[ale] Validating email addresses

Michael H. Warfield mhw at WittsEnd.com
Wed Aug 30 19:29:20 EDT 2006


On Wed, 2006-08-30 at 18:10 -0400, Christopher Fowler wrote:
> I will also add that when I run my program on the data I do the
> following.

> 1.  connect to remoet MX
> 2.  Issue EHLO
> 3.  MAIL FROM: <cfowler at outpostsentinel.com>
> 4.  RCPT TO: <01234567890 at domain.com>
>     I do this to see if it will accept it.  If it
>     does accept it I assume that I can't verify because it
>     will give me a 250 for anything I send.

> When I ran this on a segment of data 90% of them could not be validated
> because of #4 above.  I've googled for many of the programs in windows
> and it appears to me they all do what I'm doing.  I would assume they
> would get similar results.

	In doing a security scanner for this (EXPN and VRFY are considered
security holes) I ran into the same problem.  You have servers who will
give you all sorts of answers AND LIE THROUGH THEIR TEETH TO YOU and you
can NOT depend on any one thing (except one, I discovered).  The final
test, I discovered, was to test for "VRFY :" (colon is the one
guaranteed illegal user name - think of the password file).  If it comes
back with a 200 code, then you know it's a lier and you can not trust
ANYTHING it gives you.  If it doesn't, then you give it some other tests
to figure out if EXPN and VRFY are enabled or not.  If they are enabled,
YOU FLAG A SECURITY WARNING.  This code is in the Nessus security
scanner and in the ISS security scanner, and in I don't know how many
other scanners that copied my example.

> On Wed, 2006-08-30 at 18:00 -0400, Christopher Fowler wrote:
> > Is there a way other than communicating with a remote SMTP server to
> > validate an address?  Here is an example:
> > 
> > [cfowler at shuttle ~]$ telnet mx00-dom.earthlink.net 25
> > Trying 207.217.125.16...
> > Connected to mx00-dom.earthlink.net (207.217.125.16).
> > Escape character is '^]'.
> > 220 meadowlark.mail.pas.earthlink.net EL___ ESMTP EarthLink Mail Service
> > Wed, 30 Aug 2006 14:58:42 -0700 (PDT)
> > helo outpostsentinel.com
> > 250 meadowlark.mail.pas.earthlink.net Hello outpostsentinel.com
> > [66.23.224.81], please to meet you
> > mail from:<cfowler at outpostsentinel.com>
> > 250 <cfowler at outpostsentinel.com>... Sender ok
> > rcpt to:<0123456789 at outpostsentinel.com>
> > 250 <0123456789 at outpostsentinel.com>... Recipient ok
> > vrfy
> > 502 Command unrecognized "vrfy"
> > quit
> > 221 meadowlark.mail.pas.earthlink.net closing connection
> > 
> > 
> > I'm the "catch all" for that domain.
> > 
> > I'm in the process of writing a program that will verify all email
> > addresses stored in a database.  The problem is that when I use the 
> > "0123456789@<domain>" email address _many_ of the servers are
> > responding with a '250' even though no address like that exists.
> > 
> > Is there another way to verify?
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list