views:

3775

answers:

7

I need to send hundreds of newsletters, but would like to check first if email exists on server. It's called smtp validation, at least i think so, based on my research on net.
There's several libraries that can do that, and also a page with open-source code in asp (http://www.coveryourasp.com/ValidateEmail.asp#Result3), but I have hard time reading classic asp, and it seams that it uses some third-party library...
Does someone have code for smtp validation in c#, and/or general explanation of how it works?

+2  A: 

The Real(TM) e-mail validation is trying to send something to the address, and seeing if it is rejected/bounced. So, you'll just have to send them away, and remove the addresses that fail from your mailing list.

Ishmaeel
+5  A: 

SMTP is a text based protocol carried over TCP/IP.

Your validation program needs to open a TCP/IP connection to the server's port 25 (SMTP), write in a few lines and read the answer. Validation is done (but not always) on the "RCTP TO" line and on the "VFRY" line.

The SMTP RFC describes how this works (see [email protected] below, S are lines sent by the client, R are lines received from the server):

Example of the SMTP Procedure

         This SMTP example shows mail sent by Smith at host Alpha.ARPA,
         to Jones, Green, and Brown at host Beta.ARPA.  Here we assume
         that host Alpha contacts host Beta directly.

            S: MAIL FROM:
            R: 250 OK

            S: RCPT TO:
            R: 250 OK

            S: RCPT TO:
            R: 550 No such user here
diciu
+7  A: 

Be aware that most MTAs (Mail Transfer Agent) will have the VRFY command turned off for spam protection reasons, they'll probably even block you if you try several RCPT TO in a row (see http://www.spamresource.com/2007/01/whatever-happened-to-vrfy.html). So even if you find a library to do that verification, it won't be worth a lot. Ishmaeel is right, the only way to really find out, is sending an email and see if it bounces or not.

@Hrvoje: Yes, I'm suggesting you monitor rejected emails. BUT: not all the bounced mails should automatically end up on your "does not exist"-list, you also have to differentiate between temporary (e.g. mailbox full) and permanent errors.

WMR
+1  A: 

so, you are suggesting that I monitor email from which I'm sending mails and see if there's rejected emails returned?

Hrvoje
+2  A: 

Don't take this the wrong way, but sending newsletters to more than a handful of people these days is a fairly serious matter. Yes, you need to be monitoring bounces (rejected emails) which can occur synchronously during the SMTP send (typically if the SMTP server you are connected to is authoritative), or asynchronously as a system-generated email message that occurs some amount of time after the SMTP send succeeded.

Also keep the CAN-SPAM Act in mind and abide by the law when sending these emails; you've got to provide an unsub link as well as a physical street address (to both identify you and t0 allow users to send unsub requests via snail-mail if they so choose).

Failure to do these things could get your IP null-routed at best and sued at worst.

Dane
A: 

While it's true that many domains will return false positives because of abuse, there are still some great components out there that will perform several levels of validation beyond just the SMTP validation. For example, it's worth it to check first to see if at least the domain exists. I'm in the process of compiling my own list of resources related to this question which you can track here:

http://delicious.com/dworthley/email.validation

For those who might want to add to this list, I'll also include what I currently have here:

For a bulletproof form and a great user experience, it's helpful to validate as many aspects of the email address as possible. I can see from the aspNetMX validator that they check:

  • the syntax
  • the email against a list of bad email addresses
  • the domain against a list of bad domains
  • a list of mailbox domains
  • whether or not the domain exists
  • whether there are MX records for the domain
  • and finally through SMTP whether or not a mailbox exists

It's this last step that can be circumvented by administrators by returning true to basically all account verification requests, but in most cases if the user has intentionally entered a bad address it's already been caught. And if it was user error in the domain part of the address, that will be caught too.

Of course, a best practice for using this kind of a service for a registration screen or form would be to combine this kind of validation with a verification process to ensure that the email address is valid. The great thing about using an email validator in front of a verification process is that it will make for a better overall user experience.

Don Worthley
+1  A: 

You may need this Email Validator component for .NET

Here is the code example:


   // Create a new instance of the EmailValidator class.
   EmailValidator em = new EmailValidator();
   em.MessageLogging += em_MessageLogging;
   em.EmailValidated += em_EmailValidationCompleted;
   try
   {
       string[] list = new string[3] { "[email protected]", "[email protected]", "[email protected]" };
       em.ValidateEmails(list);
   }
   catch (EmailValidatorException exc2)
   {
       Console.WriteLine("EmailValidatorException: " + exc2.Message);
   }
i want open source, free version, but thanx anyway
Hrvoje