I’m sure someone has already done this, but I want to try writing from scratch something that will use AJaX to lookup an email address via MX record to verify that the address exists and isn’t just garbage that someone has entered to get past validation.
I’ve been Google-ing for looking up MX records with JavaScript, and I keep finding sites that just have an input for you to check the existence of an email address, but no sample code, no indication of how to do it.
Can anyone help with how to get an MX record of a domain? I’m sure once I know that, I can write the AJaX code for it.
That’s an interesting question. I did a little searching myself and couldn’t find any JS-only solutions. You could always use AJAX to check an email address via one of these MX lookup pages that exist, but you might be violating the terms of use by submitting addresses programatically.
If you have PHP available on your server, you could do the checking in the background server-side and return the result to your JS. There’s an interesting article here, which includes some code.
Thanks for your reply. That article definitely might help. We don’t use PHP, here, we are a ColdFusion shop. But I think that I might be able to retrofit the example. This is (I think, from a cursory glance) exactly what I was looking for. Thanks!
V/r,
UPDATE: Unfortunately, github is blocked by our network admins. I can’t view it, here, but I can look at it from home and email sample code to my work address. Again, thank you for the link.
Upon further review, I cannot retrofit the code into a workable CF version. It’s using proprietary PHP functions. But I do appreciate fretburner’s input.
If anyone has any suggestions on how I can make a JS/jQuery version (or even a -gasp- MooTools version), please advise.
I don’t know if it’ll be any help, but I implemented a similar system in Ruby (Rails) a couple of years back.
It used the resolv library to look for MX records at the domain.
I could give you more details about that if you like.
Thank you, Pullo. I know of a DNS server to use for the query (Google’s 8.8.8.8), and can manually create the XHR so no libraries will be required. I guess all I need to know is what to either POST or GET to the DNS server (and which script) in order to do the HELO, etc.
require 'resolv'
class Account < ActiveRecord::Base
EMAIL_PATTERN = /(\\S+)@(\\S+)/
SERVER_TIMEOUT = 3 # seconds45. VALIDATE E-MAIL ADDRESSES 230
def valid_domain?(email)
domain = email.match(EMAIL_PATTERN)[2]
dns = Resolv::DNS.new
Timeout::timeout(SERVER_TIMEOUT) do
# Check the MX records
mx_records = dns.getresources(domain, Resolv::DNS::Resource::IN::MX)
mx_records.sort_by {|mx| mx.preference}.each do |mx|
a_records = dns.getresources(mx.exchange.to_s, Resolv::DNS::Resource::IN::A)
return true if a_records.any?
end
# Try a straight A record
a_records = dns.getresources(domain, Resolv::DNS::Resource::IN::A)
a_records.any?
end
rescue Timeout::Error, Errno::ECONNREFUSED
false
end
end
Thanks for posting the code, Pullo. Unfortunately, like PHP it’s using a lot of proprietary functions, so I can’t reverse-engineer it to CF.
I know the steps to take, I just don’t have knowledge of what script to send a GET or POST scope to in order to retrieve a yay/nay in XML, WSDL, or JSON format. Everything else, I think I can do from scratch.
Yeah, I did run across that in my searches. The “paid for service” bit turned me off to it, though. I’ve found a CF solution that uses webservicex.net, but am unsure of how to query it.
If it were that easy to detect valid email addresses then all the spammers would be using it to ensure that they don’t waste time sending spam to non existant addresses.
Presumably all of the email addresses you tried have the necessary security implemented to prevent spammers being able to easily determine that it is a valid address.
I think it must be something to do with that particular service, as I had the same result for the addresses I tried. This site, however, did validate those same addresses, so it seems unlikely that it’s anything to do with security measures.
Yikes… they do have an API, which is cool… but you have to be a registered user, and the username/password is passed in the URL, open to anyone clever enough to intercept the transmission, even if encrypted.