Re: [PHP] Email Verification
Lupus Michaelis wrote:
Richard Heyes a écrit :
New domain name extensions can be accounted for easily, eg:
\.(?:[a-z]){2,4}
It excludes .museum tld.
Don't make assumptions about which TLDs that are or are not allowed -
the domain part of an email address could be validated with this:
@[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+
A test for total length and valid use of hyphens should be added. See
RFC1034. Then look up the A record.
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
On Thu, Sep 18, 2008 at 2:09 AM, Per Jessen [EMAIL PROTECTED] wrote:
Lupus Michaelis wrote:
Richard Heyes a écrit :
New domain name extensions can be accounted for easily, eg:
\.(?:[a-z]){2,4}
It excludes .museum tld.
Don't make assumptions about which TLDs that are or are not allowed -
the domain part of an email address could be validated with this:
@[a-z0-9][a-z0-9-]*(\.[a-z0-9][a-z0-9-]*)+
A test for total length and valid use of hyphens should be added. See
RFC1034. Then look up the A record.
/Per Jessen, Zürich
I don't know that it would add much benefit, but you could
periodically download a TLD list from IANA and compare that last
segment to the list.
Andrew
Re: [PHP] Email Verification
Can anyone offer advice on best practices for email address verification?
Obviously for user registration it's common to click a link in your email to
complete the process thereby verifying the email, but if you want to keep
things very simple for the end user, what are the best methods?
The best method is that IMO. It's common place and thus understood.
There may be a delay incurred though because of mail delays.
I have been looking at getmxrr and the examples feature some good advice,
etc.
One that I've found that I'm thinking of using is
http://www.tienhuis.nl/php-email-address-validation-with-verify-probe which
tries to connect to the SMTP server as well as mx lookup, etc.
You could. Bear in mind that you can't do that if their mail server
happens to be down at the time.
How reliable are these?
Not 100%. Like I said, my preferred option would be just to send the
user an email.
With new domain name extensions appearing all the time I wanted to find
something better than a regex which might become outdated after a while and
I'd never know about it!
New domain name extensions can be accounted for easily, eg:
\.(?:[a-z]){2,4}
--
Richard Heyes
HTML5 Graphing for IE7, FF, Chrome, Opera and Safari:
http://www.phpguru.org/RGraph
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
Tom Chubb wrote: Can anyone offer advice on best practices for email address verification? 1) check for a valid address syntax - that's easily done with a simply regex (leaving the most obscure variations out). 2) check that the domain-name exists and has an A record. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
Richard Heyes wrote: I have been looking at getmxrr and the examples feature some good advice, etc. One that I've found that I'm thinking of using is http://www.tienhuis.nl/php-email-address-validation-with-verify-probe which tries to connect to the SMTP server as well as mx lookup, etc. You could. Bear in mind that you can't do that if their mail server happens to be down at the time. Greylisting is also likely to interfer with the process. Like I said, my preferred option would be just to send the user an email. I second that. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
On 17 Sep 2008, at 14:20, Tom Chubb wrote: Can anyone offer advice on best practices for email address verification? Obviously for user registration it's common to click a link in your email to complete the process thereby verifying the email, but if you want to keep things very simple for the end user, what are the best methods? Send them an email with a verification link - it's the only 100% accurate way and most people will have come across this requirement on other sites. I have been looking at getmxrr and the examples feature some good advice, etc. One that I've found that I'm thinking of using is http://www.tienhuis.nl/php-email-address-validation-with-verify- probe which tries to connect to the SMTP server as well as mx lookup, etc. How reliable are these? They're not for reasons already mentioned by other posters. Also you need to consider how often you'll be doing this. I implemented this check on one of my sites and I very quickly hit auto-bans on Hotmail, Gmail and Yahoo mail servers. They don't like it when you make lots of connections to their servers without sending anything! With new domain name extensions appearing all the time I wanted to find something better than a regex which might become outdated after a while and I'd never know about it! In that case you need to make your regex loose enough to handle that, or keep on top of it manually. Either way you're better off just sending them a verification email. -Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
At 2:20 PM +0100 9/17/08, Tom Chubb wrote: Can anyone offer advice on best practices for email address verification? Obviously for user registration it's common to click a link in your email to complete the process thereby verifying the email, but if you want to keep things very simple for the end user, what are the best methods? I have been looking at getmxrr and the examples feature some good advice, etc. One that I've found that I'm thinking of using is http://www.tienhuis.nl/php-email-address-validation-with-verify-probe which tries to connect to the SMTP server as well as mx lookup, etc. How reliable are these? With new domain name extensions appearing all the time I wanted to find something better than a regex which might become outdated after a while and I'd never know about it! Thoughts please and thanks in advance Tom: To obtain a 100% valid email address you must take measures to validate it -- there are no short cuts. Here's a working example I use for users posting comments (I'm still working on it): http://sperling.com/comments/an-example/ The Explanation provides an explanation (what else?). Plus, leaving a comment will show you how the process works. One of the important points here is that this will only collect validated and willing email addresses. Of course, the javascript routine to review email addresses after the user clicks submit will give the user a head's-up if the email address isn't properly formatted, but in the end the server-side must recheck everything anyway. So, JS in this case is just an example of progressive enhancement. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
Richard Heyes a écrit :
New domain name extensions can be accounted for easily, eg:
\.(?:[a-z]){2,4}
It excludes .museum tld.
