如何检查电子邮件是否确实存在 [英] How to check if email actually exists

问题描述

我创建了一个表格，您必须在其中插入电子邮件地址.

I created a form in which you have to insert an email address.

我已经有一种验证方法.但是我需要确保电子邮件确实存在.

I already have a validation method. But i need to make sure that the email actually exists.

有可能吗?

推荐答案

在一般情况下，没有用户交互就不可能.

In the general case it is not possible without user interaction.

您可以执行一些验证电子邮件地址的操作:

A few things you can do to validate an email address:

您可以使用正则表达式来验证电子邮件地址 format .它不能保证地址存在，但是至少您的用户输入格式正确.不过，使用正则表达式验证电子邮件地址并非易事，请参阅此处以获取困难.您可以在此处找到指南.

You can use a regex to validate the email address format. It does not guarantee that the address exists, but at least your user input will be well formed. Validating email addresses by a regular expression is not straightforward though, see here for difficulties. You can find guidelines here.

地址格式正确后，您可以通过简单的DNS查询来检查域名是否确实存在并具有关联的MX记录.如果不是，则该电子邮件显然无效.如果是这样，它仍然可以是任何有效域，并且没有证据表明实际上在该域上指定名称的有效用户.

Once the address is well-formed, you can check with a simple DNS query whether the domain name actually exists and has an associated MX record. If it does not, the email is obviously invalid. If it does, it can still be any valid domain, and there is no proof that there actually is a valid user of the name specified on that domain.

如果域存在，则可以向从域的MX记录读取的smtp服务器发出SMTP VRFY命令.VRFY会告诉您用户名(@之前的部分)是否是该服务器上的有效电子邮件地址.需要注意的是，某些服务器不会告诉您真相并拒绝所有用户名或不执行VRFY命令，因为这存在安全风险(在许多情况下，电子邮件帐户是服务器的有效用户名，因此允许用户名枚举).

If the domain exists, you can issue an SMTP VRFY command to the smtp server read from the MX record of the domain. VRFY will tell you whether the user name (the part before @) is a valid email address on that server. The caveat is that some server will not tell you the truth and deny all usernames or not implement the VRFY command as it is a security risk (in many cases, email accounts are valid usernames for the server, so this would allow username enumeration).

因此，如果VRFY命令告诉您该地址有效，则很有可能确实如此.如果它告诉您无效或在SMTP服务器上未实现VRFY，则基本上没有任何信息.因此，您可能根本不想这样做.

So if a VRFY command tells you the address is valid, there is a good chance that it really is. If it tells you it is not valid or VRFY is not implemented on the SMTP server, you basically gained no info. Because of this, you may not want to do this at all.

对此的更多信息是此处和

More info on this is here and here (among many others).

最终，您应该将带有一次性令牌的确认电子邮件发送到给定的电子邮件地址，并将该令牌存储在数据库中以供将来参考.如果用户可以单击已发送电子邮件中的链接(即可以将令牌发回)，则他证明该电子邮件地址是有效的，并且实际上属于他.

Ultimately, you should send a confirmation email with a one-time token to the given email address, and store that token in your database for future reference. If the user can click a link in the email sent (ie. can send the token back), he proves that the email address is valid and it actually belongs to him.

这篇关于如何检查电子邮件是否确实存在的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！