How to check if an email address exists without sending an email?

We have all been doing email address validation for a very long time to make sure that the email is correctly formatted. This is to avoid users entering wrongly formatted email address but still they can accidentally give us a wrong email address.

Example of a correctly formatted email address but still wrong:

mailbox.does.not.exist@webdigiapps.com [VALID format but does not exist]

Above case specifically happens when you take important customer email on phone and you type in the wrong email. So is there a QUICK solution to really check the email without sending a test message to the user? Yes.

How to test if the email address actually exists

To check if user entered email mailbox.does.not.exist@webdigiapps.com really exists go through the following in command prompt on windows / terminal on mac. The commands you type in are in green and the server response is in blue. Please refer to MAC & PC screenshots towards the end of this post.

Step 1 – Find mail exchanger or mail server of webdigiapps.com

COMMAND:
nslookup -q=mx webdigiapps.com
RESPONSE:
Non-authoritative answer:
webdigiapps.com mail exchanger = 0 mx2.sub3.homie.mail.dreamhost.com.
webdigiapps.com mail exchanger = 0 mx1.sub3.homie.mail.dreamhost.com.

Step 2 – Now we know the mail server address so let us connect to it. You can connect to one of the exchanger addresses in the response from Step 1.

COMMAND:
telnet mx2.sub3.homie.mail.dreamhost.com 25
RESPONSE:
Connected to mx2.sub3.homie.mail.dreamhost.com.
Escape character is ‘^]’.
220 homiemail-mx7.g.dreamhost.com ESMTP

COMMAND:
helo hi
RESPONSE:
250 homiemail-mx8.g.dreamhost.com

COMMAND:
mail from: <youremail@gmail.com>
RESPONSE:
250 2.1.0 Ok

COMMAND:
rcpt to: <mailbox.does.not.exist@webdigiapps.com>
RESPONSE:
550 5.1.1 <mailbox.does.not.exist@webdigiapps.com>: Recipient address rejected: User unknown in virtual alias table

COMMAND:
quit
RESPONSE:
221 2.0.0 Bye

Screenshots – MAC Terminal & Windows

MAC email verification
Windows email verification

NOTES:

1) the 550 response indicates that the email address is not valid and you have caught a valid but wrong email address. This code can be on the server and called on AJAX when user tabs out of the email field.  The entire check will take less than 2 seconds to run and you can make sure that the email is correct.
2) If email was present the server will respond with a 250 instead of 550
3) There are certain servers with a CATCH ALL email and this means all email address are accepted as valid on their servers (RARE but some servers do have this setting).
4) Please do not use this method to continuously to check for availability of gmail / yahoo / msn accounts etc as this may cause your IP to be added to a blacklist.
5) This is to supplement the standard email address javascript validation.

Also read...

Comments

  1. Aleron said on :

    A quick & simple check below can be implemented in most programming language including PHP, Python etc.

    How?

    • php-manual said on :

      A simple fsockopen command in PHP and you can open connection to any SMTP server with port 25.


      $smtp_server = fsockopen("mail.reddit.com", 25, $errno, $errstr, 30);
      fwrite($smtp_server, "HELO hi\r\n");
      fwrite($smtp_server, "MAIL FROM: \r\n");
      fwrite($smtp_server, "RCPT TO: \r\n");

  2. Capt. Sparrow said on :

    I had to use angle brackets <> with gmail. You will have to slightly change your instructions:
    mail from: randomnonexist@gmail.com (with angle brackets)

    Google came back with a long story saying that email address does not exist. Brilliant 🙂

  3. Erhan Hosca said on :

    what if the MX record resolves to an IP of a server thats configured to be a mail relay ?

  4. Stephen Deken said on :

    You could also use VRFY to confirm that the mailbox exists, but it might be the case that that feature has been disabled for security purposes.

  5. Phil said on :

    The HELO line is supposed to contain the fully qualified domain name of the client. Using ‘hi’ for this purpose may result in a rejection before the address can be checked.

    Some mail servers, e.g. Microsoft Exchange, will accept all email for any address and then generate their own bounce if the address is invalid.

  6. Adam Blinkinsop said on :

    In Python, as a module and/or command line tool: gist.github.com/47987

  7. Brendan said on :

    It depends on how your mail server is setup. You can configure your mail server to accept any recipient and forward all mail that doesn’t match a user to a specific account.

  8. Timothy said on :

    Ah, this is really useful. Thanks a bunch!

  9. Fenric said on :

    As Capt. Sparrow mentioned with the Gmail servers, a lot more servers respond more kindly when the commands you send conform with RFC2821.

