Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
"Steve Werby" <[EMAIL PROTECTED]> writes: > "Arcady Genkin" <[EMAIL PROTECTED]> wrote: > > If I understand correctly, vrfy does not wholy depend on that > > functionality to be supported by the server. I think that it simply > > connects to the smtp port of the mail exchanger and emulates an email > > delivery, aborting halfway. > > I hadn't used the tool until after this thread started, but it appears it > uses the vrfy command when checking an email address, other flags let you > check a domain's mx record or attempt to use the etrn command. [...] > IMO, it makes more sense to use PHP's built in functions that can do > the same, but YMMV. vrfy does appear to be a decent tool, my point > was that when checking email addresses (not domains) most servers > will deny the vrfy command and so it won't be very useful. In fact, > I tried a number of different email addresses on different hosts and > all reported "Command Unimplemented". You are right, by default the proggie is not very useful. The "-n" option is probably of the most utility: -n Many non-sendmail hosts do not, or incorrectly or incompletely, implement the VRFY command. Other systems have VRFY or EXPN disabled for privacy reasons. This option uses an alternative protocol suite with the regular HELO, MAIL, RCPT and RSET commands. This gives only a global indication whether the recipient is valid. Recursive mode is not possible, and will be disabled. I've tried it with a number of email addresses, and it worked. Of course, this can be coded in the PHP script, but it would require elementary knowledge of SMTP protocol and more code to debug and maintain. For many people relying on an external utility like that may have more advantages. -- Arcady Genkin i=1; while 1, hilb(i); i=i+1; end -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
"Matthew Loff" <[EMAIL PROTECTED]> wrote: > There really isn't any surefire way to verify whether an e-mail exists > or not, except to try to send to it, correct? Bingo. And with catchall accounts and unexpected mail server behavior you may get no response even if an email address is not valid. IMO, the only way to verify that an email address exists *and* is being used by the person who supplied it (I assume in most cases this is the whole point) is to send a unique string or URL and check that the recipient responds with the string in an email or visits the URL. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
"Arcady Genkin" <[EMAIL PROTECTED]> wrote: > If I understand correctly, vrfy does not wholy depend on that > functionality to be supported by the server. I think that it simply > connects to the smtp port of the mail exchanger and emulates an email > delivery, aborting halfway. I hadn't used the tool until after this thread started, but it appears it uses the vrfy command when checking an email address, other flags let you check a domain's mx record or attempt to use the etrn command. > Basically it wants to determine whether > the mail exchanger would accept email for a given domain. In most > cases it won't give you 100% certainty that the email addy is legit, > but at least you know that the domain part is not faked, and there is > a mail exchanger willing to serve it. I'll give you that b/c it does have a way to do it. IMO, it makes more sense to use PHP's built in functions that can do the same, but YMMV. vrfy does appear to be a decent tool, my point was that when checking email addresses (not domains) most servers will deny the vrfy command and so it won't be very useful. In fact, I tried a number of different email addresses on different hosts and all reported "Command Unimplemented". -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Email verification (was: [PHP] Removing Invalid Users)
I've had the same experience with VRFY... Our copy of sendmail was preconfigured to allow VRFY from localhost only... There really isn't any surefire way to verify whether an e-mail exists or not, except to try to send to it, correct? -Original Message- From: Steve Werby [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 05, 2001 12:06 AM To: Arcady Genkin Cc: Clayton Dukes; [EMAIL PROTECTED] Subject: Re: [PHP] Email verification (was: [PHP] Removing Invalid Users) > "Steve Werby" <[EMAIL PROTECTED]> writes: > > Like Tom said, use regex to check the email is of a valid format. A small > > percentage of servers can be contacted to find whether an email > > address is > > valid, but fewer and fewer are allowing this so it's completely unreliable. "Arcady Genkin" <[EMAIL PROTECTED]> wrote: > There's a nifty little open source program called `vrfy' which does > nice things about email veryfication. Finding it is left as an It is a cool tool, but like I said in my email most servers won't allow you to test email address validity. It's possible using the command VRFY or the even more dangerous EXPN to determine whether an email address is valid or in the case of EXPN to expand an alias to return a list of all recipients. It's a good idea to disable these commands on the server so spammers can't easily determine valid email addresses, malicious folks can't get a list of all of your employee email addresses and hackers can't determine valid usernames to attack the server with. FYI, in sendmail both commands can be disabled by making sure PrivacyOptions is set as follows: PrivacyOptions=noexpn novrfy Or you can set them to the following which goes a little further: PrivacyOptions=goaway So unfortunately vrfy will only be useful when checking servers that haven't disabled that command. :-( -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
"Steve Werby" <[EMAIL PROTECTED]> writes: > So unfortunately vrfy will only be useful when checking servers that haven't > disabled that command. :-( If I understand correctly, vrfy does not wholy depend on that functionality to be supported by the server. I think that it simply connects to the smtp port of the mail exchanger and emulates an email delivery, aborting halfway. Basically it wants to determine whether the mail exchanger would accept email for a given domain. In most cases it won't give you 100% certainty that the email addy is legit, but at least you know that the domain part is not faked, and there is a mail exchanger willing to serve it. -- Arcady Genkin i=1; while 1, hilb(i); i=i+1; end -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
> "Steve Werby" <[EMAIL PROTECTED]> writes: > > Like Tom said, use regex to check the email is of a valid format. A small > > percentage of servers can be contacted to find whether an email address is > > valid, but fewer and fewer are allowing this so it's completely unreliable. "Arcady Genkin" <[EMAIL PROTECTED]> wrote: > There's a nifty little open source program called `vrfy' which does > nice things about email veryfication. Finding it is left as an It is a cool tool, but like I said in my email most servers won't allow you to test email address validity. It's possible using the command VRFY or the even more dangerous EXPN to determine whether an email address is valid or in the case of EXPN to expand an alias to return a list of all recipients. It's a good idea to disable these commands on the server so spammers can't easily determine valid email addresses, malicious folks can't get a list of all of your employee email addresses and hackers can't determine valid usernames to attack the server with. FYI, in sendmail both commands can be disabled by making sure PrivacyOptions is set as follows: PrivacyOptions=noexpn novrfy Or you can set them to the following which goes a little further: PrivacyOptions=goaway So unfortunately vrfy will only be useful when checking servers that haven't disabled that command. :-( -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]