Re: Verifying E-Mail Addresses

["Matt Lye" <lyematt () gmail com>]

With the advent of many many sites like http://dodgeit.com/ what your
talking about is useless besides there are many other sites like
http://www.spamhole.com/

Tipmonkeys has a list of  several such sites so for the moment either
method is a waste of time. If people want to fake email addresses they
will and your checks for them will not made any difference.

While there are queries that can detect if email addresses exist they
largely depend on the server configuration at the other end. Most for
security reasons just say everything exists (If everything didnt they
just wouldnt get mail). This makes it impossible for spammers to find
and address list of email addresses for a domain. With a setup like
microsoft when the server only returns true values for emails that
exists it allows spammers to datamine email addresses on a domain.
Then again Microsoft never did care that much about security.


On 10/25/06, Mister Dookie <misterdookie () gmail com> wrote:
> Hello list,
>
> Is there a way to verify that an e-mail address
> (e.g."johnsmith () company com") is valid and exists or does not exist
> (is a fake e-mail address) without actually sending a message to that
> address and awaiting the response?
>
> Here's why this is a security issue. Our company administers a small
> "municipal-type" 802.11 network where for limited open-access the only
> form of ID we require is an e-mail address and a password. We simple
> don't have the resources to send out e-mails and then have
> verification and so forth. We are trying to prevent users from
> entering fake addresses into our system. We want at least a small
> amount of accountability.
>
> We would like to be able to do a quick check, say query an IMAP, POP3,
> or SMTP and check to see if there is actually an account at that
> address without sending a verification e-mail and waiting for users to
> click on a link or get something that bounces back. Does something
> like that exist?
>
> I do recognize that somebody can enter a valid e-mail address that
> does not belong to them, but we are trying to address one issue at a
> time. At this point we are just trying to prevent people who give us
> "dude () dude com" from getting on to our network.
>
> Thanks,
> John
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------

--
You can do anything you set your mind to when you have vision,
determination, and and endless supply of expendable labor.

<No tree's were harmed during this transmission. However, a great
number of electrons were terribly inconvenienced>

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------