How can I validate a given e-mail address?

[Miguel Farah]

I need to know wether a given e-mail address ("(e-mail address removed)") is
valid - not if it's simply syntactically correct (that's trivial to
verify), but wether it corresponds to an actual, live, address.

Is there some way to do this? I'm not sure myself how to approach this
problem.

Thanks in advance.

 

[Real Gagnon]

I need to know wether a given e-mail address ("(e-mail address removed)") is

valid - not if it's simply syntactically correct (that's trivial to
verify), but wether it corresponds to an actual, live, address.

Is there some way to do this? I'm not sure myself how to approach this
problem.

You can check if there is a mail server registered to the domain name.

See
http://www.rgagnon.com/javadetails/java-0452.html
for an example.

Bye.

 

[jmcgill]

I need to know wether a given e-mail address ("(e-mail address removed)") is
valid - not if it's simply syntactically correct (that's trivial to
verify), but wether it corresponds to an actual, live, address.

A great many addresses are conformant to the email standards, and don't
look like what you expect.

Is there some way to do this? I'm not sure myself how to approach this
problem.

If you try to do it in the general case, you will surely exclude
otherwise valid addresses.

Now, there are compromises you can make.

1. If you're assigning the email addresses in the first place, you can
of course be brutal in your validation.

2. If you don't care about clients who will, perhaps deliberately, use
valid email addresses that won't pass your validation, is that
acceptable to your business situation?

3. If you do care, and you need to accept only email addresses that are
strictly valid without accidentally excluding valid ones, you need to
fully understand RFC2822.


Now, I would not even try to do something like, use an email address
with a long LDAP identifier on the left hand side to register for a
customer service or blog site. But if you set up something important,
you might learn the hard way that there are lots of people, e.g.,
government employees, that have email addresses that would look very
strange if all you're expecting is "(e-mail address removed)"

Honestly, the only *right* way to "validate an email address" is to send
an email to the address, which provides a backchannel for validation.
Then you can accept any email address that can be used in a SMTP RCPT
TO: and that's all the validation you need.


You will find regular expressions out there that do a pretty good job of
vetting an email with a minimum of false rejects, but you need to
understand the risks, if you or your users care about them.

I have several correspondents who work in legislative offices whose
official email addresses follow a form that looks something like
"Last_First/OU=department/ORG=role%[email protected]"

Many offices are infected with certain groupware suites and their email
gateways, mainframe enterprise mail systems to internet gateways, names
that are directly mapped to all kinds of directory systems, which means
that it often is important to properly handle email address that don't
resemble the typical address style of the common personal internet user.

One of my professional email addresses is 21 characters long, and has a
dotted component on the left hand side, in the form of
"(e-mail address removed)"
Entirely valid, required to be used for certain kinds of business, and
rejected by many well-meaning systems. This address isn't even
especially weird.

Be careful, unless it's your intention to be hostile and a bastard

 

[Jeffrey Schwab]

I need to know wether a given e-mail address ("(e-mail address removed)") is
valid - not if it's simply syntactically correct (that's trivial to
verify), but wether it corresponds to an actual, live, address.

Is there some way to do this? I'm not sure myself how to approach this
problem.

The traditional way is to send a private key to the address, requesting
that the recipient enter the key into a web-based form.

 

[jvsoft.org]

Please see this product
http://javawisdom.com/mail/mail.html

 

[Thomas Weidenfeller]

I need to know wether a given e-mail address ("(e-mail address removed)") is
valid - not if it's simply syntactically correct (that's trivial to
verify), but wether it corresponds to an actual, live, address.

You can't. You will find people trying you to sell you snake oil
claiming that they have a tool. But the simple thing is, you can't.

You can detect if someone has registered an MX. But that does not mean
the MX exists or accepts mail from you[1]. But even then, you can't
detect if the particular user is served (does exist) by that MTA.
Officially, SMTP provides a protocol feature to ask if a particular user
exists, however, not the least thanks to spammers, many (most?) MTAs
these days are configured to lie when this request comes in.