--
Mickaël Wolff aka Lupus Michaelis
http://lupusmic.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email verification
On Wed, 2003-12-31 at 11:18, Cesar Aracena wrote:
Hi all,
I'm trying to create a script to check for errors in submitted forms. I want
the visitor to enter two times the email address and then check for it...
This is what I have so far. The scripts checks if the email was entered in
both fields, but not if they are equal to each other... ???
if (!trim($email1))
{
echo BREl BE-mail/B es requerido.;
$errors++;
if (!trim($email2))
{
echo BREl BE-mail/B es requerido en ambos campos.;
$errors++;
if ($email1 != $email2)
{
echo BRLas Bdirecciones de E-mail/B no concuerdan.;
$errors++;
}
}
}
What is wrong? Thanks in advanced and happy new year to all.
The check to see if they are the same needs to be outside of the checks
for being blank. If they are both not blank, you will never get to the
last check. You could check for both in the first if, then do the
comparison. Something like (untested):
if (!trim($email1) || !trim($email2)) {
echo BREl BE-mail/B es requerido en ambos campos.;
$errors++;
} elseif ($email1 != $email2) {
echo BRLas Bdirecciones de E-mail/B no concuerdan.;
$errors++;
}
- Brad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email verification
Well Brad... it worked. Guess I forgot to use well the IF statements.
Thanks.
Brad Pauly [EMAIL PROTECTED] escribió en el mensaje
news:[EMAIL PROTECTED]
On Wed, 2003-12-31 at 11:18, Cesar Aracena wrote:
Hi all,
I'm trying to create a script to check for errors in submitted forms. I
want
the visitor to enter two times the email address and then check for
it...
This is what I have so far. The scripts checks if the email was entered
in
both fields, but not if they are equal to each other... ???
if (!trim($email1))
{
echo BREl BE-mail/B es requerido.;
$errors++;
if (!trim($email2))
{
echo BREl BE-mail/B es requerido en ambos campos.;
$errors++;
if ($email1 != $email2)
{
echo BRLas Bdirecciones de E-mail/B no concuerdan.;
$errors++;
}
}
}
What is wrong? Thanks in advanced and happy new year to all.
The check to see if they are the same needs to be outside of the checks
for being blank. If they are both not blank, you will never get to the
last check. You could check for both in the first if, then do the
comparison. Something like (untested):
if (!trim($email1) || !trim($email2)) {
echo BREl BE-mail/B es requerido en ambos campos.;
$errors++;
} elseif ($email1 != $email2) {
echo BRLas Bdirecciones de E-mail/B no concuerdan.;
$errors++;
}
- Brad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
What you could do additionally to syntax check, is to check if the domain they are giving is existant or not with checkdnsrr(). Still not 100% fullproof though :-( cheers, thalis On Sun, 24 Feb 2002, Steven Walker wrote: Does anybody know any good ways (or available code) for verifying email addresses? Checking syntax is not enough.. I'd like to actually be able to test whether the email address exists. Steven J. Walker Walker Effects www.walkereffects.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
Steven Walker wrote: Does anybody know any good ways (or available code) for verifying email addresses? Checking syntax is not enough.. I'd like to actually be able to test whether the email address exists. The only way to be sure is to send them an e-mail with a link or validation code that they must use to prove the address exists - or if it's for an account just tell them that the (random) password for their account will be e-mailed to the address they provide. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
Is this what you want?
function validateEmail ($email) {
return (ereg('^[-!#$%\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'.
