Re: [PHP] phpmailer send() always return true even the emailaddress is invalid
> The second problem is that it still forces the originating SMTP server > to pass on the 5xx error as a bounce message to the originator. Yeah, I guess this would be a problem in cases where the originating server is an open relay that's being exploited by a spammer. I wonder what proportion of spam is sent in this manner -- and and how much, on the other hand, comes from a direct SMTP conversation between a malicious client and the MX server of the recipient's domain. Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpmailer send() always return true even the emailaddress is invalid
On Thu, Aug 27, 2009 at 10:57:32AM -0700, Ben Dunlap wrote: > > another change in the email admin best practices discussion. For a short > > while the network became clogged in bounce messages sent to both valid > > and invalid addresses. Some of the invalid addresses even triggered > > infinite loops of error messages. None of the servers I am familiar with > > send bounce messages reporting invalid addresses any more. Our own > > servers won't even tell us internally when they discard incoming > > messages. SPAM quarantine is a thing of the past. > > Seems like there's another possible way to handle messages to invalid > addresses, though; the receiving SMTP server can simply reject the > "RCPT TO" command with a 5xx error. This avoids backscatter but also > lets well-behaved clients know that the destination address is > invalid. AFAIK this is how Rackspace Email works (if you don't have a > catch-all address configured). There are two issues with this. First, when a service like Yahoo, with millions of customers, has an SMTP conversation, it would have to check for each RCPT TO address while the conversation is going on. I can imagine they would consider this a problem. It's simpler for them to simply accept the mail and issue a bounce later when they've done their checking (which is what a lot of them currently do). The second problem is that it still forces the originating SMTP server to pass on the 5xx error as a bounce message to the originator. The fact is that, according to what I know of the RFCs, SMTP servers are supposed to reject bad addresses with a 5xx error during the SMTP conversation, as you describe. But it appears that a lot of servers don't follow the RFCs. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpmailer send() always return true even the emailaddress is invalid
> another change in the email admin best practices discussion. For a short > while the network became clogged in bounce messages sent to both valid > and invalid addresses. Some of the invalid addresses even triggered > infinite loops of error messages. None of the servers I am familiar with > send bounce messages reporting invalid addresses any more. Our own > servers won't even tell us internally when they discard incoming > messages. SPAM quarantine is a thing of the past. Seems like there's another possible way to handle messages to invalid addresses, though; the receiving SMTP server can simply reject the "RCPT TO" command with a 5xx error. This avoids backscatter but also lets well-behaved clients know that the destination address is invalid. AFAIK this is how Rackspace Email works (if you don't have a catch-all address configured). Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpmailer send() always return true even the emailaddress is invalid
On Thu, Aug 27, 2009 at 10:06:03AM -0500, Shawn McKenzie wrote: > Paul M Foster wrote: > > On Thu, Aug 27, 2009 at 09:00:24AM -0400, Bob McConnell wrote: > > > >> The return code only tells you the local server accepted the mail. It is > >> unlikely that server knows the address is invalid since it can only > >> validate the domain portion of the address. Only the destination server > >> can validate the user name, and most are now configured not to report > >> mail sent to invalid addresses due to spam. They will silently discard > >> the message. > >> > > > > It used to be that internet mail servers would deny an email address as > > invalid while the SMTP conversation was going on. Then, because of > > services with millions of addresses, like Yahoo, they stopped doing > > this, and instead would bounce the messages back some time later. > > > > I recently had a conversation with a guy who's heavily involved in > > internet email. His view echoed what you're saying-- it does spammers a > > favor to bounce messages to bad addresses. But I got the impression that > > his view was a minority one. > > > > It sounds like you're saying his view has become the majority view. Does > > your job put you in a position to confirm this with authority? > > > > Paul > > > > It's called backscatter spam and the problem is this: if a spammer uses > someones legitimate address, let's say yours as the from address, and > sends to thousands of recipients, then you get all of the failure > messages. If that's not bad enough, consider if the from address is a > legitimate domain but nonexistent user, then the server that receives > the failure messages sent to the nonexistent user may issue its own > failure messages back to the other nonexistent users, and maybe back and > forth either infinitely or until some server reaches a configured > threshold of some sort. Believe me, I know about backscatter. I'm admin on about six lists, and my email address is on at least five public websites. You want backscatter? I got backscatter. The worst case (not necessarily backscatter) was when I had a backup admin on one of those lists, and majordomo was issuing bounces to both the backup and me. Unfortunately, at the same time, his email address went down. Now I was getting bounces of the bounces from his email address too. And each email contained the text of the previous bounce. So I was getting 250k (size) emails (and growing) as fast as majordomo could generate them. I had to call the host company for the lists to get them to take him off as an admin. I just love computers. ;-} Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpmailer send() always return true even the emailaddress is invalid
