Is there a legal way to check whether email address is actively used?
I've heard an email with, say, image can be sent and if the user opens an email there is a chance the image url will be accessed. Are there any other ways?
Related
I'm emailing to user with URI(s) in the message body. When the user will click that URI link, the app will answer the calls depending on the params on the URI.
However, all these should happen depending on which eMail account this URI is clicked from.
Eg. the system sent the email to thisUser#xyz.com. Then, the owner of thisUser#xyz.com forwarded the message to, say thatUser#xyz.com.
The system should be able to be aware that the URI sent to thisUser#xyz.comis being clicked by thatUser#xyz.com. Is there a way to make such distinction? How?
I can make the user verify his credentials-- enter his username&passwd but this is not what i'm looking for.
No, this is not possible, as the only information sent to the server is the URI, which is always the same.
Email clients do not send additional information about the recipient of an email to a server when the user clicks on a link in the email. Doing so would be a bad idea, because of privacy concerns, as it could be exploited for, e.g., farming email addresses using chain emails.
If I have a temporary email address that hides a real address, would it be possible for someone to find out the real address?
One possible way I can think of could be tracking a read receipt by sending over a pixel by pixel image and tracking the email address that loads it.
Are there any other ways or would this be pretty good at hiding the address from spammers?
No, you usually can't identify the "real address" behind a temporary one, unless the recipient replies to your message using its real email address (whether it's a manual response, or an automatic one like a read receipt).
That's especially true when your temporary email address is provided by a disposable email provider. However, if your temporary address is indeed an alias on the same email server as the real address, the SMTP VRFY command may be used to resolve an alias to its real email address. But that SMTP feature is disabled on most email server, for obvious security reasons.
As CBroe pointed out, including an image or a link in your email wouldn't help you finding the real email address. Because mail content would be HTML, displayed by the brower, and not at all related to the email context. At most, it would tell you that the email was received and its content scanned. That's not even a guarantee that a human opened it, since some antispam filters resolve URLs to ensure they're not a threat.
Trying to get a list of my email recipients who have seen my email, and then to use a different medium to address who didn't see (via SMS/Call).
I could get the number of people who saw the email by having a hit counter set up in a web server, looking for a method to get this done now. Any help?
Thanks.
It can't be done reliably. Popular email clients will not do anything to alert the sender that an email was received because this allows spammers to detect if the email address is valid. That's why most email clients block remote images until the user clicks "Show Images" because the images could be used for this purpose.
Email system support something called a "read receipt" that is intended for this use but most clients will never send one.
You can detect if an email bounces but receiving an email and viewing an email are two different things.
My problem isn't validating an email address. I want to verify that an email address exists or not.
I have been looking solutions for that all day. But no result is useful to me.
Can any one help me with this? Thanks!
Ge.
This is not so trivial, but there are a number of options:
1) Find out, using DNS lookups, which mail servers are responsible for the domain of the E-Mail address and connect to one of them. Using SMTP try to deliver a message to the target address. Some servers will tell you at that point that the target address does not exist.
2) Send a test mail to the target address and check if you get a bounce/error mail back.
Not trivial, as badcat already said. If you absolutely have to, I would some other entity do the actual work of sending and receiving the email (such as your webserver). The flow would be something like
1) your app instructs your webserver to send a testing email (make sure you secure this - else it will be perfect for spamming)
2) your app instructs the user that a test email has been sent and that he should reply to it, confirming he's a human (or maybe click on a url contained in the email)
3) the users response (click on url or email reply) will be recorded in a small DB which you can query with your app
I use an email registration and confirmation in my project (yes, I know about OpenID. In my counry, a main email service lacks it).
Sometimes users misspell their email addresses. I know about this due to "message could not be delivered" letters in a mailbox. A misspelled address is absolutely correct, because I check it with a regular expression - say, jon.doe#example.com intstead of john.doe#example.com. And I do not want to duplicate a email field in a registration form (who likes it?).
Request processing routine cannot wait for email delivery - it could take an unpredictable time. So, my script will return to user a confirmation message "An email was sent". And the user will wait for it forever (of cause, not - he/she will turn to an alternative project with a more perfect registration system).
Does someone knows how it can be improved (in any programming language)?
If you cannot wait for a response back from a confirmation e-mail, I would display a yes/no message box confirming their e-mail (i.e Send e-mail to jon.doe#example.com?) before sending the e-mail. While your at it, you can check to see if the e-mail is a duplicate as well.
If no duplicate found and they click "Yes" then send the e-mail. If not, ask them to re-enter the e-mail address.
With this approach you have gone above and beyond validating correct e-mail addresses since there are no services that will explicitly check for correct/valid addresses.
Unfortunately, there's no canonical way to spell anything in an e-mail address and no way to check programmatically whether it's spelled correctly or not. The only tool that can confirm the correctness of a valid e-mail address is Eyeball 1.0, which runs client side.
You can try the SMTP VRFY on the server but most won't reply with anything valuable. Most will simply say "go ahead and try it" because returning something useful would be invaluable to spammers.
You can always check the domain name with a DNS lookup but the only way to check an email address is to send a message.
Try to have the user type his email twice with an email confirmation field (as for the password).
EDIT : Anthony's idea is good too.
For user parts of email the only thing I can think of is using:
MX lookups (if mail provider doesn't block them... since that can be abused to filter email lists)
Requiring user to enter email twice to ensure he doesn't misspell user portion of email
As for domain part of email, take a look at this:
AngularJs directive to offer suggestions for misspelled emails?
It helped me to reduce bounce for misspellings like gmai.com and gmail.con.