'[-!#$%\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' .
'[-!#$%\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email));
}
This will also do the job. It actually connects to the mail server name and
runs it to see if valid :
http://px.sklar.com/code-pretty.html?code_id=508
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Email Verification
You can use sockets and connect to their mail server (bit after the @) and
pretend to send an email to them, but cancel the request before you
actually send anything - doesn't always work though, as some servers will
report back the all users are correct
This is the code I use - a bit long though - if anyone can find a better
way, please email me
?
//
if (!class_exists(mail_exchange_class))
{
class mail_exchange_class
{
//
function get_mx_reply($f)
{
$body = ;
do
{
$line = fgets($f, 1024);
$body .= $line\n;
$ch = substr($line, 3, 1);
}
while ($ch == -);
return $body;
}
//
function send_mx_msg($f, $str)
{
fputs($f, $str);
return mail_exchange_class::get_mx_reply($f);
}
//
function check_email($email)
{
list($user, $host) = explode(@, $email);
// --- check if there's a mail server
// -
if (!getmxrr($host, $mx_arr, $wt_arr))
{
return false;
}
// --- check if user exists at mail server
// --
// try connecting to one of the mail servers
$i = 0;
$num_mx = count($mx_arr);
do
{
$mx_server = $mx_arr[0];
$f = fsockopen($mx_server, 25);
$i++;
}
while (!$f $i $num_mx);
if (!$f)
{
return false;
}
// talk with mail server to determine user validity
$flag = true;
// default to: user exists
$rep = mail_exchange_class::get_mx_reply($f);
// welcome message
$rep = mail_exchange_class::send_mx_msg($f, helo anonymous\n);
// introduce ourselves
$rep = mail_exchange_class::send_mx_msg($f, mail from:$email\n);
// say we want to send a msg
$rep = mail_exchange_class::send_mx_msg($f, rcpt to:$email\n);
// say who it's to
if (substr($rep, 0, 3) != 250)
// check if user exists
{
$flag = false;
// ... now we know they don't exist
}
$rep = mail_exchange_class::send_mx_msg($f, rset\n);
// reset all the buffers
$rep = mail_exchange_class::send_mx_msg($f, quit\n);
// log off from server
fclose($f);
// return status
return $flag;
}
}
}
?
then to use:
$email = [EMAIL PROTECTED];
if (mail_exchange_class::check_email($email))
; // user probably exists
else
; // user doesn't exist, or can't connect to server
I think that's all you need of this code - there's lots more, there's an
email class and an attachment class that goes with it, but it's need to
check the address
HTH
Martin
-Original Message-
From: Simon Willison [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 25, 2002 9:27 AM
To: Steven Walker
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Email Verification
Steven Walker wrote:
Does anybody know any good ways (or available code) for verifying
email addresses?
Checking syntax is not enough.. I'd like to actually be able to test
whether the email address exists.
The only way to be sure is to send them an e-mail with a link or
validation code that they must use to prove the address exists - or if
it's for an account just tell them that the (random) password for their
account will be e-mailed to the address they provide.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
I don't have code, since I've never needed to do this, but can anyone see a problem with simply issuing a VRFY or an EXPN command instead of actually faking out sending a message? /bsh/ Martin Towell wrote: You can use sockets and connect to their mail server (bit after the @) and pretend to send an email to them, but cancel the request before you actually send anything - doesn't always work though, as some servers will report back the all users are correct -- /-=[ BILLY S HALSEY ]=--\ | Member of Technical Staff, Sun Microsystems, Inc. ESP Solaris SW | | All opinions and technical advice offered in this message are my | | own and not necessarily endorsed by my employer. | \--=[ [EMAIL PROTECTED] ]=/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Email Verification
I tried doing that, but some servers don't support them :( -Original Message- From: Billy S Halsey [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 10:39 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Email Verification I don't have code, since I've never needed to do this, but can anyone see a problem with simply issuing a VRFY or an EXPN command instead of actually faking out sending a message? /bsh/ Martin Towell wrote: You can use sockets and connect to their mail server (bit after the @) and pretend to send an email to them, but cancel the request before you actually send anything - doesn't always work though, as some servers will report back the all users are correct -- /-=[ BILLY S HALSEY ]=--\ | Member of Technical Staff, Sun Microsystems, Inc. ESP Solaris SW | | All opinions and technical advice offered in this message are my | | own and not necessarily endorsed by my employer. | \--=[ [EMAIL PROTECTED] ]=/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
