Security Basics mailing list archives

RE: Verifying E-Mail Addresses

From: "Oyesanya, Femi" <foyesanya () radiology bsd uchicago edu>
Date: Wed, 25 Oct 2006 12:29:39 -0500

telnet to port 25 , use verify command if it allows it 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Shane Warner
Sent: Tuesday, October 24, 2006 4:57 PM
To: Mister Dookie
Cc: security-basics () securityfocus com
Subject: Re: Verifying E-Mail Addresses

I believe the only way to do this would be to have the backend  
scripting connect to the mx server for the supplied domain, start  
writing an email to the email address and look for a User Unknown  
response, then just bail out halfway through
before finishing therefore never sending an email.

Although, not all mail servers mail disclose that information in the  
same manner, or disclose it at all depending on the configuration.

-- 
Shane Warner
Director of IT
Answer Plus Inc
Las Vegas, NV 89121
http://www.aplv.com
702-388-7377
shane () aplv com

Quoting Mister Dookie <misterdookie () gmail com>:

Hello list,

Is there a way to verify that an e-mail address
(e.g."johnsmith () company com") is valid and exists or does not exist
(is a fake e-mail address) without actually sending a message to that
address and awaiting the response?

Here's why this is a security issue. Our company administers a small
"municipal-type" 802.11 network where for limited open-access the only
form of ID we require is an e-mail address and a password. We simple
don't have the resources to send out e-mails and then have
verification and so forth. We are trying to prevent users from
entering fake addresses into our system. We want at least a small
amount of accountability.

We would like to be able to do a quick check, say query an IMAP, POP3,
or SMTP and check to see if there is actually an account at that
address without sending a verification e-mail and waiting for users to
click on a link or get something that bounces back. Does something
like that exist?

I do recognize that somebody can enter a valid e-mail address that
does not belong to them, but we are trying to address one issue at a
time. At this point we are just trying to prevent people who give us
"dude () dude com" from getting on to our network.

Thanks,
John

------------------------------------------------------------------------
---

This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence in Information Security. Our program offers unparalleled
Infosec management education and the case study affords you unmatched
consulting experience. Using interactive e-Learning technology, you

can

earn this esteemed degree, without disrupting your career or home

life.


http://www.msia.norwich.edu/secfocus

------------------------------------------------------------------------
---



!DSPAM:453e8b6f7771698812894!




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Verifying E-Mail Addresses Mister Dookie (Oct 24)
- Re: Verifying E-Mail Addresses Shane Warner (Oct 25)
  - RE: Verifying E-Mail Addresses Oyesanya, Femi (Oct 25)
- Re: Verifying E-Mail Addresses Jon Hart (Oct 25)
- Re: Verifying E-Mail Addresses Martin Knafve (Oct 25)
- Re: Verifying E-Mail Addresses Saqib Ali (Oct 25)
- Re: Verifying E-Mail Addresses MaddHatter (Oct 25)
- RE: Verifying E-Mail Addresses Roger A. Grimes (Oct 25)
- Re: Verifying E-Mail Addresses Kurtis Miller (Oct 25)
- Re: Verifying E-Mail Addresses nick (Oct 25)
- Re: Verifying E-Mail Addresses Ansgar -59cobalt- Wiechers (Oct 25)
- Re: Verifying E-Mail Addresses Dave Ockwell-Jenner (Oct 25)
- Re: Verifying E-Mail Addresses Robert Inder (Oct 27)

(Thread continues...)