    Brilliant idea, something to look into more depth. Some issues found during a couple of attempts: Gmail (At least the Google Apps servers) can take around 15 seconds to verify a domain, bit of pain but surely worth it. The larger services, Hotmail, Yahoo ect become tetchy if your servers IP doesn’t get a green light on Spamhaus.org so check your servers IP. HELO HI doesn’t always work but can be overcome with HELO as mentioned by Phil.

  10. Capt. Sparrow said on :

    Did anyone find any servers this trick did not work with yet?

  11. Fenric said on :

    Only testing from my own connection I’ve been unable to carry out the whole process on the Yahoo and Hotmail servers because I’m on a dynamic IP thus blacklisted on Spamhaus.org.

    It’s coming up with a place for this function to take place on a production site. With a lot of servers responding 250 even if the mail box doesn’t exist, then further verification is still required. If you were to request the server with both the requested email and a couple of random hashs, and all requests returned 250 then it’s likely the server is accepting any recipient, in which case you would still have to send a verification email out.

    Still love the idea though, anything to take that extra step out of the users registration process is a good thing.

  12. jessta said on :

    “what if the MX record resolves to an IP of a server thats configured to be a mail relay ?”

    I’m also curious about this. Some mail servers don’t know what is and what isn’t a valid address because their job is to forward the mail to other servers that do know.
    Does this still work in that case?

  13. originalgeek said on :

    The point I think Brendan was trying to make above is that this is not a valid test that works in all situations. You will get a false 550 from some mail servers, if your MAILFROM address is unknown or is ruled to likely be SPAM by their anit-SPAM measures. Conversely, you will get false 250 responses from some servers that are configured as such. Positively acknowledging all email addresses removes a mechanism employed by spammers to discover what email addresses are valid within a domain. In my experience, I have never seen a mail server configured to not provide a positive response on a RCPT TO sent to the domain of the mail server.

  14. anonymous said on :

    This wont work with qmail (although I believe there to be a patch so it can) due to the design. It will accept everything and bounce those that fail. There are positives and negatives for both approaches. The qmail way offers security (inability to probe for valid accounts) but at the cost of more spam as even random addresses seemingly get accepted.

  15. Max said on :

    If you want to check to see if the email address exists, then yes this works. However some people want to check to make sure the email address is valid before they, say — open a telnet session? (This is an action which could, after all, create human-perceivable delays in the app. It is also wholly impractical for servers that would have to repeat this action hundreds of times per second.)

    I am continually shocked that noone knows the correct way of validating an email address in PHP. Here’s the code:

    $email = getUserEmail();
    $emailIsValid = filter_var($email, FILTER_VALIDATE_EMAIL);

    That’s it. It only takes one line to validate an email. It will process emails correctly according to the RFC, which means “Screw you, I’m an ant-eater!”@example.com correctly passes the filter.

  16. harold said on :

    Qmail (and maybe some other mailservers) will always accept mail to any local address, and later bounce that address if it can’t deliver it. It does this partly for speed, and partly it is a side effect of very strict programme design.

  17. David D said on :

    @Brendan
    “It depends on how your mail server is setup. You can configure your mail server to accept any recipient and forward all mail that doesn’t match a user to a specific account.”

    –> Can a mail server (any server such as MS Exchange) allow to forward all mails with the non-existent recipients to a specific account (as you mentioned) AND still return the error 550 5.1.1 as normal ? In other says, does the sender (from gmail for example) receive the error 550 5.1.1 after sending a mail to a mail server (Exchange for example) that has been configured to enable “forward rule” above ?

  18. ev45ive said on :

    There might be a problem for some users as a few SMTP servers have a thing called “SPF”
    ( en.wikipedia.org/wiki/Sender_Policy_Framework ) and after sending MAIL FROM: header it sends bogus like this
    550 SPF Error: Please see spf.pobox.com/why.html
    To ommit this You must set sender email domain to domain on wich script is fired from. Why? Because SPF checks if sender IP is the same as given e-mail domain IP.
    You may try telnet to polish server mx.wp.pl to check it.

    –To work around this you can easily get your IP have a reverse DNS or a PTR record from the ISP for your company domain and you will be good to go.

  19. The IT Juggler said on :

    This solution is great for smaller organisations, but won’t work for larger organisations that use commercial spam and virus filtering services to clean their incoming mail. The MX records get changed to point to the filtering service, which does it’s filtering magic, then forwards the email to the organisations email server.

    In fact, you can setup Exchange to accept and silently delete emails that are destined for non-existent mailboxes. This is a great way to stop dictionary attacks.

  20. Tero Tilus said on :

    I have written a Ruby code following this article. It checks the mailbox using SMTP as mentioned above

    github.com/skillnet/validates_email_with_smtp/tree/master

  21. HM2K said on :

    Validation is a check to ensure it is true to the specification (eg: is the number N digits long?). Not to be confused with verification which is a check to ensure it is correct within the intended system (eg: does the number work when phoned?).