It may of allready been mentioned, but why don't you just send out a Click The Link To Verify email... that way you are allways 100% sure the email addy works.. Just requires the user to follow a link Andrew - Original Message - From: Martin Towell [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, February 24, 2002 11:43 PM Subject: RE: [PHP] Email Verification I tried doing that, but some servers don't support them :( -Original Message- From: Billy S Halsey [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 10:39 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Email Verification I don't have code, since I've never needed to do this, but can anyone see a problem with simply issuing a VRFY or an EXPN command instead of actually faking out sending a message? /bsh/ Martin Towell wrote: You can use sockets and connect to their mail server (bit after the @) and pretend to send an email to them, but cancel the request before you actually send anything - doesn't always work though, as some servers will report back the all users are correct -- /-=[ BILLY S HALSEY ]=--\ | Member of Technical Staff, Sun Microsystems, Inc. ESP Solaris SW | | All opinions and technical advice offered in this message are my | | own and not necessarily endorsed by my employer. | \--=[ [EMAIL PROTECTED] ]=/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Email Verification
On Mon, 25 Feb 2002, Martin Towell wrote: You can use sockets and connect to their mail server (bit after the @) and pretend to send an email to them, but cancel the request before you actually send anything - doesn't always work though, as some servers will report back the all users are correct Anyway, you'd have problems, because for @something sometimes something has a MX pointing to something else. Also, with regex it'd be a bit difficult (I just remember when I propossed to use e-mail checks in IMP, the guys came with a two page long regex just to cover one part of the RFC :( ). Anyway for general pourpose it'be useful the class by Manuel Lemos (look for it in php classes). Regards. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email Verification
On Monday 25 February 2002 07:43, Martin Towell wrote: I tried doing that, but some servers don't support them :( -Original Message- From: Billy S Halsey [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 10:39 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Email Verification I don't have code, since I've never needed to do this, but can anyone see a problem with simply issuing a VRFY or an EXPN command instead of actually faking out sending a message? It's usually turned off to prevent spammers from checking for valid email addresses to which they can send their obnoxious stuff. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk /* Programmers used to batch environments may find it hard to live without giant listings; we would find it hard to use them. -- D.M. Ritchie */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
Steve Werby [EMAIL PROTECTED] writes: Arcady Genkin [EMAIL PROTECTED] wrote: If I understand correctly, vrfy does not wholy depend on that functionality to be supported by the server. I think that it simply connects to the smtp port of the mail exchanger and emulates an email delivery, aborting halfway. I hadn't used the tool until after this thread started, but it appears it uses the vrfy command when checking an email address, other flags let you check a domain's mx record or attempt to use the etrn command. [...] IMO, it makes more sense to use PHP's built in functions that can do the same, but YMMV. vrfy does appear to be a decent tool, my point was that when checking email addresses (not domains) most servers will deny the vrfy command and so it won't be very useful. In fact, I tried a number of different email addresses on different hosts and all reported Command Unimplemented. You are right, by default the proggie is not very useful. The -n option is probably of the most utility: -n Many non-sendmail hosts do not, or incorrectly or incompletely, implement the VRFY command. Other systems have VRFY or EXPN disabled for privacy reasons. This option uses an alternative protocol suite with the regular HELO, MAIL, RCPT and RSET commands. This gives only a global indication whether the recipient is valid. Recursive mode is not possible, and will be disabled. I've tried it with a number of email addresses, and it worked. Of course, this can be coded in the PHP script, but it would require elementary knowledge of SMTP protocol and more code to debug and maintain. For many people relying on an external utility like that may have more advantages. -- Arcady Genkin i=1; while 1, hilb(i); i=i+1; end -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
Arcady Genkin [EMAIL PROTECTED] wrote: If I understand correctly, vrfy does not wholy depend on that functionality to be supported by the server. I think that it simply connects to the smtp port of the mail exchanger and emulates an email delivery, aborting halfway. I hadn't used the tool until after this thread started, but it appears it uses the vrfy command when checking an email address, other flags let you check a domain's mx record or attempt to use the etrn command. Basically it wants to determine whether the mail exchanger would accept email for a given domain. In most cases it won't give you 100% certainty that the email addy is legit, but at least you know that the domain part is not faked, and there is a mail exchanger willing to serve it. I'll give you that b/c it does have a way to do it. IMO, it makes more sense to use PHP's built in functions that can do the same, but YMMV. vrfy does appear to be a decent tool, my point was that when checking email addresses (not domains) most servers will deny the vrfy command and so it won't be very useful. In fact, I tried a number of different email addresses on different hosts and all reported Command Unimplemented. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
