Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

End-to-end Email Address Verification for Applications

0.00/5 (No votes)
19 Mar 2013 141  
In this article, we would discuss a very brief and overall technique to verify the email addresses of the users that signup for a web account.

 Introduction  

Email has become a necessary and inseparable part of our day-to-day life. Even in the web applications we develop, the primary mode of information exchange between the website/application and the user is the email address. For this, some sites have a primary email and a secondary email (if something fails in primary, the information to be communicated to the user would be sent to the secondary address).

In any web portal and/or applications, where a diversified set of users are expected to visit and register, care should be taken, in validating the email address, since this is being intended to serve as the primary medium of contact between the user and the website. 

Scope:  

The scope of this utility is two-pronged:

  1. Soft syntactical validation of email address. 
  2. Deep Network Checking where in the email server is contacted for the existence of the address. 

Validations 

A very preliminary validation of email addresses is by analyzing the pattern of addresses. That is absolutely straight forward and we can define a regular expression to get the job done.

The following regular expression method in C#, would tell you, if the passed email address is syntactically valid or not. Note that, this verifies only syntactical validity and not whether the email address exists or not.

public static bool isEmail(string inputEmail)
{
   inputEmail  = NulltoString(inputEmail);
   string strRegex = @"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" +
         @"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" + 
         @".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$";
   Regex re = new Regex(strRegex);
   if (re.IsMatch(inputEmail))
    return (true);
   else
    return (false);
} 

The next level of validation, we can attempt is to make a negotiation with the SMTP server and validate. Some mail servers respond even to VRFY and/or RCPT SMTP commands as to whether the email address is valid or not. But servers which are very strictly configured of not disclosing non-existing addresses, will always acknowledge any junk addresses in their domain and would bounce them on their own later. We need to tackle each of the following.

Validating via SMTP Network Connection

string[] host = (address.Split('@'));
string hostname = host[1];
     
IPHostEntry IPhst = Dns.Resolve(hostname);
IPEndPoint endPt = new IPEndPoint(IPhst.AddressList[0], 25);
Socket s= new Socket(endPt.AddressFamily, 
        SocketType.Stream,ProtocolType.Tcp);
s.Connect(endPt); 

This step will throw an exception, if the domain is not valid, so that you can flag that the email address is invalid.

Validating via SMTP Handshakes

If the domain was okay, we can try to handshake with the actual server and find out whether the email address is valid or not. Perhaps, at this point, I would like to suggest the way an application used to negotiate to a SMTP server similar to how Peter has explained here (EggHeadCafe). We would not need the entire block of code anyway. 

We can check each section of the SMTP negotiation like MAIL FROM and RCPT TO and optionally VRFY SMTP commands. 

If from domains or from addresses are prohibited or not in the SMTP server's allow list, MAIL FROM may fail. Mail servers which allow VRFY command will let you understand whether the email address is valid or not.

My CodeSection

Since we had a similar requirement, the EggHeadCafe was really useful and I would like to share the code snippet for other users, who might be having a similar requirement.

string[] host = (address.Split('@'));
string hostname = host[1];

IPHostEntry IPhst = Dns.Resolve(hostname);
IPEndPoint endPt = new IPEndPoint(IPhst.AddressList[0], 25);
Socket s= new Socket(endPt.AddressFamily, 
             SocketType.Stream,ProtocolType.Tcp);
s.Connect(endPt);

//Attempting to connect
if(!Check_Response(s, SMTPResponse.CONNECT_SUCCESS))
{                
    s.Close();
    return false;
}

//HELO server
Senddata(s, string.Format("HELO {0}\r\n", Dns.GetHostName() ));
if(!Check_Response(s, SMTPResponse.GENERIC_SUCCESS))
{
    s.Close();
    return false;
}

//Identify yourself
//Servers may resolve your domain and check whether 
//you are listed in BlackLists etc.
Senddata(s, string.Format("MAIL From: {0}\r\n", 
     "testexample@deepak.portland.co.uk"));
if(!Check_Response(s, SMTPResponse.GENERIC_SUCCESS))
{
    s.Close();
    return false;
}


//Attempt Delivery (I can use VRFY, but most 
//SMTP servers only disable it for security reasons)
Senddata(s, address);
if(!Check_Response(s, SMTPResponse.GENERIC_SUCCESS))
{
    s.Close();
    return false;
}
return (true);

Check_Response, SendData are available in the original source code and you can download it from there. But you may need to read through the associated license agreement, regarding retaining copyright notices in your code. Since this is just a code snippet to introduce you to the idea, only relevant code area are being mentioned.

Temporary Validation

All goes well, if network conditions are ok. But there may be temporary network problems preventing connections. If you expect that your host may be slow, then you can send a dummy link to the email address and activate the account only if the user goes to the address and clicks the link. Otherwise, you can stop the account activation step, periodically reclaiming junk accounts by having a scheduled task in your web application. 

DNS Utility: 

Sincere thanks and credit is given to Heijden whose DNS utility is being made use of for looking Mx servers in the application. This provides a cleaner separation of concerns in the application. 

To Summarize...

In fact, I hope a lot of web developers would be in need of similar validation routines, to ensure that the email addresses are valid and I really hope that the above hints would be helpful to them. Thanks Peter, your article really helped me and I hope your article and whatever hints I have been learning, which I have shared above, would really help more developers having similar requirements to solve. 

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here