    This is verification, not validation.

  22. Artur Ejsmont said on :

    Interesting idea.

    Seems too hacky for me. Checking the domain name, why not but email verification wont be reliable either way (positive/negative)

    Still i like the idea itself.

  23. George said on :

    Thanks.

    Another way you could do this is actually send the email BUT let the user login as it has already activated his account and catch bounces. If an email of a user bounces then you just mark him as inactive and force him to re-enter a valid email upon login. It requires a bit more on the server side but helps you a great deal and makes the user’s life easier.

  24. John said on :

    Spam filtering, mail forwarding systems, mail relays, MX backup handlers and more will prevent the RCPT check from working in some cases.

    Also as noted above, your HELO is not a FQDN. BUT still the verification works fine in Gmail & Hotmai & few other popular mail services I have just tried.

  25. Pingback: PHP, Web and IT stuff » Blog Archive » Understanding FTP using raw FTP commands and telnet

  26. Pingback: Weekly Digest for May 6th : BorkWeb

  27. Vatar said on :

    There are also several Web Services that can validate an email address.

  28. Ashbind said on :

    Please tell me how to check Email ID existing or not in any domain.
    Thanks in Advance

  29. Unomi said on :

    Hi,

    I’ve used a class in PHP that does just that. I used the base from PHPClasses.org and extended the functionality a bit.

    It searches for MX records and tries them, since some domains have multiple fall-back mechanisms etc. Most of the time it verifies correctly and is therefore reliable enough. I can’t distribute the code for it, since it is used within a company. But it works and indeed doesn’t take more than a second or two for each verification.

    It also checks for valid HELO commands, since this is the first step to be allowed to proceed.

    – Unomi –

  30. Steve said on :

    The “HELO” with just “hi” is screaming for problems. Please use “HELO” and a full qualified hostname and not just “hi”. btw: Be nice with the SMTPD and send a “RSET” command before the “QUIT” command.

    // Steve

  31. Walter Gavurnik said on :

    Thanks for the article. After reading all the solutions to email validation – It seems this is the BEST and most obvious way is to validate the user. With that said, can anyone tell me how to make a BCC with php. I have tried everything and it only sends to my email and not the secondary email. I figure having the user reply to the confirmation proves they want to get the reply from my contact page. Adding BCC to the email headers doesn’t work for some reason. Any help would be apreciated.

  32. Bill Bartmann said on :

    Thanks a million!! This site rocks!

  33. Mary adams said on :

    I want to know if this email address is a valid one, I think I might be being scammed, if not that is good, but i need to know diplomatic@drivehq.com

  34. Sofiane Edhehibi said on :

    Hello,

    can anyone present us the implementation of this solution in VB6 ? (especially how to check if an email adress exist or not in VB 6)

    Thanks,

  35. Alex said on :

    Great, i have tested this on Gmail, yahoo mail and hotmail and it works.

  36. Mr James said on :

    I have added this check as optional to our CRM system. 🙂

  37. Jesen Gao said on :

    Sweet.

    Cheers

  38. Jhon said on :

    Great. Now i can check the email exist or not for that particular domain.

  39. Shivranjani said on :

    530 5.7.0 Must issue a STARTTLS command first. 5sm1835826yxd.35

    I get above exception after mail from: command. – This is for particular email accounts that need a EHLO instead of standard HELO.

  40. Jakes said on :

    Great. Thanks for this.

  41. Carol Mill said on :

    Just checked this to work with Gmail & Yahoo mail accounts. Great thanks for the detailed post.

  42. Alex said on :

    Hi! Can someone show an example with this setup in a form? I don’t really understand what I must do with these scripts to work…. I am beginner, help

  43. Peter Barley said on :

    Slightly diffferent subject but if I join a blog what will the people running the blog be able to tell about me, would they know where I was emailing from for example?

  44. Samuel said on :

    Hi I tried to use this, it worked fine for gmail, and hotmail. Thanks for sharing the code too.

  45. Freddy said on :

    @Alex it is pretty easy to setup. Just download the PHP files in the “SMTP check code in PHP” make sure that it is working by just following the usage example.

    I got it working in a few minutes on my LAMP server.

  46. arnr said on :

    if i want to check vaildate mail by write programme in VB8 , from where i will start

  47. LarryLove said on :

    Hey very nice blog!!….I’m an instant fan, I have bookmarked you and I’ll be checking back on a regular….See ya 🙂

  48. arnr said on :

    don’t mean if the email was right when write or no , i want to check with servier or by domain name if was this email vaildate or no.

