Skip to main content
M
Mottakutty1
Participant
June 2, 2011
Answered

Validate Email address (SMTP check)

  • June 2, 2011
  • 2 replies
  • 2919 views

Hello,

When a member joins our website an email is sent confirming the registration. Few of these are non existant email addresses.
I would like to know if there is any way to validate an email address in coldfusion (SMTP check) without sending an email to the recipient so that we have legit email . This procedure is needed to prevent our  IP being on the spam list. We have a string check using regular expression.

Help much appreciated

Thank you

Mottakutty

    This topic has been closed for replies.
    Correct answer Owainnorth

    Oh hang on, hang on I get to use this:

    "I think you misunderstand, Adam" - note the comma use

    OP - You're saying you want to do an SMTP check (ie connect to mailserver and verify the account exists) but then speak of regular expressions to validate that the string passed to you meets the RFC requirements? That's two things.

    First up as Adam says, you can validate the email address using CFINPUT, and again server-side using isValid(). Incidentally isValid("email") is actually full of bugs if you read the email address RFCs, which sadly I had to once.

    However if you want to actually test whether or not the address exists on the mailserver, no there's no way of doing this natively using CF. You could (if you were fairly adept at Java) write yourself some classes that look up the MX records for a domain and then telnet to it. Basic SMTP conversation would do you:

    220 remoteserver.something.com Microsoft ESMTP MAIL Service

    HELO yourdomain.com

    250 remoteserver.something.com  Hello

    MAIL FROM:email@yourdomain.com

    250 2.1.0 email@yourdomain.com....Sender OK

    RCPT TO:theiremail@theirdomain.com

    550 5.7.1 Unable to relay for theiremail@theirdomain.com

    Unless you get a 250 in response to your RCPT TO command, it's an invalid account.

    However.

    There really is no need to go that far in order to validate account. Far simpler is to just send them a confirmation email with a link they have to click to verify their account.

    Sending email to a non-existant email address will *not* get you onto spam blocklists. The only thing that will is if you send email to one of the honeytrap email accounts that people like Messagelabs set up. No-one particularly knows what these are (as that would defeat the point) but they're only ever hit if you just pick a domain name and mass-mail every email address prefix you can think of to hope some sticks. No-one is going to come to your website and enter one of these email addresses.

    I suspect you're already doing enough to make sure you're not on the blocklists. Generally you only end up on one if your mailserver is sending spam, things are much more clever these days.

    2 replies

    Owainnorth
    OwainnorthCorrect answer
    Inspiring
    June 2, 2011

    Oh hang on, hang on I get to use this:

    "I think you misunderstand, Adam" - note the comma use

    OP - You're saying you want to do an SMTP check (ie connect to mailserver and verify the account exists) but then speak of regular expressions to validate that the string passed to you meets the RFC requirements? That's two things.

    First up as Adam says, you can validate the email address using CFINPUT, and again server-side using isValid(). Incidentally isValid("email") is actually full of bugs if you read the email address RFCs, which sadly I had to once.

    However if you want to actually test whether or not the address exists on the mailserver, no there's no way of doing this natively using CF. You could (if you were fairly adept at Java) write yourself some classes that look up the MX records for a domain and then telnet to it. Basic SMTP conversation would do you:

    220 remoteserver.something.com Microsoft ESMTP MAIL Service

    HELO yourdomain.com

    250 remoteserver.something.com  Hello

    MAIL FROM:email@yourdomain.com

    250 2.1.0 email@yourdomain.com....Sender OK

    RCPT TO:theiremail@theirdomain.com

    550 5.7.1 Unable to relay for theiremail@theirdomain.com

    Unless you get a 250 in response to your RCPT TO command, it's an invalid account.

    However.

    There really is no need to go that far in order to validate account. Far simpler is to just send them a confirmation email with a link they have to click to verify their account.

    Sending email to a non-existant email address will *not* get you onto spam blocklists. The only thing that will is if you send email to one of the honeytrap email accounts that people like Messagelabs set up. No-one particularly knows what these are (as that would defeat the point) but they're only ever hit if you just pick a domain name and mass-mail every email address prefix you can think of to hope some sticks. No-one is going to come to your website and enter one of these email addresses.

    I suspect you're already doing enough to make sure you're not on the blocklists. Generally you only end up on one if your mailserver is sending spam, things are much more clever these days.

    A
    Adam Cameron.
    Inspiring
    June 2, 2011

    Oh hang on, hang on I get to use this:

    "I think you misunderstand, Adam" - note the comma use


    Hehheh.  And I'm getting used to people having grounds to say that to me.

    And of course yu're quite right:

    1) I did misunderstand;

    2) I agree there's little point in doing it.

    --

    Adam

    Owainnorth
    Owainnorth
    Inspiring
    June 2, 2011

    I'll get it printed on a t-shirt for you

    A
    Adam Cameron.
    Inspiring
    June 2, 2011

    Yep.  Read the docs for CFINPUT. http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7f51.html

    Don't forget you still need to validate on the server side as well (because client-side validation can be defeated pretty easily).

    --

    Adam

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices