Hiya. when people register to my website i don't want to send them a verification e-mail, i just want to check if that e-mail exists. is there a way to do such a thing ?
using apache-tomcat and java as my main programming language.
thanks a lot!
views:
622answers:
8
+14
A:
No. There is no way to tell if an email address points to a valid destination. You can check basic syntax, and that the domain has a record in DNS, but that's all.
bmargulies
2010-03-01 14:10:04
More specifically: "...has a **MX** record in DNS..."
Dolph
2010-03-01 14:13:09
I don't agree. You can deliver email to a domain with no MX record.
bmargulies
2010-03-01 14:32:41
@bmargulies: how would you do that?
Joachim Sauer
2010-03-01 17:08:03
this isn't actually the correct answer
fuzzy lollipop
2010-03-01 17:25:49
A host can perfectly well run an SMTP server on port 25 without any MX records. MX records exist to tell you that mail addressed to some DNS name should be delivered to some other domain. If foo.bar.baz.com has an SMTP server, it needs no MX records to accept mail.
bmargulies
2010-03-01 19:01:22
+5
A:
You can at highest use regex to check if the address is syntactically valid and/or looking up the MX records if the domain is valid, but this still does not guarantee that the email address is legitimate and belongs to the registrant in question. There is really no more reliable way than sending a verficiation email and waiting for confirmation in a short timespan.
BalusC
2010-03-01 14:10:47
@fuzzy: There's also not an 100% reliable way that the email address belongs to the user in question and this is never going to come. I checked the site in your answer, entered several addresses I know they exist and some of them failed because the server doesn't support VRFY. I wouldn't waste that much time verifying the email address somewhere else on the network. Just send a verification email and wait for confirmation :)
BalusC
2010-03-08 11:22:14
you can connect send a RCPT message and then RSET it, you didn't look at what my solution actually does.
fuzzy lollipop
2010-03-08 13:41:03
+1
A:
If you just want to verify that it LOOKs like a valid email address, there are many sample Regex's that will verify that. If you want to verify the user has control of the email address, you'll need to send something to it and craft a unique response to verify it.
No Refunds No Returns
2010-03-01 14:11:04
+3
A:
This has been answered already in previous questions here. Without a verification email, the best you can do is look at the email address and look if it seems valid. You can also check things such as the domain, to see if it exists and has MX records. Anyway, see http://stackoverflow.com/questions/3232/how-far-should-one-take-e-mail-address-validation and http://stackoverflow.com/questions/201323/what-is-the-best-regular-expression-for-validating-email-addresses
Mike
2010-03-01 14:11:46
+1
A:
i guess this is what you are looking for
http://www.strikeiron.com/Catalog/ProductDetail.aspx?pv=5.0.0&pn=Email+Verification
Anantha Kumaran
2010-03-01 17:02:21
looks like a great service but i would prefer something free of charge. thanks
ufk
2010-03-02 11:29:56
+2
A:
contrary to some of the uneducated answers you can TRY and connect to an MX server and use the VRFY command to see if the sever supports it. Here is a website that will do this for you as an example. If you look at its exchange with the MX server it actually does try and send an email but does a RESET before actually sending it. Testing it with my email address works but I don't get an email. So yes you CAN do what everyone else is saying you can't do. Use an address you know works for your domain, then use one that you don't isn't supported. You will get a 550 on the last RCTP TO command. That is how you know it doesn't exist.
fuzzy lollipop
2010-03-01 17:12:53
+3
A:
I just wanted to weigh in and say that despite your reticence to do so, PLEASE send an email and force the user to confirm that they have control of it before allowing that email address to be used in association with an account on your site. Why? Because not doing that, for any reason, means that users can sign up for accounts using email addresses that aren't theirs. They might do so accidentally, or they might do so very much on purpose (e.g., signing others up for accounts for any number of reasons); that's just not kosher, and websites that allow it are open to being reported to their ISPs.
(I say this as the owner of a Gmail account which, at least two to three times a month, is signed up for an account at some website that doesn't force users to confirm their email addresses in this manner. It's irritating, and it puts the onus on me to get the account removed from the offending website. I've now taken to recovering any passwords I can, logging into the account, and then changing the email address to "[email protected]" or something like that... it's sorta fun, but I doubt you want this to happen on your website.)
delfuego
2010-03-01 17:19:31
The important point here is not so much "force people to confirm an email address" but "don't send email to unconfirmed addresses". You can create accounts before the email is confirmed, provide you don't send any emails (other than the confirmation attempt) or prevent other users attempting to confirm that address.
Colin Pickard
2010-03-01 17:31:06
+1
A:
You can use the openid service to check for valids email addresses as stackoverflow does.
Koder_
2010-03-01 17:21:54