FAQ 9.17 How do I check a valid mail address?



This message is one of several periodic postings to comp.lang.perl.misc
intended to make it easier for perl programmers to find answers to
common questions. The core of this message represents an excerpt
from the documentation provided with Perl.

--------------------------------------------------------------------

9.17: How do I check a valid mail address?

You can't, at least, not in real time. Bummer, eh?

Without sending mail to the address and seeing whether there's a human
on the other end to answer you, you cannot determine whether a mail
address is valid. Even if you apply the mail header standard, you can
have problems, because there are deliverable addresses that aren't
RFC-822 (the mail header standard) compliant, and addresses that aren't
deliverable which are compliant.

You can use the Email::Valid or RFC::RFC822::Address which check the
format of the address, although they cannot actually tell you if it is a
deliverable address (i.e. that mail to the address will not bounce).
Modules like Mail::CheckUser and Mail::EXPN try to interact with the
domain name system or particular mail servers to learn even more, but
their methods do not work everywhere---especially for security conscious
administrators.

Many are tempted to try to eliminate many frequently-invalid mail
addresses with a simple regex, such as "/^[\w.-]+\@(?:[\w-]+\.)+\w+$/".
It's a very bad idea. However, this also throws out many valid ones, and
says nothing about potential deliverability, so it is not suggested.
Instead, see
http://www.cpan.org/authors/Tom_Christiansen/scripts/ckaddr.gz , which
actually checks against the full RFC spec (except for nested comments),
looks for addresses you may not wish to accept mail to (say, Bill
Clinton or your postmaster), and then makes sure that the hostname given
can be looked up in the DNS MX records. It's not fast, but it works for
what it tries to do.

Our best advice for verifying a person's mail address is to have them
enter their address twice, just as you normally do to change a password.
This usually weeds out typos. If both versions match, send mail to that
address with a personal message that looks somewhat like:

Dear someuser@xxxxxxxx,

Please confirm the mail address you gave us Wed May 6 09:38:41
MDT 1998 by replying to this message. Include the string
"Rumpelstiltskin" in that reply, but spelled in reverse; that is,
start with "Nik...". Once this is done, your confirmed address will
be entered into our records.

If you get the message back and they've followed your directions, you
can be reasonably assured that it's real.

A related strategy that's less open to forgery is to give them a PIN
(personal ID number). Record the address and PIN (best that it be a
random one) for later processing. In the mail you send, ask them to
include the PIN in their reply. But if it bounces, or the message is
included via a "vacation" script, it'll be there anyway. So it's best to
ask them to mail back a slight alteration of the PIN, such as with the
characters reversed, one added or subtracted to each digit, etc.



--------------------------------------------------------------------

Documents such as this have been called "Answers to Frequently
Asked Questions" or FAQ for short. They represent an important
part of the Usenet tradition. They serve to reduce the volume of
redundant traffic on a news group by providing quality answers to
questions that keep coming up.

If you are some how irritated by seeing these postings you are free
to ignore them or add the sender to your killfile. If you find
errors or other problems with these postings please send corrections
or comments to the posting email address or to the maintainers as
directed in the perlfaq manual page.

Note that the FAQ text posted by this server may have been modified
from that distributed in the stable Perl release. It may have been
edited to reflect the additions, changes and corrections provided
by respondents, reviewers, and critics to previous postings of
these FAQ. Complete text of these FAQ are available on request.

The perlfaq manual page contains the following copyright notice.

AUTHOR AND COPYRIGHT

Copyright (c) 1997-2002 Tom Christiansen and Nathan
Torkington, and other contributors as noted. All rights
reserved.

This posting is provided in the hope that it will be useful but
does not represent a commitment or contract of any kind on the part
of the contributers, authors or their agents.
.