without completely sending a mail, and hoping that it'll bounce to the right place if there's a problem. The way to do this is to use SMTP to talk to the other mail host - Zend has some code snippets like the one referenced below (probably others, but here's a starting point) http://www.zend.com/codex.php?id=449single=1 Hope that helps some... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Email Verification
Michael, Thanks for your help! Your advice entirely makes sense. Perhaps a good way to use email verification is to alert the user that the address could not be verified, but if they insist, they can still submit it. This probably falls under the 90/10 rule... I'll spend 90% of my time trying to fix a problem that occurs 10% (or less) of the time ;) Thanks for the Zend referral. I'll give it a try. Steven J. Walker Walker Effects www.walkereffects.com [EMAIL PROTECTED] On Sunday, February 24, 2002, at 11:31 AM, Michael Kimsal wrote: Steven Walker wrote: Does anybody know any good ways (or available code) for verifying email addresses? Checking syntax is not enough.. I'd like to actually be able to test whether the email address exists. Nothing is 100%, so don't exclude people because you can't verify them. There are 2 types of email addresse: verifiable unverifiable The 'type' is determined by talking to the mail host of the domain, but this is, at best, an inexact science. Verifiable means that you've connected to the mail host and indicated you had mail for a specific user account and it did not reply back 'user unknown'. That is the best you can hope for, because once that mail system accepts it for delivery, it may still not be delivered to the end user for a number of reasons - no mailbox space left, for example. Or in fact, the specific user account DOESN'T exist, but the mail server is set to accept all incoming mail first, and does more precise error checking at a later time. Unverifiable would mean that the mail server will actually tell you up front that an account doesn't exist, or isn't accepting mail from you, or has a full mailbox, or whatever. So you might be able to tell if an account specifically DOES NOT exist, but you can never be certain that an account actually does exist without completely sending a mail, and hoping that it'll bounce to the right place if there's a problem. The way to do this is to use SMTP to talk to the other mail host - Zend has some code snippets like the one referenced below (probably others, but here's a starting point) http://www.zend.com/codex.php?id=449single=1 Hope that helps some... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php