Verify a User's Email Address Using PHP

[ArticleBot]

This is an article discussion thread for discussing the SitePoint article, "Verify a User's Email Address Using PHP"

[ssx-gun]

so sad that windows doesnt support anything good though id assume that the people who would use this would not likely be on windows only possibly for testing or if their project is deployed. although i must admit i do find this nslookup for nix machines interesting maybe a follow up article doing more with it?

[BlueFire2k5]

Hmm. Interesting comments in the checkdnsrr() php manual page... Including this one:

Quote:

maybe usefull, a blacklist (DNSBL) check function:

PHP Code:

 <?php 
 function is_blacklisted($ip) { 
     $dnsbl_check=array("bl.spamcop.net", 
                        "relays.osirusoft.com", 
                        "list.dsbl.org", 
                        "sbl.spamhaus.org"); 
     if ($ip) { 
        $quads=explode(".",$ip); 
         $rip=$quads[3].".".$quads[2].".".$quads[1].".".$quads[0]; 
         for ($i=0; $i<count($dnsbl_check); $i++) { 
             if (checkdnsrr($rip.".".$dnsbl_check[$i],"A")) { 
                 $listed.=$dnsbl_check[$i]." "; 
             } 
          } 
        if ($listed) { return $listed; } else { return FALSE; } 
     } 
 } 
 ?>

There could be some use for that + email piping. Your own little free spamchecker.

[bigduke]

I wish the user name could be checked too but then the mail servers enforce restrictions that won't allow you to run the user verification commands on them . Its probably an anti-spam policy.
Wish this article had been written earlier, i wouldn't have had to scratch my head finding an easy non-user-reply-dependent way to verify email addresses.

[1337-Dev]

I don't like it.
Check:
http://ubertr0tt.com/checkdnform.html

I think the code can be improved upon greatly, by check it contains an '@' before splitting, etc. The following didnt get picked up by the code:

- @msn.com, @hotmail.com, etc on thier own. I know the code doesnt check for a username but still..
- iam@smelly.com
- sitepoint@rules.com
- coca@cola.com

The list goes on

Regards,

1337

[1337-Dev]

[color=#f1f1f1]
Function:

PHP Code:

function validate_email($email)
{
// Create the syntactical validation regular expression
$regexp = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$";
// Presume that the email is invalid
$valid = 0;
// Validate the syntax
if (eregi($regexp, $email))
{
     list($username,25/08/2004omaintld) = split("@",$email);
     // Validate the domain
     if (getmxrr(25/08/2004omaintld,$mxrecords))
         $valid = 1;
} else {
     $valid = 0;
}
return $valid;
} 

Then in the code, this is the check:

PHP Code:

if validate_email($email)
{ 
echo 'email is valid'; 
}
else
{ 
echo'email is not valid';
}
[color=#f1f1f1][/color] 

Regards,

1337

[frezno]

Quote:

Originally Posted by 1337-Dev

PHP Code:

$regexp = " ... {2,4})$"; 

should be 2,6 since 6 letter tld is valid (.museum)

[bokehman]

Quote:

Originally Posted by 1337-Dev

[color=#f1f1f1]
Function:

PHP Code:

function validate_email($email)

{

// Create the syntactical validation regular expression

$regexp = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$";

// Presume that the email is invalid

$valid = 0;

// Validate the syntax

if (eregi($regexp, $email))

{

     list($username,25/08/2004omaintld) = split("@",$email);

     // Validate the domain

     if (getmxrr(25/08/2004omaintld,$mxrecords))

         $valid = 1;

} else {

     $valid = 0;

}

return $valid;

} 

Then in the code, this is the check:

PHP Code:

if validate_email($email)

{ 

echo 'email is valid'; 

}

else

{ 

echo'email is not valid';

}

[color=#f1f1f1][/color] 

Regards,

1337

That code is useless. First the REGEX will illiminate lots of legal email addresses. For example 6 figure TLDs are becoming quite common. Also a space and various other characters are legal.

Also you are using getmxrr(). This only checks for an MX record but an MX record is not required for sending email. Reading from the manual 'Note: This function should not be used for the purposes of address verification. Only the mailexchangers found in DNS are returned, however, according to RFC 2821 when no mail exchangers are listed, hostname itself should be used as the only mail exchanger with a priority of 0'. I run a domain for a couple of years with no MX records and only added them because I found people were using this errornous form of email validation.

