How easy is it to verify that an email address is valid in PHP?

Question

Given an email address, how can I verify that it is valid? (That the email's domain will accept email for that address.)

How would this look in PHP?

Note: I don't want to verfify that the email address itself is syntactically valid. I want to know whether the domain will accept email to that address.

I would have thought there was some way to do this with an MX record or something...

MX records give the location of the mail server .. not of each user/address. — Tyler Carter, May 15 '10 at 03:59
Okay. I don't really know much about this... hence my question. — Nathan Osman, May 15 '10 at 04:00

score 4 · Accepted Answer · answered May 15 '10 at 04:33

I think your only options would be the SMTP RCPT TO or VRFY commands.

RCPT TO could be a way to check, as long as you disconnect after issuing it. However not all servers will boot you if the account doesn't exist(uce prevention, catch-all addresses, etc...).

VRFY can tell you if an account exists on that server, but this is almost always disabled to prevent account probes.

A PHP class that does RCPT TO verification(among other methods) is: http://code.google.com/p/php-smtp-email-validation/

Thank you! This is more what I'm looking for. – Nathan Osman May 15 '10 at 04:43 — Nathan Osman, May 15 '10 at 04:43

score 2 · Answer 2 · answered May 15 '10 at 03:47

2

Since you specifically state

That the email's domain will accept email for that address.

no regular expression is going to help you. The only way to verify that is to try to send an email to the address and see if it bounces. Even so, you could get false positives, since the mail server may not send out failure notifications.

Sending a basic email like this with PHP is reasonably simple; check out the documentation for the mail() function here.

answered May 15 '10 at 03:47

Syntactic

10,721
3
25
25

Well, I don't really need regular expressions. (I never mentioned it anywhere.) So what you're saying is check the return value of `mail()` to see if the message was successfully accepted for delivery? – Nathan Osman May 15 '10 at 03:50
I know how to send email with `mail()`. I want to know how to verify an address. – Nathan Osman May 15 '10 at 03:55
Yeah, my comment about regular expressions was more a reaction to another answer than to your question. The return value of `mail()` will tell you whether the delivery was successful at this time, though in practice this may not be a very good indication of whether the email address actually exists. Unfortunately, the nature of how email works makes this a difficult task. – Syntactic May 15 '10 at 03:56
I know. I guess the return value is good enough for now. Probably the only other option is a beacon or something. – Nathan Osman May 15 '10 at 04:01

Tyler Carter · Answer 3 · 2010-05-15T03:51:12.753

You can't actually check if the server will accept it. Mail server's don't have an API to handle that.

There used to be a script that attempted to connect to the MX server, and looked for some sort of response from the server that indicated that it wanted a password, instead of just rejecting it as a not-in-use mailbox. This however is very bad practice.

The only thing you can pretty much do is to check for a valid email address, and hope for the best:

http://www.linuxjournal.com/article/9585

That is one of the tutorials that actually follow the standards in the RFC.

/**
Validate an email address.
Provide email address (raw input)
Returns true if the email address has the email 
address format and the domain exists.
*/
function validEmail($email)
{
   $isValid = true;
   $atIndex = strrpos($email, "@");
   if (is_bool($atIndex) && !$atIndex)
   {
      $isValid = false;
   }
   else
   {
      $domain = substr($email, $atIndex+1);
      $local = substr($email, 0, $atIndex);
      $localLen = strlen($local);
      $domainLen = strlen($domain);
      if ($localLen < 1 || $localLen > 64)
      {
         // local part length exceeded
         $isValid = false;
      }
      else if ($domainLen < 1 || $domainLen > 255)
      {
         // domain part length exceeded
         $isValid = false;
      }
      else if ($local[0] == '.' || $local[$localLen-1] == '.')
      {
         // local part starts or ends with '.'
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $local))
      {
         // local part has two consecutive dots
         $isValid = false;
      }
      else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
      {
         // character not valid in domain part
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $domain))
      {
         // domain part has two consecutive dots
         $isValid = false;
      }
      else if
(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
                 str_replace("\\\\","",$local)))
      {
         // character not valid in local part unless 
         // local part is quoted
         if (!preg_match('/^"(\\\\"|[^"])+"$/',
             str_replace("\\\\","",$local)))
         {
            $isValid = false;
         }
      }
      if ($isValid && !(checkdnsrr($domain,"MX") || 
 ↪checkdnsrr($domain,"A")))
      {
         // domain not found in DNS
         $isValid = false;
      }
   }
   return $isValid;
}

In the way of making sure that an email is able to be delivered, validations is about as good as you are going to get.

No, no. I don't want to *validate* the email address, I want to *verify* it. (Make sure that the domain will accept emails sent to it.) — Nathan Osman, May 15 '10 at 03:47
I'm not sure this what the OP asked. I got the impression that the question is about checking if the server will accept mail with the address given. Although it does need clarification. — Jakub Hampl, May 15 '10 at 03:47
Of course, I can always check to see if the delivery was successful. (Like the server accepted the message.) — Nathan Osman, May 15 '10 at 03:56

Mauricio Scheffer · Answer 4 · 2010-05-15T04:00:58.517

1

How easy is it to verify that an email address is valid?

Not easy at all. Take a look at Dominic Sayers' email validation in PHP, possibly the most complete email validation library in any language. It also includes DNS checking.

Also see this related article from Jeff Atwood about the checks required to guarantee email arrival.

edited May 15 '10 at 04:00

answered May 15 '10 at 03:53

Mauricio Scheffer

98,863
23
192
275

Can you point me to the relevant portion that does the DNS checking? I couldn't find it. – Nathan Osman May 15 '10 at 03:59
@George Edison: search for 'checkDNS' in the page, it's buried in the comments. – Mauricio Scheffer May 15 '10 at 04:02

score 0 · Answer 5 · answered May 15 '10 at 03:50

An e-mail being (syntactically) valid is not the same as it accepting e-mails. In order to check whether the domain will accept e-mail you have to try sending an e-mail directly to the MX, but even then, if it is accept by the SMTP server, you are not guaranteed it will not be rejected afterwards, i.e. a non delivery report will be sent. And the SMTP server will probably reject your e-mail if you are on a dynamic pool of addresses or have no DNS reverse

score 0 · Answer 6 · answered May 15 '10 at 04:10

Just thought I'd mention that PHP has a built-in function getmxrr() that retrieves the MX record from a domain.

How this is useful, I don't know... On the page it states:

This function should not be used for the purposes of address verification.

So its use is limited to verifying that a domain even has a mailserver.

score -1 · Answer 7 · answered May 15 '10 at 03:55

-1

If you are using PHP 5.2.x, now there is not need to use custom validation functions. PHP comes with a built in function

answered May 15 '10 at 03:55

Gabriel Sosa

7,897
4
38
48

Please read the question - this is not what I'm looking for. – Nathan Osman May 15 '10 at 03:57

How easy is it to verify that an email address is valid in PHP?

7 Answers7