Verify a User’s Email Address Using PHP

We’ve all seen it happen.

You put up a registration page on your site, hoping that visitors will leave you their email addresses so that you can stay in touch with them when you’ve got a new product for sale. Or a new tutorial that they might be interested in. Or you want to send them some "information from carefully screened third parties with whom we maintain a strategic relationship." Or maybe you want something in return before you give them that valuable whitepaper that you spent two months completing.

Whatever the reason, you happily construct your registration page, set up a database table to track the incoming email addresses, and publish it live. And sure enough, the registrations start coming in.

To mickey@mouse.com. And donald@duck.com. And emailthis@hahaha.com. You get the idea — users are registering with bogus email addresses at domains that don’t even exist. Not only are you going to be sending mail to nonexistent addresses, but they clutter up your database and cause maintenance headaches because they need to be cleaned out.

Make Sure They’re at Least Real

One way to help address this problem is to make sure that a user’s email address actually corresponds to a real email domain. Using PHP, you can check the domain registration records to see if the domain a user submitted to your site is real. To do this, we’ll use PHP’s checkdnsrr function.

The checkdnsrr function looks up the dns record for a given type, and a given host. It has this format:

int checkdnsrr(string host [,string type]);

This PHP function checks the DNS records for the given host to see if there are any records of the specified type. Note that the type parameter is optional, and if you don’t supply it then the type defaults to "MX" (which means Mail Exchange). If any records are found, the function returns TRUE. Otherwise, it returns FALSE.

To use this function, you submit a potential email address to it and check the result, as shown below:

// take a given email address and split it into the  
username and domain.
list($userName, $mailDomain) = split("@", $email);
if (checkdnsrr($mailDomain, "MX")) {
 // this is a valid email domain!
}
else {
 // this email domain doesn't exist! bad dog! no biscuit!
}

The code above takes a string of the form "username@emaildomain.com" and checks to see if the domain is real. First, the code calls the split() function to split the email string into "username" and "emaildomain.com", as we’re only interested in the domain.

Once we’ve got the domain, the code calls checkdnsrr, with the domain string and "MX" as the arguments. The second argument tells checkdnsrr what type of DNS record to look for. As we’re interested only in whether the given domain can handle email, we use the "MX" argument, which means "look for the Mail Exchange record."

If the checkdnsrr function returns TRUE, then we know we’ve got a valid email domain (but not necessarily a valid user name). If the function returns FALSE, then the email domain given is invalid.

Gotcha! – checkdnsrr Doesn’t Do Windows (Yet)

There’s one small problem, however, if you’re using PHP on a Windows server. The checkdnsrr function is not implemented on the Windows platform, so if you’re going to deploy this code on a Windows-based machine, you’ll need to do some extra work yourself.

The way to get around this problem is to write your own version of checkdnsrr. We’ll call our version myCheckDNSRR, the code for which is as follows:

function myCheckDNSRR($hostName, $recType = '') 
{
 if(!empty($hostName)) {
   if( $recType == '' ) $recType = "MX";
   exec("nslookup -type=$recType $hostName", $result);
   // check each line to find the one that starts with the host
   // name. If it exists then the function succeeded.
   foreach ($result as $line) {
     if(eregi("^$hostName",$line)) {
       return true;
     }
   }
   // otherwise there was no mail handler for the domain
   return false;
 }
 return false;
}

Our version of the checkdnsrr function works by taking advantage of a system call that’s available in Windows called nslookup, which performs essentially the same function. To call the nslookup function, our code uses PHP’s exec function, which executes a system command. It returns the result of the command as an array of strings in the $result parameter.

When the nslookup function successfully finds an entry for the given domain, the output will look something like this:

Server: o1-sjc-ns1.o1.com 
Address: 66.81.7.158
joemarini.com MX preference = 0, mail exchanger = smtp.joemarini.com

To determine whether a mail handler for the domain exists, the function loops through each line of the output in search of the line that starts with the given host name. If such a line is found, then the function returns TRUE, otherwise it returns FALSE.

Conclusion

While there’s no foolproof way to make sure a user isn’t giving you a completely bogus email address, you can at least help cut down on the problem by making sure that email addresses your site is given at least correspond to a real domain. Using PHP’s checkdnsrr function, you can look up the registration record for a given domain and see if it’s a real domain before saving away a user’s email address.

Download the code for this article.

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

No Reader comments

Comments on this post are closed.