Even sending a mail, and getting it accepted by the MTA does not
guarantee that it is actually read by a person. It might be filtered, it
might be forwarded to /dev/null, some software might be mis-configured,
or the user simply doesn't check that account any more.

[1] I noticed you post from UUNET/MCI/Worldcom net space. That might be
a problem for your ability to send mail, since according to
http://www.spamhaus.org/statistics/networks.lasso they lead the top 10
of spam service ISPs with more than twice as many entries as the
following number two. And I remember they unfortunately do this since
several years.

/Thomas

 

[Timo Stamm]

I need to know wether a given e-mail address ("(e-mail address removed)") is
valid - not if it's simply syntactically correct (that's trivial to
verify), but wether it corresponds to an actual, live, address.

You can't. You will find people trying you to sell you snake oil
claiming that they have a tool. But the simple thing is, you can't.

You can detect if someone has registered an MX. But that does not mean
the MX exists or accepts mail from you[1]. But even then, you can't
detect if the particular user is served (does exist) by that MTA.
Officially, SMTP provides a protocol feature to ask if a particular user
exists, however, not the least thanks to spammers, many (most?) MTAs
these days are configured to lie when this request comes in.

Even sending a mail, and getting it accepted by the MTA does not
guarantee that it is actually read by a person. It might be filtered, it
might be forwarded to /dev/null, some software might be mis-configured,
or the user simply doesn't check that account any more.

Send an E-Mail with an individual link to the address. If the user
klicks the link, the address is valid.

Of course the user could disable the E-Mail account after klicking the
link. There are services that let you create a one-time account where
only the first E-Mail is forwarded to your real account.

So the answer is still "you can't" if you don't trust the users at all.
But there are ways to make sure a user who wants to receive messages
will receive them.


Timo

 

[Jeffrey Schwab]

Please see this product
http://javawisdom.com/mail/mail.html

For what, other than generating large quantities of unsolicited email,
is that product used?

 

[Tim Slattery]

I need to know wether a given e-mail address ("(e-mail address removed)") is
valid - not if it's simply syntactically correct (that's trivial to
verify), but wether it corresponds to an actual, live, address.

Is there some way to do this? I'm not sure myself how to approach this
problem.

Can't be done. The only thing in the world that knows whether
"(e-mail address removed)" corresponds to an actual, live address is the
mail server at example.com. There's no way to query that mail server,
other than by sending an email to "(e-mail address removed)" and seeing
whether it bounces back to you. Of course, you have no idea how long
to wait for a bounce-back, or even whether one will be forthcoming if
"miguel" doesn't exist. And the answer to the "actual, live address"
question can change day to day, or even minute-to-minute.

 

[Mickey Segal]

Can't be done. The only thing in the world that knows whether
"(e-mail address removed)" corresponds to an actual, live address is the
mail server at example.com. There's no way to query that mail server,
other than by sending an email to "(e-mail address removed)" and seeing
whether it bounces back to you. Of course, you have no idea how long
to wait for a bounce-back, or even whether one will be forthcoming if
"miguel" doesn't exist. And the answer to the "actual, live address"
question can change day to day, or even minute-to-minute.

If you run a domain you can configure it to respond or not respond to a
non-existent address. Many domains do not respond to non-existent addresses
so as not to signal by the absence of a bounce message that an address is
valid.

 

[Miguel Farah]

You can't. You will find people trying you to sell you snake oil
claiming that they have a tool. But the simple thing is, you can't.

I suspected as much. Thank you (and everyone else) for the input.

You can detect if someone has registered an MX. But that does not mean
the MX exists or accepts mail from you[1]. But even then, you can't
[...]
[1] I noticed you post from UUNET/MCI/Worldcom net space. That might be
[...]

That's odd - I'm posting through Google Groups.

 

[Thomas Weidenfeller]

That's odd - I'm posting through Google Groups.

But you are posting from 64.117.137.69, swiped from UUNET/MCI to Banco
de Creditos.

/Thomas

 

[RIBEIRO ALFRENDO]

Boa tarde Thomas.
tenho uma duvida quero que tu me esclareça algo pfv