Geek Answers Handbook

How to check if the received email is legal?

I am developing a system that receives emails from PIPE, checks to see if the email address that was sent by email is in the client database and writes it to the database.

The problem is that I do not want to have a security problem, and if someone sends an email from PHP to the system, he will also log it. So how can I check if an email has been sent by a proper mail server? I thought to get the IP address of the domain mail server and check in the email headers if it was sent from this server. So, if I received an email from the site test@hotmail.com , it will ping mail.hotmail.com and check if the email address came from this IP address.

In any case, if someone has their own domain, for example yourdomain.com, running on a common cPanel server, other people on this server can send emails using PHP and check IP authentication. So, I thought, checking if the email was sent from PHP or from the mail server, but I do not know how to do this.

What is your suggestion?

+4
source share
3 answers

I found http://verify-email.org/ for you. They have an API, so you can check the email address of this service.

EDIT

When you check the email address on the website, you see this result:

 MX record about gmail.com exists. Connection succeeded to alt3.gmail-smtp-in.l.google.com SMTP. 220 mx.google.com ESMTP tz3si2159695bkb.62 - gsmtp > HELO verify-email.org 250 mx.google.com at your service > MAIL FROM: < check@verify-email.org > =250 2.1.0 OK tz3si2159695bkb.62 - gsmtp > RCPT TO: < test@gmail.com > =550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 tz3si2159695bkb.62 - gsmtp

You can create your own check by logging into the smtp server and send the commands you see above:

 > HELO verify-email.org > MAIL FROM: < check@verify-email.org > > RCPT TO: < test@gmail.com >

You can check for errors or success messages. I think it is not difficult to build in php.

+1
source

I thought while checking if the email was sent from PHP or from the mail server

You cannot tell the difference between the two normally. And an email address sent with PHP may look exactly like an email from a mail server, and most likely an email sent using PHP is also mail from a mail server.

You can try to write a detection yourself (your own filter) based on your monitoring and find out about incorrect mail messages (or those that your users have reported if you cannot deeply track emails due to laws).

+1
source

Eh, this is my first answer to everything that is so sorry if I misunderstood. Anyway, if you are doing an email check in PHP, I have something that might help;

 If($_POST['email']){ $Email = $_POST['email']; $Allowed = array('gmail.com', 'yahoo.com', 'ymail.com', etc..); If(filter_var($Email, FILTER_VALIDATE_EMAIL)){ $Domain = array_pop(explode('@', $Email)); If(!In_Array($Domain, $Allowed)){ Echo 'Your response here...'; }}}

or to check email characters you can call a function or test it yourself;

 Function checkEmail($Email){ return preg_match("/^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[Az]{1,4}$/", $Email); }

So it will be something like:

 checkEmail(' email@domain.com ');

This checks the input, and if it does not have email characters, you can choose what to do.

Hope this helps!

+1
source

More articles:


All Articles