It cannot be denied that on the internet, the existence of email is very important. With email, information can arrive very quickly even if the sender and recipient are on two different continents. Apart from that, email remains a popular choice for companies and developers to convey information to their customers.
This time, I’d like to share a simple PHP script to validate email addresses via writing format, MX record, and SMTP mailbox checks.
To validate an email address, we can do several things. Specifically, this involves checking the email’s writing format, verifying the MX record on the domain you want to check, or even connecting to the destination SMTP server to determine the target user’s whereabouts.
The source code is available for download at http://go.webdatasolusindo.co.id/scripts/php/email-advanced-validation.php
or at http://pastebin.com/yyjChgKF
.
1. Validate Email Format
The email format commonly used is as follows:
[email protected]
Username
: the intended recipient’s name.domain.com
: the domain name where the user is located.
However, this format validation has a weakness: we don’t know whether the domain actually hosts a mail server. For instance, the email address [email protected]
will be considered valid, even though the domain does not exist. To ensure the domain’s validity or nonexistence, we can check via the MX record.
2. Validate MX Records
The MX Record function typically delegates email for a domain/host to its destination mail server.
For example, running the command dig wds.co.id MX +short
:
130 aspmx3.googlemail.com.
20 aspmx.l.google.com.
310 alt1.aspmx.l.google.com.
420 alt2.aspmx.l.google.com.
530 aspmx2.googlemail.com.
This will display the MX Record for the domain wds.co.id
.
By querying the MX record, it can be concluded that this domain allows email addresses. However, this validation has a weakness: we don’t know whether the user on the domain actually exists.
For instance, the email address [email protected]
will be considered valid even though the fake account does not exist on the targeted mail server.
To determine the user’s actual existence, we can further develop this by connecting to the destination SMTP server.
3. Validate SMTP Mailbox
By connecting to the SMTP server, we can determine whether the user on the domain actually exists or not. For example, I use telnet
to connect to port 25
(the default SMTP port) and execute SMTP commands.
1dit@tompel ~ $ telnet aspmx3.googlemail.com 25
2Trying 74.125.137.26...
3Connected to aspmx3.googlemail.com.
4Escape character is '^]'.
5220 mx.google.com ESMTP c2si11647357yhk.33
6HELO aspmx3.googlemail.com
7250 mx.google.com at your service
8MAIL FROM: <[email protected]>
9250 2.1.0 OK c2si11647357yhk.33
10RCPT TO: <[email protected]>
11250 2.1.5 OK c2si11647357yhk.33
12QUIT
13221 2.0.0 closing connection c2si11647357yhk.33
14Connection closed by foreign host.
15dit@tompel ~ $ telnet aspmx3.googlemail.com 25
16Trying 74.125.137.26...
17Connected to aspmx3.googlemail.com.
18Escape character is '^]'.
19220 mx.google.com ESMTP w4si11351321yhd.42
20HELO aspmx3.googlemail.com
21250 mx.google.com at your service
22MAIL FROM: <[email protected]>
23250 2.1.0 OK w4si11351321yhd.42
24RCPT TO: <[email protected]>
25550-5.1.1 The email account that you tried to reach does not exist. Please try
26550-5.1.1 double-checking the recipient's email address for typos or
27550-5.1.1 unnecessary spaces. Learn more at
28550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 w4si11351321yhd.42
29QUIT
30221 2.0.0 closing connection w4si11351321yhd.42
31Connection closed by foreign host.
Pay attention to the initial telnet connection:
1RCPT TO: <[email protected]>
2250 2.1.5 OK c2si11647357yhk.33
and the second telnet connection:
1RCPT TO: <[email protected]>
2550-5.1.1 The email account that you tried to reach does not exist. [ Blah blah blah... ]
On the first connection, it appears that the mail server wants to receive email for the intended recipient. On the second connection, the mail server does not want to receive email for the intended recipient.
Therefore, it can be concluded that the user fake.account
in the wds.co.id
domain does not actually exist.
Based on these three validations, I developed this basic concept of my PHP E-Mail Advanced Validation script.