Home/ Questions/Q 775253
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T19:15:36+00:00

How can I implement following logic? User registers with an e-mail address If provided

  • 0

How can I implement following logic?

  • User registers with an e-mail address

  • If provided e-mail address is a valid
    email address Then user account get’s
    activated

  • or if it is a fake email then user
    account is not activated

I doubt that I can catch the – “Delivery failed reply message”, right?
anyhow how would you suggest to implement the above logic?

PS. I will have to find a way no matter what, client wants it =)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You probably want to be sure not only that the e-mail address is valid, but also that it belongs to this particular user. The usual way to do this is to send an e-mail with a link. The user has to click the link to activate the account.

    For example, the link could look like this:

    http://example.com/activate?token=bc59fb46c9a0a25346889e5ab336f11c

    where the token is a random string that you generated and stored in your database, linked to that account. The server-side code behind the activate page will then activate the account. If you don’t get a hit for this token within, say, a week, you can clean up the account and the activation token.

    Addition in reply to your comment…

    An alternative way would be to initiate an SMTP connection, and try to begin sending an e-mail. This is similar to callback verification amongst mail servers. For example (< is what the mail server says, > is what your script might send):

    < 220 example.com ESMTP Postfix
> EHLO foobar.com
< 250 OK
> MAIL FROM: noreply@foobar.com
< 250 OK
> RCPT TO: johndoe@example.com
< 550 Recipient address rejected: User unknown in local recipient table
> QUIT
< 221 Bye

    There are several serious problems with this approach, which is why it is not used in practice. Most of these will result in incorrectly accepted messages, some will cause the check to fail entirely:

    • If your site is behind a firewall that prohibits outgoing connections on port 25 (SMTP) and 445 (SSMTP), you cannot even connect to the remote server.
    • This technique will not tell you if the address was mistyped, but resulted in another valid address. For example, at hotmail.com, pretty much any address you can imagine will be taken.
    • If the mail server is down or unreachable, account creation will fail.
    • If the mail server is configured to accept mail for invalid addresses, any address will be accepted.
    • If the mail server is not the final recipient, but just a relay host, any address will be accepted.
    • If you probe a mail server too often, it might blacklist you.
    • Your site can be abused by a malicious person or bot to hammer mail servers. (This is also the case when you send out a full verification e-mail. Use a captcha in both cases.)

    See also the Postfix manual and a disputed section on Wikipedia. I hope this list is long enough to convince your client that there is no good solution to his problem, and that he should stop asking the impossible from you.

    • 0