  49. phuc said on :

    I have just tested with gmail .It seems it’s not work
    telnet alt2.gmail-smtp-in.l.google.com 25
    220 mx.google.com ESMTP x6si1141525gvf.28
    helo hi
    250 mx.google.com at your service
    mail from: supermanxp2003@yahoo.com
    555 5.5.2 Syntax error. x6si1141525gvf.28
    mail from: supermanxp2003@yahoo.com
    555 5.5.2 Syntax error. x6si1141525gvf.28

    Could you help me .Thanks.Best regards

    • iphp said on :

      You have to use angle brackets with gmail. You will have to slightly change your instructions:
      mail from: <supermanxp2003@yahoo.com> (with angle brackets)

  50. phuc said on :

    Thanks for reply quickly .
    It’s worked well for me for gmail .But i have some problem with yahoo.It required authentication login .
    telnet smtp.mail.yahoo.com 25
    helo hi
    mail from:
    Could help me this one.Thanks
    Best regards

  51. alabama web design said on :

    To be clear, the article here is for advanced email validation to actually check if the user has an account. Before doing this, you have to check if the email is valid. Here is the code to do that, this is the first step that you should do.

    function emailcheck($email) {
    return preg_match(‘/^(?:[\w\!\#\$\%\&\’\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\’\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/’, $email);
    }

  52. somxay said on :

    Thanks for very helpful to replied.It’s also worked well for me for livemail.

  53. Govrav said on :

    This is used now for certain email addresses and especially valid domains that we have for the first time in our database. Works great, thanks for the code.

  54. MLM Software Cochin said on :

    Thank you for the great information. I have been searching for this question and finally got it.

  55. Theo Hubenet said on :

    For all of your peoples information… I see many regular expression checks that do not correctly check the domain extension length, for example the .museum domainname extension length is 6 characters and the minimum length is two:
    function check_email($email) {
    $rx =”^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,8})$”;
    return eregi($rx,$email);
    }

  56. keith said on :

    In real terms the function:
    $emailIsValid = filter_var($email, FILTER_VALIDATE_EMAIL);

    doesnt work (does what is says on the tin but doesnt ‘check). This will allow anything that sits within standard. That means that anything that is correctly formatted will go through, doesnt have to be an actual valid address. For example xxx@staleproperty.com.uk will go through, it is valid because the RFC defines this as ok (allowing for future growth in the standard) but the reality is it is not valid because ‘.com.uk’ is not a valid base domain.

  57. jitin dhingra said on :

    Hello Everyone,

    I want to validate my bunch of email addresses, some free softwares can validate only max 50 email id’s at one go and takes time for validation. Can any one of you tell me if you have any such software which is available free and validate my email ids, your support will be appreciated. thanks a bunch in advance.

  58. babor_7uiu said on :

    Thanks for sharing. It’s important information for SEO people.

  59. Christian said on :

    One again, your idea is very

    good.thank you!very much.

  60. Nick said on :

    I’ve just had an odd situation. I was buying an Apple product through Apple Finance (Barclays Bank). The tool they use to process the application validates the email address before accepting it. It failed to validate my email address on harper.org.uk and it also failed to validate my google mail address. I’ve also had issue with other companies attempting to validate email addresses and this validation failing for these two domains, particularly Vodafone’s Blackberry servers and an electronic magazine that I have attempted to subscribe to. There appears to be a common problem out there with email validation.

  61. r.davison said on :

    nick 9th june is so right I am always having this problem

  62. MySQL programmer said on :

    This is nice posting. Its helping to many friends say to me.
    Doing good..

    Thanks a lot..!

  63. tim said on :

    Well…. this is a nice feature to have. Though you should only use it to hint the user to pay extra close attention to their input. As this method of validation is not failsafe, you should only indicate a possibly incorrect email address, and not blocking the user from using it anyway.

  64. shaila said on :

    i got an error when run the script (Class ‘SMTP_validateEmail’ not found in D:\xampp\htdocs\mac\checkemailexamplephp.php on line 8)

    please help

  65. meenakshi said on :

    Hi ,
    Is there a way to check in .NET (C#) whether the email entered by the user actually exists or not.
    I am using the SMTPclient. Or is there a way where we can check that the email was actually sent to the email address.
    Any help would be greatly appreciated.

    Thanks,
    Meenakshi

  66. Pingback: CAP Marketer - How to check if an email address exists without sending an email?

  67. K0Mail said on :

    tanks

  68. Pingback: How to check if an email address exists without sending an email? — HTMLCoderHelper.com

  69. Daniel said on :

    Before you check the validity of your email, you can also check the validity of the domain. In PHP:
    $domain = explode(‘@’, $_POST[’email’]);
    if (!checkdnsrr($domain[1]))

    http://php.net/manual/en/function.checkdnsrr.php

  70. Pooja Rai said on :

    please verify this id………

Comments are closed.