How to verify the accuracy of an email address

I have a web application that registered users use. These users have good email addresses that I have verif开发者_JAVA百科ied through the traditional method of sending them an email verification link that they must click on.

However, within this application my users will provide an email address of a third party, that is not a registered user on my system. My application will then send an email request to the third party.

I am looking for a solution that will allow me to catch any problems or typos that the user is entering on my web form. I'm looking for something beyond a regular expression check so that problems such a "somoebody@domain.vom" would be identifed as an error while the user is still on the site, since the "vom" top level domain is invalid.

Thanks

The SMTP protocol allows sending messages, as everyone knows. However, part of the protocol is saying HELO to the SMTP server and to ask for permission to send the user an email.

Usually the SMTP server will deny delivering mails to users that do not exist, and when the server accepts the address, there is a fair chance that the account exists. You then just drop the connection without really sending an email. This approach is IMHO the most reasonable, and works far beyond just using regex for mail address validation.

However, if the destination MX host is just a hop that just transmits the mails to another server, the hop cannot know if the address really exists, so this is not a 100% positive.

As ever, there is no bulletproof way to verify the correctness of an email address other than attempting to send an email to it.

I'm guessing that's really not an option for this sort of validation, so the best you can do is use a regex that knows about the current set of TLDs.

See this question for more.

There are a whole bunch of issues with validating an email address. You could write an incredibly long/complicated regex, but the world may change. "vom" could be a valid TLD tomorrow.

Suggest that only by sending an email to that address can you determine that an email address is valid. I'd suggest the HELO suggestion as a quick and solid test on whether the entered address actually works.

It sounds though, from your question, that you're looking to detect/avoid typos. Perhaps you'd just be notifying the user unobtrusively with "did you mean '.com'?". There'd have to be a whitelist of valid TLDs (perhaps calling a web service to ensure that the TLD list (with new/removed extensions).

There are also the rabbit hole discussions about whether a plus-sign is valid and/or supported on various SMTP servers.

You can easily verify the hostname/domain part of a mail address with a simple DNS look-up.

There is, however, no easy way to verify the username part, especially considering the fact that rarely are usernames actual names that you can look up in a dictionary or something.

There is also no safe way to query a mail server for a username. Many SMTP servers are simple relays with no knowledge of the user list of the destination site. In addition, many mail servers will actually accept messages to invalid users, in order to avoid the possibility of spammers acquiring their actual user list by brute force.

The only "safe" way is to send a polite message asking for confirmation, "User John B. in MyService.com has invited you to his newsletter, do you accept?". If you get a reply message you can add that address to a list of valid addresses for each of your users, which you can use later in various ways to help your users avoid typos in the future.