On Wed, Mar 15, 2006 at 04:35:50PM -0500, Brandon K. wrote:
I remember seeing a PHP script a while back that would actually
initiate a SMTP connection to the host to verify if the address was
correct. I thought that was a pretty cool trick to actually verify
It’s not possible to verify that an email address “actually exists”.
There are lots of reasons for this, all to do with SMTP server
delivery behaviour, DNS failure and so on.
In any case, the AUP of many hosting services requires email
communications with customers to be double-opt-in, because if you’re not
allowing the user to confirm that they want to receive email from your
app, it’s spam, and the ISP might get blacklisted. Plus I believe there
are some laws governing this sort of thing in many jurisdictions.
So, when a user enters an email address into your app, that you intend
to use for sending messages later, you should :-
- Send a message to them that they need to reply to
- (Decide how hard you will try to deliver if there are problems.
Many people give up on the first failure, which is reasonable)
- Wait for the reply, and change their status to ‘verified’
This is supposed to help you verify that the user really wants mail at
that address – which can eliminate the problem of someone using another
person’s email address, either by accident of maliciusly.
If the only thing you intend to use the email address for is something
like lost password announcements, then don’t bother checking too hard.
Make sure that you give them some other mechanism for recovering account
access – like custom answers to questions, or direct contact with the