Security Basics mailing list archives
Re: Verifying E-Mail Addresses
From: nick <nick () mobilia it>
Date: Wed, 25 Oct 2006 10:30:05 +0200
Mister Dookie wrote:
Hello list, Is there a way to verify that an e-mail address (e.g."johnsmith () company com") is valid and exists or does not exist (is a fake e-mail address) without actually sending a message to that address and awaiting the response? Here's why this is a security issue. Our company administers a small "municipal-type" 802.11 network where for limited open-access the only form of ID we require is an e-mail address and a password. We simple don't have the resources to send out e-mails and then have verification and so forth. We are trying to prevent users from entering fake addresses into our system. We want at least a small amount of accountability. We would like to be able to do a quick check, say query an IMAP, POP3, or SMTP and check to see if there is actually an account at that address without sending a verification e-mail and waiting for users to click on a link or get something that bounces back. Does something like that exist? I do recognize that somebody can enter a valid e-mail address that does not belong to them, but we are trying to address one issue at a time. At this point we are just trying to prevent people who give us "dude () dude com" from getting on to our network. Thanks, John
Verifying the @domain.tld part wouldn't be too difficult, you could just do a simple dns lookup and see if there is an MX record for that domain, so no email necessary for that. To see if what comes before the @ exists though, you need to make an smtp connection to the mailserver, and see if it will accept a to: for that particular address (which isn't always a guarantee, if the mail server has a catchall), you could even drop the connection after getting a confermation from the server (though you might annoy a few sysadmins).
The easiest solution would be to send an email though, IMHO. Nick --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Verifying E-Mail Addresses Mister Dookie (Oct 24)
- Re: Verifying E-Mail Addresses Shane Warner (Oct 25)
- RE: Verifying E-Mail Addresses Oyesanya, Femi (Oct 25)
- Re: Verifying E-Mail Addresses Jon Hart (Oct 25)
- Re: Verifying E-Mail Addresses Martin Knafve (Oct 25)
- Re: Verifying E-Mail Addresses Saqib Ali (Oct 25)
- Re: Verifying E-Mail Addresses MaddHatter (Oct 25)
- RE: Verifying E-Mail Addresses Roger A. Grimes (Oct 25)
- Re: Verifying E-Mail Addresses Kurtis Miller (Oct 25)
- Re: Verifying E-Mail Addresses nick (Oct 25)
- Re: Verifying E-Mail Addresses Ansgar -59cobalt- Wiechers (Oct 25)
- Re: Verifying E-Mail Addresses Dave Ockwell-Jenner (Oct 25)
- Re: Verifying E-Mail Addresses Robert Inder (Oct 27)
- Re: Verifying E-Mail Addresses Roman Shirokov (Oct 27)
- Re: Verifying E-Mail Addresses Matt Lye (Oct 27)
- <Possible follow-ups>
- RE: Verifying E-Mail Addresses Krpata, Tyler (Oct 25)
- RE: Verifying E-Mail Addresses Jimmie Jones (Oct 25)
- RE: Verifying E-Mail Addresses Weir, Jason (Oct 25)
- Re: Verifying E-Mail Addresses kenneth_z (Oct 25)
- RE: Verifying E-Mail Addresses Oyesanya, Femi (Oct 25)
(Thread continues...)
- Re: Verifying E-Mail Addresses Shane Warner (Oct 25)