ANSWERS: 1
-
A very preliminary validation of email addresses is by analyzing the pattern of addresses. That is absolutely straight forward and we can define a regular expression to get the job done. The following regular expression method in C#, would tell you, if the passed email address is syntactically valid or not. Note that, this verifies only syntactical validity and not whether the email address exists or not. public static bool isEmail(string inputEmail) { inputEmail = NulltoString(inputEmail); string strRegex = @"^([a-zA-Z0-9_-.]+)@(([[0-9]{1,3}" + @".[0-9]{1,3}.[0-9]{1,3}.)|(([a-zA-Z0-9-]+" + @".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(]?)$"; Regex re = new Regex(strRegex); if (re.IsMatch(inputEmail)) return (true); else return (false); } The next level of validation, we can attempt is to make a negotiation with the SMTP server and validate. Some mail servers respond even to VRFY and/or RCPT SMTP commands as to whether the email address is valid or not. But servers which are very strictly configured of not disclosing non-existing addresses, will always acknowledge any junk addresses in their domain and would bounce them on their own later. We need to tackle each of the following. Validating via SMTP Network Connection string[] host = (address.Split('@')); string hostname = host[1]; IPHostEntry IPhst = Dns.Resolve(hostname); IPEndPoint endPt = new IPEndPoint(IPhst.AddressList[0], 25); Socket s= new Socket(endPt.AddressFamily, SocketType.Stream,ProtocolType.Tcp); s.Connect(endPt); This step will throw an exception, if the domain is not valid, so that you can flag that the email address is invalid. Validating via SMTP Handshakes If the domain was okay, we can try to handshake with the actual server and find out whether the email address is valid or not. Perhaps, at this point, I would like to suggest the way an application used to negotiate to a SMTP server similar to how Peter has explained here (EggHeadCafe). We would not need the entire block of code anyway. We can check each section of the SMTP negotiation like MAIL FROM and RCPT TO and optionally VRFY SMTP commands. Perhaps a descriptive SMTP command list is available here. If from domains or from addresses are prohibited or not in the SMTP server's allow list, MAIL FROM may fail. Mail servers which allow VRFY command will let you understand whether the email address is valid or not. My CodeSection Since we had a similar requirement, the EggHeadCafe was really useful and I would like to share the code snippet for other users, who might be having a similar requirement. Collapse string[] host = (address.Split('@')); string hostname = host[1]; IPHostEntry IPhst = Dns.Resolve(hostname); IPEndPoint endPt = new IPEndPoint(IPhst.AddressList[0], 25); Socket s= new Socket(endPt.AddressFamily, SocketType.Stream,ProtocolType.Tcp); s.Connect(endPt); //Attempting to connect if(!Check_Response(s, SMTPResponse.CONNECT_SUCCESS)) { s.Close(); return false; } //HELO server Senddata(s, string.Format("HELO {0}rn", Dns.GetHostName() )); if(!Check_Response(s, SMTPResponse.GENERIC_SUCCESS)) { s.Close(); return false; } //Identify yourself //Servers may resolve your domain and check whether //you are listed in BlackLists etc. Senddata(s, string.Format("MAIL From: {0}rn", "[email protected]")); if(!Check_Response(s, SMTPResponse.GENERIC_SUCCESS)) { s.Close(); return false; } //Attempt Delivery (I can use VRFY, but most //SMTP servers only disable it for security reasons) Senddata(s, address); if(!Check_Response(s, SMTPResponse.GENERIC_SUCCESS)) { s.Close(); return false; } return (true); Check_Response, SendData are available in the original source code and you can download it from there. But you may need to read through the associated license agreement, regarding retaining copyright notices in your code. Since this is just a code snippet to introduce you to the idea, only relevant code area are being mentioned. Temporary Validation All goes well, if network conditions are ok. But there may be temporary network problems preventing connections. If you expect that your host may be slow, then you can send a dummy link to the email address and activate the account only if the user goes to the address and clicks the link. Otherwise, you can stop the account activation step, periodically reclaiming junk accounts by having a scheduled task in your web application.
Copyright 2023, Wired Ivy, LLC