Paul M Foster wrote: > On Thu, Aug 27, 2009 at 09:00:24AM -0400, Bob McConnell wrote: > >> The return code only tells you the local server accepted the mail. It is >> unlikely that server knows the address is invalid since it can only >> validate the domain portion of the address. Only the destination server >> can validate the user name, and most are now configured not to report >> mail sent to invalid addresses due to spam. They will silently discard >> the message. >> > > It used to be that internet mail servers would deny an email address as > invalid while the SMTP conversation was going on. Then, because of > services with millions of addresses, like Yahoo, they stopped doing > this, and instead would bounce the messages back some time later. > > I recently had a conversation with a guy who's heavily involved in > internet email. His view echoed what you're saying-- it does spammers a > favor to bounce messages to bad addresses. But I got the impression that > his view was a minority one. > > It sounds like you're saying his view has become the majority view. Does > your job put you in a position to confirm this with authority? > > Paul > It's called backscatter spam and the problem is this: if a spammer uses someones legitimate address, let's say yours as the from address, and sends to thousands of recipients, then you get all of the failure messages. If that's not bad enough, consider if the from address is a legitimate domain but nonexistent user, then the server that receives the failure messages sent to the nonexistent user may issue its own failure messages back to the other nonexistent users, and maybe back and forth either infinitely or until some server reaches a configured threshold of some sort. -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] phpmailer send() always return true even the emailaddress is invalid
From: Paul M Foster > On Thu, Aug 27, 2009 at 09:00:24AM -0400, Bob McConnell wrote: >> >> The return code only tells you the local server accepted the mail. It is >> unlikely that server knows the address is invalid since it can only >> validate the domain portion of the address. Only the destination server >> can validate the user name, and most are now configured not to report >> mail sent to invalid addresses due to spam. They will silently discard >> the message. >> > > It used to be that internet mail servers would deny an email address as > invalid while the SMTP conversation was going on. Then, because of > services with millions of addresses, like Yahoo, they stopped doing > this, and instead would bounce the messages back some time later. > > I recently had a conversation with a guy who's heavily involved in > internet email. His view echoed what you're saying-- it does spammers a > favor to bounce messages to bad addresses. But I got the impression that > his view was a minority one. > > It sounds like you're saying his view has become the majority view. Does > your job put you in a position to confirm this with authority? No, it doesn't. However, as part of my job I have monitored several security lists. When SPAM generators, that had been widely deployed by virus, started sending mail with random return addresses, they forced another change in the email admin best practices discussion. For a short while the network became clogged in bounce messages sent to both valid and invalid addresses. Some of the invalid addresses even triggered infinite loops of error messages. None of the servers I am familiar with send bounce messages reporting invalid addresses any more. Our own servers won't even tell us internally when they discard incoming messages. SPAM quarantine is a thing of the past. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpmailer send() always return true even the emailaddress is invalid
Ash, Viktor, Thanks! Yes, validate the email is the preliminary solution. However, it is still possible that the email address is valid but is not exist in the target email provider. I wish to know also if the email can reach the recipient or not. Actually, I have tested with localhost in my computer, with ArGoSoft Mail Server, I'm just using php mail() function. When the email server was off, or invalid email account of localhost, or sending to external email provider (which I have yet to configured the DNS, so ArGoSoft cannot resolve it), I'll receive false from the mail() function. I need to use this info to inform my user whether the mail is successfully sent out or not. Any idea why PHP mail() function can do this in my computer? Thanks for your valuable advice! "Viktor Popov" wrote in message news:4a9682af.7050...@neterra.net... Ashley Sheridan wrote: On Thu, 2009-08-27 at 20:38 +0800, Keith wrote: Due to my web hosting server implement SMTP authentication, I couldn't do it with PHP mail() function, so I opt for PHPMailer. However, the $mail->Send() method always return true even I've set the $mail->AddAddress with invalid email address. I've tried with valid address. It's good and I've received the email. Then I set it with invalid x...@gmail.com, the return value is true, and I have received email from mailer daemon that gmail has rejected the email. Then I set the $mail->Address with invalid name & invalid domain. This time, the $mail->Send() still return as true, however, I didn't receive email from mailer daemon this time. Any idea why this happened? Any solution for me or suggestion to use other send mail class/function that support SMTP authentication? Thanks! Keith The return code only informs you that the mail was sent successfully, not that it was received, so you can have invalid email addresses and still have the function return true. Thanks, Ash http://www.ashleysheridan.co.uk Exactly, you should validate the e-mail addresses before sending the mail. Something like this: http://php.dzone.com/news/php-email-validator-email-mx-d -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] phpmailer send() always return true even the emailaddress is invalid
Ashley Sheridan wrote: On Thu, 2009-08-27 at 20:38 +0800, Keith wrote: Due to my web hosting server implement SMTP authentication, I couldn't do it with PHP mail() function, so I opt for PHPMailer. However, the $mail->Send() method always return true even I've set the $mail->AddAddress with invalid email address. I've tried with valid address. It's good and I've received the email. Then I set it with invalid x...@gmail.com, the return value is true, and I have received email from mailer daemon that gmail has rejected the email. Then I set the $mail->Address with invalid name & invalid domain. This time, the $mail->Send() still return as true, however, I didn't receive email from mailer daemon this time. Any idea why this happened? Any solution for me or suggestion to use other send mail class/function that support SMTP authentication? Thanks! Keith The return code only informs you that the mail was sent successfully, not that it was received, so you can have invalid email addresses and still have the function return true. Thanks, Ash http://www.ashleysheridan.co.uk Exactly, you should validate the e-mail addresses before sending the mail. Something like this: http://php.dzone.com/news/php-email-validator-email-mx-d -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php