Discussion:
recipient validation with smtplib
(too old to reply)
Robin Becker
2007-09-28 11:20:39 UTC
Permalink
Is there a way to use smtplib to get recipient validation. I can use smtplib
quite happily to send emails using the locahost's sendmail, but sendmail is just
fire and forget, so some bad addresses eg ***@www.dingo.zzz don't cause any
error in the sending application. I know some smtp setups do enforce recipient
validation, but it doesn't seem terribly easy to do this with sendmail. I
wondered if there were some way to do this in python?
--
Robin Becker
Tim Williams
2007-09-28 11:33:33 UTC
Permalink
Post by Robin Becker
Is there a way to use smtplib to get recipient validation. I can use smtplib
quite happily to send emails using the locahost's sendmail, but sendmail is just
error in the sending application. I know some smtp setups do enforce recipient
validation, but it doesn't seem terribly easy to do this with sendmail. I
wondered if there were some way to do this in python?
There is no way of validating *every* email address you send to using
SMTP alone. Some servers accept every address and bounce later - as
you have found out. So for the purpose of the SMTP client, or relaying
server, the address is valid at sending time to those servers.

Checking DNS for MX records is a possibility for removing some bad
addresses, but it's not fool proof as the RFCs don't require MX
records to exist for a domain to be able to receive email. If no MX
records are present, one (and only one!) IP address returned from the
domain's A record(s) should be tried.

HTH :)
Robin Becker
2007-09-28 11:50:54 UTC
Permalink
Post by Tim Williams
Post by Robin Becker
Is there a way to use smtplib to get recipient validation. I can use smtplib
quite happily to send emails using the locahost's sendmail, but sendmail is just
error in the sending application. I know some smtp setups do enforce recipient
validation, but it doesn't seem terribly easy to do this with sendmail. I
wondered if there were some way to do this in python?
There is no way of validating *every* email address you send to using
SMTP alone. Some servers accept every address and bounce later - as
you have found out. So for the purpose of the SMTP client, or relaying
server, the address is valid at sending time to those servers.
Checking DNS for MX records is a possibility for removing some bad
addresses, but it's not fool proof as the RFCs don't require MX
records to exist for a domain to be able to receive email. If no MX
records are present, one (and only one!) IP address returned from the
domain's A record(s) should be tried.
HTH :)
Thanks, it's at least ammunition for me to say it cannot easily be done. I found
this milter

http://www.jmaimon.com/sendmail/callahead-milter/

but I think this will cause every send to be checked which is probably not what
we need.
--
Robin Becker
Tim Williams
2007-09-28 12:29:40 UTC
Permalink
Post by Robin Becker
Post by Tim Williams
Post by Robin Becker
Is there a way to use smtplib to get recipient validation. I can use smtplib
quite happily to send emails using the locahost's sendmail, but sendmail is just
error in the sending application. I know some smtp setups do enforce recipient
validation, but it doesn't seem terribly easy to do this with sendmail. I
wondered if there were some way to do this in python?
There is no way of validating *every* email address you send to using
SMTP alone. Some servers accept every address and bounce later - as
you have found out. So for the purpose of the SMTP client, or relaying
server, the address is valid at sending time to those servers.
Checking DNS for MX records is a possibility for removing some bad
addresses, but it's not fool proof as the RFCs don't require MX
records to exist for a domain to be able to receive email. If no MX
records are present, one (and only one!) IP address returned from the
domain's A record(s) should be tried.
HTH :)
Thanks, it's at least ammunition for me to say it cannot easily be done. I found
this milter
http://www.jmaimon.com/sendmail/callahead-milter/
but I think this will cause every send to be checked which is probably not what
we need.
Hmm, call-ahead functions just initiate the first part of the SMTP
dialogue - to the RCPT TO, unless you cache the results so that the
call-ahead only checks each address once a day or so there is no
benefit. Without caching it will just slow down sending process as
you will get 1.5 SMTP conversations per outgoing message instead of
just 1. However, they still won't catch invalid email addresses
when the server accepts all addresses* and bounces later.

* all addresses = all addresses on domains local to that server.

I have written functions like this in the past for outbound/inbound
(recipient/sender) address checking, using combinations of SMTP
dialogue, DNS and port checking, bounce-collection, SPF and other
techniques over the years. There is no guaranteed way of checking
that all email addresses in your list are either VALID or INVALID.
Valid email addresses can get refused/bounce for a variety of reasons,
and invalid addresses sometimes get accepted/don't bounce at all.

You should work on either a best-effort basis, running some checks
but accepting that its not foolproof -OR- use no checks at all
knowing that most invalid email addresses will be handled correctly by
the SMTP processes

HTH :)
Steve Holden
2007-09-28 12:25:17 UTC
Permalink
Post by Robin Becker
Post by Tim Williams
Post by Robin Becker
Is there a way to use smtplib to get recipient validation. I can use smtplib
quite happily to send emails using the locahost's sendmail, but sendmail is just
error in the sending application. I know some smtp setups do enforce recipient
validation, but it doesn't seem terribly easy to do this with sendmail. I
wondered if there were some way to do this in python?
There is no way of validating *every* email address you send to using
SMTP alone. Some servers accept every address and bounce later - as
you have found out. So for the purpose of the SMTP client, or relaying
server, the address is valid at sending time to those servers.
Checking DNS for MX records is a possibility for removing some bad
addresses, but it's not fool proof as the RFCs don't require MX
records to exist for a domain to be able to receive email. If no MX
records are present, one (and only one!) IP address returned from the
domain's A record(s) should be tried.
HTH :)
Thanks, it's at least ammunition for me to say it cannot easily be done. I found
this milter
http://www.jmaimon.com/sendmail/callahead-milter/
but I think this will cause every send to be checked which is probably not what
we need.
I have a client who gets many spurious web sign-ups (they are a
telephone service). One of the signs of fraud is a bogus email address,
so it became very important to detect these.

The only way we could satisfactorily do so was to process the mailbox
that received the bounces and detect a GUID in the bounce message to
identify the potentially bogus accounts. This apparently works well
enough to stop most scammers from making their first 'phone call. In
general there is no way to tell when sending that an address is or is
not valid.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden

Sorry, the dog ate my .sigline
Loading...