Matthew Loff [EMAIL PROTECTED] wrote: There really isn't any surefire way to verify whether an e-mail exists or not, except to try to send to it, correct? Bingo. And with catchall accounts and unexpected mail server behavior you may get no response even if an email address is not valid. IMO, the only way to verify that an email address exists *and* is being used by the person who supplied it (I assume in most cases this is the whole point) is to send a unique string or URL and check that the recipient responds with the string in an email or visits the URL. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
Steve Werby [EMAIL PROTECTED] writes: Like Tom said, use regex to check the email is of a valid format. A small percentage of servers can be contacted to find whether an email address is valid, but fewer and fewer are allowing this so it's completely unreliable. Arcady Genkin [EMAIL PROTECTED] wrote: There's a nifty little open source program called `vrfy' which does nice things about email veryfication. Finding it is left as an It is a cool tool, but like I said in my email most servers won't allow you to test email address validity. It's possible using the command VRFY or the even more dangerous EXPN to determine whether an email address is valid or in the case of EXPN to expand an alias to return a list of all recipients. It's a good idea to disable these commands on the server so spammers can't easily determine valid email addresses, malicious folks can't get a list of all of your employee email addresses and hackers can't determine valid usernames to attack the server with. FYI, in sendmail both commands can be disabled by making sure PrivacyOptions is set as follows: PrivacyOptions=noexpn novrfy Or you can set them to the following which goes a little further: PrivacyOptions=goaway So unfortunately vrfy will only be useful when checking servers that haven't disabled that command. :-( -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Email verification (was: [PHP] Removing Invalid Users)
Steve Werby [EMAIL PROTECTED] writes: So unfortunately vrfy will only be useful when checking servers that haven't disabled that command. :-( If I understand correctly, vrfy does not wholy depend on that functionality to be supported by the server. I think that it simply connects to the smtp port of the mail exchanger and emulates an email delivery, aborting halfway. Basically it wants to determine whether the mail exchanger would accept email for a given domain. In most cases it won't give you 100% certainty that the email addy is legit, but at least you know that the domain part is not faked, and there is a mail exchanger willing to serve it. -- Arcady Genkin i=1; while 1, hilb(i); i=i+1; end -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Email verification (was: [PHP] Removing Invalid Users)
I've had the same experience with VRFY... Our copy of sendmail was preconfigured to allow VRFY from localhost only... There really isn't any surefire way to verify whether an e-mail exists or not, except to try to send to it, correct? -Original Message- From: Steve Werby [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 05, 2001 12:06 AM To: Arcady Genkin Cc: Clayton Dukes; [EMAIL PROTECTED] Subject: Re: [PHP] Email verification (was: [PHP] Removing Invalid Users) Steve Werby [EMAIL PROTECTED] writes: Like Tom said, use regex to check the email is of a valid format. A small percentage of servers can be contacted to find whether an email address is valid, but fewer and fewer are allowing this so it's completely unreliable. Arcady Genkin [EMAIL PROTECTED] wrote: There's a nifty little open source program called `vrfy' which does nice things about email veryfication. Finding it is left as an It is a cool tool, but like I said in my email most servers won't allow you to test email address validity. It's possible using the command VRFY or the even more dangerous EXPN to determine whether an email address is valid or in the case of EXPN to expand an alias to return a list of all recipients. It's a good idea to disable these commands on the server so spammers can't easily determine valid email addresses, malicious folks can't get a list of all of your employee email addresses and hackers can't determine valid usernames to attack the server with. FYI, in sendmail both commands can be disabled by making sure PrivacyOptions is set as follows: PrivacyOptions=noexpn novrfy Or you can set them to the following which goes a little further: PrivacyOptions=goaway So unfortunately vrfy will only be useful when checking servers that haven't disabled that command. :-( -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
