Checking to see if an email address is valid... (non reg-ex)

[Peter L. Berghold]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

I have within the last year or so just gotten back into Java and mostly
claim to be a Perl programmer. What I want to do is fairly easy within
Perl, but I'm not sure how to go about it in Java.

I have a web application for a club I belong to that is written within
the Tomcat JSP container. One of the pieces of logic I've put in allows
a web person (for lack of better term) to be able to click a button, get
a form to send email (without exposing the email address of the person
getting the email to harvesters) fill out the form and send the email.

What I want to do is validate that the email addresses people give as
their return email address is valid. Not only as a properly formatted
email address, but that the TLD is valid. My hope is that doing this
will be yet another way to cut down on spammers.

In Perl there exists a module called Email::Valid that allows you to do
this. Is there such a thing in the Java world?

Sorry if this is a FAQ... I did do a google search before asking and
other than commercial products I didn't see anything...


- --
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Peter L. Berghold (e-mail address removed)
"Those who fail to learn from history are condemned to repeat it."
AIM: redcowdawg Yahoo IM: blue_cowdawg ICQ: 11455958
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org

iD8DBQFFlA5UUM9/01RIhaARAqXLAKCMXq/zkz60ZTnsPVHGBhmRGpQkUgCePofw
DYMD+EdROAOHmshcuiDHwaE=
=scmn
-----END PGP SIGNATURE-----

 

[Mark Rafn]

I have a web application for a club I belong to that is written within
the Tomcat JSP container. One of the pieces of logic I've put in allows
a web person (for lack of better term) to be able to click a button, get
a form to send email (without exposing the email address of the person
getting the email to harvesters) fill out the form and send the email.

Ok, so you have a spam form. No worries if there are limits on who can use
that page, and how often.

What I want to do is validate that the email addresses people give as
their return email address is valid.

"valid" rarely means what you think. There is no static checking that will be
sufficient here. The best plan is to try to send to it, and make the user
type in a token to prove she recieved it.

Not only as a properly formatted email address, but that the TLD is valid.
My hope is that doing this will be yet another way to cut down on spammers.

This is a vain hope. Even if you could know it was a "valid" e-mail address,
how do you know it's the address of whoever is using the form?

Instead, validate a user's e-mail by sending mail to it, and then
remember that e-mail when they confirm they got it by telling you a secret
that was in that mail.

 

[Mark Space]

In Perl there exists a module called Email::Valid that allows you to do
this. Is there such a thing in the Java world?

I'm sorry, I don't know if there is a Java module to do this or not.

But just checking the TLD wouldn't be so hard. Here's a list of TLDs:
http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

It might be faster and easier to check this in Javascript (on the
client) rather than post the data back to the server for a check. This
couldn't be hard to code up quick. Heck, I might even try it for fun... ^_^

 

[Daniel Pitts]

I'm sorry, I don't know if there is a Java module to do this or not.

It might be faster and easier to check this in Javascript (on the
client) rather than post the data back to the server for a check. This
couldn't be hard to code up quick. Heck, I might even try it for fun... ^_^

Client side validation is only good to let the user know they have made
a mistake, but server side validation is a must in all cases.

Either way, there is truely only one way to validate an e-mail address.
Send a message to it. You can validate the syntax of the e-mail
address, but that doesn't mean its valid.

The best ways to cut down on spammers are to use some form of Captcha.
Although I'm sure automated programs will get more sophisticated with
regards to Captcha, it will still be effective against the majority of
spammers.

Hope this helps.

 

[Greg R. Broderick]

What I want to do is validate that the email addresses people give as
their return email address is valid. Not only as a properly formatted
email address,

You can determine the syntactic validity of an email address (i.e. that it
conforms to the EBNF given in RFC2822) using the
javax.mail.internet.EMailAddress class of the JavaMail package.

but that the TLD is valid.

For this, I think you'll need to tear the address apart, and then use
java.net. or preferrably a DNS resolver library, to ascertain that the
right hand side of the email address (domain or host) has a valid MX record
or a valid A record in the DNS.

My hope is that doing this will be yet another way to cut down on
spammers.

Doubtful -- spammers routinely forge others' valid email addresses on the
crap that they send.


Cheers
GRB

--
---------------------------------------------------------------------
Greg R. Broderick (e-mail address removed)

A. Top posters.
Q. What is the most annoying thing on Usenet?
---------------------------------------------------------------------

 

[Robert M. Gary]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks,

I have within the last year or so just gotten back into Java and mostly
claim to be a Perl programmer. What I want to do is fairly easy within
Perl, but I'm not sure how to go about it in Java.

I have a web application for a club I belong to that is written within
the Tomcat JSP container. One of the pieces of logic I've put in allows
a web person (for lack of better term) to be able to click a button, get
a form to send email (without exposing the email address of the person
getting the email to harvesters) fill out the form and send the email.

What I want to do is validate that the email addresses people give as
their return email address is valid. Not only as a properly formatted
email address, but that the TLD is valid. My hope is that doing this
will be yet another way to cut down on spammers.

In Perl there exists a module called Email::Valid that allows you to do
this. Is there such a thing in the Java world?

I've not seen anything in Java that determines if an email address is
well-formed or not. Would be good though.

-Robert

 

[Lew]

I've not seen anything in Java that determines if an email address is
well-formed or not. Would be good though.

Read Greg Broderick's post for that information.

- Lew