PHP Email Advanced Validation (Format, MX Host, SMTP Mailbox)

ditatompel October 14, 2012 3 min read Programming PHP
A simple PHP script for validating email addresses using format, MX record, and SMTP mailbox checks.
On this page
PHP Email Advanced Validation (Format, MX Host, SMTP Mailbox)

It cannot be denied that on the internet, the existence of email is very important. With email, information can arrive very quickly even if the sender and recipient are on two different continents. Apart from that, email remains a popular choice for companies and developers to convey information to their customers.

This time, I’d like to share a simple PHP script to validate email addresses via writing format, MX record, and SMTP mailbox checks.

To validate an email address, we can do several things. Specifically, this involves checking the email’s writing format, verifying the MX record on the domain you want to check, or even connecting to the destination SMTP server to determine the target user’s whereabouts.

The source code is available for download at http://go.webdatasolusindo.co.id/scripts/php/email-advanced-validation.php or at http://pastebin.com/yyjChgKF.

1. Validate Email Format

The email format commonly used is as follows:

  • [email protected]
  • Username: the intended recipient’s name.
  • domain.com: the domain name where the user is located.

However, this format validation has a weakness: we don’t know whether the domain actually hosts a mail server. For instance, the email address [email protected] will be considered valid, even though the domain does not exist. To ensure the domain’s validity or nonexistence, we can check via the MX record.

2. Validate MX Records

The MX Record function typically delegates email for a domain/host to its destination mail server.

For example, running the command dig wds.co.id MX +short:

130 aspmx3.googlemail.com.
20 aspmx.l.google.com.
310 alt1.aspmx.l.google.com.
420 alt2.aspmx.l.google.com.
530 aspmx2.googlemail.com.

dig record

This will display the MX Record for the domain wds.co.id.

By querying the MX record, it can be concluded that this domain allows email addresses. However, this validation has a weakness: we don’t know whether the user on the domain actually exists.

For instance, the email address [email protected] will be considered valid even though the fake account does not exist on the targeted mail server.

To determine the user’s actual existence, we can further develop this by connecting to the destination SMTP server.

3. Validate SMTP Mailbox

By connecting to the SMTP server, we can determine whether the user on the domain actually exists or not. For example, I use telnet to connect to port 25 (the default SMTP port) and execute SMTP commands.

 1dit@tompel ~ $ telnet aspmx3.googlemail.com 25
 2Trying 74.125.137.26...
 3Connected to aspmx3.googlemail.com.
 4Escape character is '^]'.
 5220 mx.google.com ESMTP c2si11647357yhk.33
 6HELO aspmx3.googlemail.com
 7250 mx.google.com at your service
 8MAIL FROM: <[email protected]>
 9250 2.1.0 OK c2si11647357yhk.33
10RCPT TO: <[email protected]>
11250 2.1.5 OK c2si11647357yhk.33
12QUIT
13221 2.0.0 closing connection c2si11647357yhk.33
14Connection closed by foreign host.
15dit@tompel ~ $ telnet aspmx3.googlemail.com 25
16Trying 74.125.137.26...
17Connected to aspmx3.googlemail.com.
18Escape character is '^]'.
19220 mx.google.com ESMTP w4si11351321yhd.42
20HELO aspmx3.googlemail.com
21250 mx.google.com at your service
22MAIL FROM: <[email protected]>
23250 2.1.0 OK w4si11351321yhd.42
24RCPT TO: <[email protected]>
25550-5.1.1 The email account that you tried to reach does not exist. Please try
26550-5.1.1 double-checking the recipient's email address for typos or
27550-5.1.1 unnecessary spaces. Learn more at
28550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 w4si11351321yhd.42
29QUIT
30221 2.0.0 closing connection w4si11351321yhd.42
31Connection closed by foreign host.

SMTP commands

Pay attention to the initial telnet connection:

1RCPT TO: <[email protected]>
2250 2.1.5 OK c2si11647357yhk.33

and the second telnet connection:

1RCPT TO: <[email protected]>
2550-5.1.1 The email account that you tried to reach does not exist. [ Blah blah blah... ]

On the first connection, it appears that the mail server wants to receive email for the intended recipient. On the second connection, the mail server does not want to receive email for the intended recipient.

Therefore, it can be concluded that the user fake.account in the wds.co.id domain does not actually exist.

Based on these three validations, I developed this basic concept of my PHP E-Mail Advanced Validation script.

Connect to the Internet Using ZTE AC2726i Smart Modem on Linux
Cloudflare Reverse Proxies are Dumping Uninitialized Memory
PHPMyAdmin Configuration for Multi Database Server
PHPMyAdmin Configuration for Multi Database Server
Installing PHP, Apache, MySQL, and phpMyAdmin on Arch Linux
Installing PHP, Apache, MySQL, and phpMyAdmin on Arch Linux
Running Wakapi, a Self-Hosted WakaTime Compatible Backend for Coding Stats
Running Wakapi, a Self-Hosted WakaTime Compatible Backend for Coding Stats
Creating a virtualization lab on a local network with VirtualBox (2012)
Creating a virtualization lab on a local network with VirtualBox (2012)
Connect to the Internet Using ZTE AC2726i Smart Modem on Linux
Connect to the Internet Using ZTE AC2726i Smart Modem on Linux
Using GnuPG/PGP for Email Encryption in Thunderbird (2012)
Using GnuPG/PGP for Email Encryption in Thunderbird (2012)
Note About Email and Privacy
Note About Email and Privacy
SSH Client - Server (Security & Simplicity)
SSH Client - Server (Security & Simplicity)
Reading Binaries Manually
Reading Binaries Manually
Control Nearby Computers With One Mouse and Keyboard Using Deskflow
Control Nearby Computers With One Mouse and Keyboard Using Deskflow