4

Is there an API to check if an email inbox exists on a remote server? my-addr.com does this beautifully and brings up some surprisingly high-level info about a box.

  • john@gmail.com : "The email account that you tried to reach is over quota. Please direct"
  • whatsup@gmail.com : "gsmtp / e-mail exist"
  • asdfasdf19293949@gmail.com : "The email account that you tried to reach does not exist."

The tool I linked to calls the process "reverse email lookup", but searching for the same brings up "finding a person from an email address" and other such tools.

How does this work? Is there a way to do this directly from PHP or C#?

Robin Rodricks
  • 110,798
  • 141
  • 398
  • 607

2 Answers2

3

I think you will find that many times these functions will lie to you to defeat spammers. If there was a method to confirm if an email is real other than having a user click on a validation (or unsubscribe....) link then spammers would use it all the time

The best way to verify an email address is to send a user an email containing a link, and have them click the link to verify that they received the email. That said your only options would be the SMTP RCPT TO or VRFY commands.

RCPT TO could be a way to check, as long as you disconnect after issuing it. However not all servers will boot you if the account doesn't exist

VRFY can tell you if an account exists on that server, but is almost always disabled to prevent account probes.

A PHP class that does RCPT TO verification is: http://code.google.com/p/php-smtp-email-validation/

Karl-Henrik
  • 1,113
  • 1
  • 11
  • 17
2

I do not see anything in my-addr.com's TOU that prohibits using it programatically: since you are happy with the site's results, you could consider (i.e. weigh technically, legally, and ethically) using my-addr.com itself as an "API".

As a starting point, here is Fiddler Request to Code C# for a quick mailbox-existence check I performed:

private void MakeRequests()
{
    HttpWebResponse response;

    if (Request_my_addr_com(out response))
    {
        response.Close();
    }
}

private bool Request_my_addr_com(out HttpWebResponse response)
{
    response = null;

    try
    {
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://my-addr.com/email/?mail=baz%40gmail.com&x=0&y=0");

        request.KeepAlive = true;
        request.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8";
        request.UserAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36";
        request.Referer = "http://my-addr.com/email/?mail=foo%40gmail.com&x=15&y=12";
        request.Headers.Set(HttpRequestHeader.AcceptEncoding, "gzip,deflate,sdch");
        request.Headers.Set(HttpRequestHeader.AcceptLanguage, "en-US,en;q=0.8");
        request.Headers.Set(HttpRequestHeader.Cookie, @"PHPSESSID=ne655jvfdte82b94gn0oumegj6");

        response = (HttpWebResponse)request.GetResponse();
    }
    catch (WebException e)
    {
        if (e.Status == WebExceptionStatus.ProtocolError) response = (HttpWebResponse)e.Response;
        else return false;
    }
    catch (Exception)
    {
        if(response != null) response.Close();
        return false;
    }

    return true;
}
J0e3gan
  • 8,740
  • 10
  • 53
  • 80
  • Nice try, but it has a limit of 30 a day!! Will have to find a proper way of doing this ... or pay for bulk checking ... http://email-verify.my-addr.com/online-email-list-verification-tool.php – Robin Rodricks Apr 17 '14 at 07:12