Re: Verifying E-Mail Addresses

[Andrew Wheeler <prime_dreamer () yahoo co uk>]

Just a thought O'Reilly have a book "Building wireless community
Networks" and in it they discuss a captive portal system.
When someone connects to the wireless system they are directed to a
Log-in page. I would think you could modify the system to show a code in
a graphic image (like you see when applying for a hotmail account) and
require them to send an email with this code to you before allowing
access to the Internet. This could be automated so you would not need to
validate each user individually.
You would need to allow them to send one email before the system blocks
them. 

The system in the book is called NoCatAuth and the web address in the
book is http://nocat.net the book is dated Jan 2002 and was written by
Rob Flickenger and the ISBN is 0-596-00204-1.


Andrew
----------------------------------------------------------------------
Please note that all emails sent to the prime_dreamer address will NOT
be read just deleted, Reply to the list and I will see it. 
----------------------------------------------------------------------

On Tue, 2006-10-24 at 17:02 -0400, Mister Dookie wrote:
> Hello list,
>
> Is there a way to verify that an e-mail address
> (e.g."johnsmith () company com") is valid and exists or does not exist
> (is a fake e-mail address) without actually sending a message to that
> address and awaiting the response?
>
> Here's why this is a security issue. Our company administers a small
> "municipal-type" 802.11 network where for limited open-access the only
> form of ID we require is an e-mail address and a password. We simple
> don't have the resources to send out e-mails and then have
> verification and so forth. We are trying to prevent users from
> entering fake addresses into our system. We want at least a small
> amount of accountability.
>
> We would like to be able to do a quick check, say query an IMAP, POP3,
> or SMTP and check to see if there is actually an account at that
> address without sending a verification e-mail and waiting for users to
> click on a link or get something that bounces back. Does something
> like that exist?
>
> I do recognize that somebody can enter a valid e-mail address that
> does not belong to them, but we are trying to address one issue at a
> time. At this point we are just trying to prevent people who give us
> "dude () dude com" from getting on to our network.
>
> Thanks,
> John
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence 
> in Information Security. Our program offers unparalleled Infosec management 
> education and the case study affords you unmatched consulting experience. 
> Using interactive e-Learning technology, you can earn this esteemed degree, 
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------