PHP on Linux server - how to verify that email address is real

Question

I have a PHP script on a Linux server that needs to determine whether an email address is real or fake.

I'm trying to use telnet for this, launched from an expect script, but it's not working.

The PHP script usage would be:

$retVal = shell_exec( "./atelnet.sh mailserver.net fake@example.com" ) ;

Any help would be appreciated, or a better approach altogether.

Thank you.

Here's what I have so far:

#!/usr/bin/expect
#
# name: atelnet.sh
# usage from php: 
# $retVal = shell_exec( "./atelnet.sh mailserver.net fake@example.com" ) ;
#
# if goes wrong, the script will timeout in 20 seconds
set timeout 20

# first argument assigned to the variable "server"
set server [lindex $argv 0]

# second argument assigned to the variable "emailaddress"
set emailaddress [lindex $argv 1]

# spawn telnet and connect to variable "server" on port 25
spawn telnet $server 25

# script expects "220 ..." telnet from server, telnet login ok response
# actual response looks like: 
# "220 mx.server.com ESMTP ni10si2925797obc.73 - gsmtp"
# or
# "220-host.server.com ESMTP Fri, 22 Mar 2013 01:48:03 -0000"
expect "220"

# script sends initial handshake greeting
send "HELO"

# script expects "250 ..." telnet from server, at-your-service ok response
# actual response looks like: 
# "250 mx.server.com at your service"
# or
# "250 host.server.com Hello host.server.com [111.222.333.444]"
expect "250"

# script sends from: email address (any address is fine)
send "mail from:<a@b.com>"

# script expects "250 ..." telnet from server, ok acknowledgement of from:email
# actual response looks like: 
# "250 2.1.0 OK v16si1294229qct.125 - gsmtp"
# or
# "250 OK"
expect "250"

# script sends query to the email address being tested
# PHP string cat syntax doesn't work !!!
# HOW ???
send "rcpt to:<" . $emailaddress . ">"

# script expects one of these:
# fake: "550-5.1.1 The email account that you tried to reach does not exist."
# or
# true: "250 Accepted"

# log server's response to file. HOW ???

EDIT:

I'm adding below my PHP socket code, which doesn't seem to work:

$smtp_server = fsockopen( $mx_hostname, 25, $errno, $errstr, 30 ) ;
$ret1 = fwrite( $smtp_server, "helo hi\r\n" ) ;
$ret2 = fwrite( $smtp_server, "mail from: <a@b.org>\r\n" ) ;
$ret3 = fwrite( $smtp_server, "rcpt to: <" . $unk_email_address. ">\r\n" ) ;

Any ideas on this code would be welcomed as well.

Thank you.

Answer 1

I can see the intended usage but I would say that it is a little bit of an overkill to actually connect and initiate a handshake with the recipient mail server. Especially since there are still no guarantees that it means the user exists.

You should check for an MX record before this stage, see getmxrr
Assuming you already checked validated it as a valid e-mail string I would say combining that with the additional MX lookup is enough.

If you still want to do it I would implement it using PHP sockets instead of telnet. Maybe even using the expect extension since you already started that path.

Other ideas could be to have Facebook and Google oauth login on your website if it is related to higher quality user sign up

Answer 2

There is no point trying to invent wheel.

Check for example: Zend_Validate_EmailAddress

You can even validate hostname and mx record

$validator = new Zend_Validate_EmailAddress(
    array(
        'allow' => Zend_Validate_Hostname::ALLOW_DNS,
        'mx'    => true
    )
);

and by validating existing domain and email address format I would say it should be enough.

Answer 3

You can use PHP Filters to validate an E-mail:

http://php.net/manual/en/filter.filters.validate.php

$email_a = 'user@example.com';


if (filter_var($email_a, FILTER_VALIDATE_EMAIL)) {
    echo "This (email_a) email address is considered valid.";
}