Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Verifying E-Mail Addresses

From: Jon Hart <jhart () spoofed org>
Date: Tue, 24 Oct 2006 15:42:22 -0700
On Tue, Oct 24, 2006 at 05:02:32PM -0400, Mister Dookie wrote:

Hello list,

Is there a way to verify that an e-mail address
(e.g."johnsmith () company com") is valid and exists or does not exist
(is a fake e-mail address) without actually sending a message to that
address and awaiting the response?


At least with SMTP, there is the VRFY command.  However, this is
oftentimes turned off or configured to always return true.  Worth
a shot, however.

For example, with postfix's disable_vrfy_command turned off:

$  telnet spoofed.org 25           
Trying a.b.c.d..
Connected to spoofed.org.
Escape character is '^]'.
220 mail.spoofed.org ESMTP
vrfy root
252 2.0.0 root
vrfy warchild
252 2.0.0 warchild
vrfy blahblah
550 5.1.1 <blahblah>: Recipient address rejected: User unknown in local
    recipient table

-jon

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: