Introduction
Email has become a necessary and inseparable part of our day-to-day life. Even in the web applications we develop, the primary mode of information exchange between the website/application and the user is the email address. For this, some sites have a primary email and a secondary email (if something fails in primary, the information to be communicated to the user would be sent to the secondary address).
In any web portal and/or applications, where a diversified set of users are expected to visit and register, care should be taken, in validating the email address, since this is being intended to serve as the primary medium of contact between the user and the website.
Scope:
The scope of this utility is two-pronged:
- Soft syntactical validation of email address.
- Deep Network Checking where in the email server is contacted for the existence of the address.
Validations
A very preliminary validation of email addresses is by analyzing the pattern of addresses. That is absolutely straight forward and we can define a regular expression to get the job done.
The following regular expression method in C#, would tell you, if the passed email address is syntactically valid or not. Note that, this verifies only syntactical validity and not whether the email address exists or not.
public static bool isEmail(string inputEmail)
{
inputEmail = NulltoString(inputEmail);
string strRegex = @"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" +
@"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" +
@".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$";
Regex re = new Regex(strRegex);
if (re.IsMatch(inputEmail))
return (true);
else
return (false);
}
The next level of validation, we can attempt is to make a negotiation with the SMTP server and validate. Some mail servers respond even to VRFY and/or RCPT SMTP commands as to whether the email address is valid or not. But servers which are very strictly configured of not disclosing non-existing addresses, will always acknowledge any junk addresses in their domain and would bounce them on their own later. We need to tackle each of the following.
Validating via SMTP Network Connection
string[] host = (address.Split('@'));
string hostname = host[1];
IPHostEntry IPhst = Dns.Resolve(hostname);
IPEndPoint endPt = new IPEndPoint(IPhst.AddressList[0], 25);
Socket s= new Socket(endPt.AddressFamily,
SocketType.Stream,ProtocolType.Tcp);
s.Connect(endPt);
This step will throw an exception, if the domain is not valid, so that you can flag that the email address is invalid.
Validating via SMTP Handshakes
If the domain was okay, we can try to handshake with the actual server and find out whether the email address is valid or not. Perhaps, at this point, I would like to suggest the way an application used to negotiate to a SMTP server similar to how Peter has explained here (EggHeadCafe). We would not need the entire block of code anyway.
We can check each section of the SMTP negotiation like MAIL FROM and RCPT TO and optionally VRFY SMTP commands.
If from domains or from addresses are prohibited or not in the SMTP server's allow list, MAIL FROM may fail. Mail servers which allow VRFY command will let you understand whether the email address is valid or not.
My CodeSection
Since we had a similar requirement, the EggHeadCafe was really useful and I would like to share the code snippet for other users, who might be having a similar requirement.
string[] host = (address.Split('@'));
string hostname = host[1];
IPHostEntry IPhst = Dns.Resolve(hostname);
IPEndPoint endPt = new IPEndPoint(IPhst.AddressList[0], 25);
Socket s= new Socket(endPt.AddressFamily,
SocketType.Stream,ProtocolType.Tcp);
s.Connect(endPt);
if(!Check_Response(s, SMTPResponse.CONNECT_SUCCESS))
{
s.Close();
return false;
}
Senddata(s, string.Format("HELO {0}\r\n", Dns.GetHostName() ));
if(!Check_Response(s, SMTPResponse.GENERIC_SUCCESS))
{
s.Close();
return false;
}
Senddata(s, string.Format("MAIL From: {0}\r\n",
"testexample@deepak.portland.co.uk"));
if(!Check_Response(s, SMTPResponse.GENERIC_SUCCESS))
{
s.Close();
return false;
}
Senddata(s, address);
if(!Check_Response(s, SMTPResponse.GENERIC_SUCCESS))
{
s.Close();
return false;
}
return (true);
Check_Response
, SendData
are available in the original source code and you can download it from there. But you may need to read through the associated license agreement, regarding retaining copyright notices in your code. Since this is just a code snippet to introduce you to the idea, only relevant code area are being mentioned.
Temporary Validation
All goes well, if network conditions are ok. But there may be temporary network problems preventing connections. If you expect that your host may be slow, then you can send a dummy link to the email address and activate the account only if the user goes to the address and clicks the link. Otherwise, you can stop the account activation step, periodically reclaiming junk accounts by having a scheduled task in your web application.
DNS Utility:
Sincere thanks and credit is given to Heijden whose DNS utility is being made use of for looking Mx servers in the application. This provides a cleaner separation of concerns in the application.
To Summarize...
In fact, I hope a lot of web developers would be in need of similar validation routines, to ensure that the email addresses are valid and I really hope that the above hints would be helpful to them. Thanks Peter, your article really helped me and I hope your article and whatever hints I have been learning, which I have shared above, would really help more developers having similar requirements to solve.