[bammel]

Can you make such script were I can upload a list of e-mailadresses?

[momos]

The foolproof way is to send a mail to that address?! I you don't get an error-report, the address exists...

[frezno]

sure and the user gets an email saying: "That's just checking the valadity of your address.
You can ignore this mail and you will get another one."

[mark_W]

Quote:

Originally Posted by frezno

sure and the user gets an email saying: "That's just checking the valadity of your address.
You can ignore this mail and you will get another one."

I was thinking that myself, not the best of ideas!

[momos]

If you're asking an email and you're planning to never use it, why would you ask for an email in the first place?

And it would be more something like: "We like to thank you for registering" and even give them a password or something, which gives them the right to exclusive content...

[mark_W]

Quote:

Originally Posted by momos

If you're asking an email and you're planning to never use it, why would you ask for an email in the first place?

And it would be more something like: "We like to thank you for registering" and even give them a password or something, which gives them the right to exclusive content...

Most places you register with ask for an email address and never use it.

[momos]

So why do they need an email-address then?

[dbevfat]

to sell them to spammers >:)

[frezno]

momos, i think we have to dig a little deeper.
Books can be written on validation and on email validation in particular.

My very personal opinion is that all this validation mambo jumbo should be kept very simple.
You cannot proof everything a 100% anyway.
Too often i ran into the situation that a correct entry was refused because of some weired rules.
And that becomes true if you're dealing with different countries where names, zip codes telefon numbers etc vary from country to country substantually.

Back to email validation.
Why one need to provide an email address? To get a newsletter, a confirmation of the purchase at an online shop etc.
So, if i provide a wrong email address intentionally, what sense would that make?
Maybe there's a typo in the address. That may happen. Makes sense for a checking in this case. If the email address is a substantial part of whatever you provide, you can use a confirmation input of it, ie the user has to type it twice (as eg the password).

Anyway, i'm checking just the format of the email address and that's fine with me.
Other people may have other requirements (and of course opinions) and want a much stronger validation.
Just bear in mind: Nothing is bullet proof.
and i'd like to add: Therefore KISS

[momos]

Quote:

Originally Posted by frezno

My very personal opinion is that all this validation mambo jumbo should be kept very simple.
You cannot proof everything a 100% anyway.
Too often i ran into the situation that a correct entry was refused because of some weired rules.

I concur...

Quote:

Originally Posted by frezno

Why one need to provide an email address? To get a newsletter, a confirmation of the purchase at an online shop etc.
So, if i provide a wrong email address intentionally, what sense would that make?

That was exactly the point I was trying to make!

Anyway I do understand that you check the general form(or more) of the email-address; been there done that (http://www.sitepoint.com/forums/showthread.php?t=167372), but as you also said, there is still a possibility that the validation keeps you from entering your - possibly very strange albeit - perfectly valid email.

[bokehman]

The use of checkdnsrr() and getmxrr() for validating email addresses shows a complete lack of knowledge of the pertinent RFC. According to RFC 2821 when no mail exchangers are listed, hostname itself should be used as the only mail exchanger with a priority of 0. This is a configuration I have used many times and in fact the only time an MX record is needed is when the webserver and smtp server are at different IPs.

[bokehman]

Even if you go to the extent of connecting to the remote mailserver and the mailserver agrees to accept mail for that address it still does not prove the address exists, only that the remote server will accept mail for it. The only sure way to know an email is good is to send an email to it containing a token and wait for confirmation.

[expertphp]

PHP Code:

<?php



// path to XPertMailer class

require_once 'XPertMailer.php';



$mail = new XPertMailer;



// optionaly, you can put 2'nd parameter value 'true' to verify MX host

$itis = $mail->is_mail('user@address.net', true);



echo $itis ? "It's true" : "Opps, something wrong";



?>

Enjoy, For more informations, visit: www.xpertmailer.com

[JohnBerlow]

i use this software: http://www.email-unlimited.com/email_verifier.html
or this compontnt: http://www.email-unlimited.com/email...component.html