joemarini.com

Verify that a user’s email domain really exists using PHP

Article Summary: shows how to use PHP to verify that a given domain actually exists.

PHP APIs used: checkdnsrr

download Download the code for this tutorial

We’ve all seen it happen.

You put up a registration page on your site, hoping that visitors will leave you their email addresses so that you can stay in touch with them when you’ve got a new product for sale. Or a new tutorial that they might be interested in. Or when you want to send them some "information from carefully screened third parties with whom we maintain a strategic relationship." Or maybe you want something in return before you give them that valuable whitepaper that you spent two months on.

 

Whatever the reason, you happily construct your registration page, set up a database table to track the incoming email addresses, and push it live. And sure enough, the registrations start coming.

To [email protected]. And [email protected]. And [email protected]. You get the idea – users are registering with bogus email addresses at domains that don’t even exist. Not only are you going to be sending mail to nonexistent addresses, but they clutter up your database and cause maintenance headaches because they need to be cleaned out.

Make Sure They’re at Least Real

One way to help address this problem is to make sure that a user’s email address actually corresponds to a real email domain. Using PHP, you can check the domain registration records to see if the domain a user submitted to your site is real. To do this, we’ll use PHP’s checkdnsrr function.

The checkdnsrr function looks up the dns record for a given type and a given host. It has this format:

int checkdnsrr(string host [,string type]);

This PHP function checks the DNS records for the given host to see if there are any records of the specified type. Note that the type parameters is optional, so if you don’t supply it then it defaults to "MX" (which means Mail Exchange). If there any records are found, then the function returns TRUE. Otherwise it returns FALSE.

To use this function, you submit a potential email address to it and check the result. Listing 1 shows an example of this.

// take a given email address and split it into the username and domain.
list($userName, $mailDomain) = split("@", $email);
if (checkdnsrr($mailDomain, "MX")) {
  // this is a valid email domain!
}
else {
  // this email domain doesn’t exist! bad dog! no biscuit!
}
Listing 1: Checking for a valid email domain

The code in listing 1 takes a string of the form "[email protected]" and checks to see if the domain is real. First, the code calls the split() function to split the email string into "username" and "emaildomain.com", since we’re only interested in the domain.

Once we’ve got the domain, the code calls checkdnsrr with the domain string and "MX" as the arguments. The second argument tells checkdnsrr what type of DNS record to look for. Since we’re interested only in whether the given domain can handle email, we use the "MX" argument, which means "look for the Mail Exchange record."

If the checkdnsrr function returns TRUE, then we know we’ve got a valid email domain (but not necessarily a valid user name). If the function returns FALSE, then the email domain given is invalid.

Gotcha! – checkdnsrr() Doesn’t Do Windows (Yet)

There’s one small problem, however, if you’re using PHP on a Windows server. The checkdnsrr function is not implemented on the Windows platform, so if you’re going to deploy this code on a Windows-based machine, you’ll need to do some extra work yourself.

The way to get around this problem is to write your own version of checkdnsrr. We’ll call our version myCheckDNSRR, and the code for it is shown in listing 2.

function myCheckDNSRR($hostName, $recType = ”)
{
  if(!empty($hostName)) {
    if( $recType == ” ) $recType = "MX";
    exec("nslookup -type=$recType $hostName", $result);
    // check each line to find the one that starts with the host
    // name. If it exists then the function succeeded.
    foreach ($result as $line) {
      if(eregi("^$hostName",$line)) {
        return true;
      }
    }
    // otherwise there was no mail handler for the domain
    return false;
  }
  return false;
}
Listing 2: Checking for a valid email domain on Windows

Our version of the checkdnsrr function works by taking advantage of a system call that’s available in Windows called nslookup, which performs essentially the same function. To call the nslookup function, our code uses PHP’s exec function, which executes a system command. It returns the result of the command as an array of strings in the $result parameter.

When the nslookup function successfully finds an entry for the given domain, the output will look something like this (I’ve stripped out some non-essential information here):

Server: o1-sjc-ns1.o1.com
Address: 66.81.7.158
joemarini.com MX preference = 0, mail exchanger = smtp.joemarini.com

To determine whether a mail handler for the domain exists, the function loops through each line of the output looking for the line that starts with the given host name. If such a line is found, then the function returns TRUE, otherwise it returns FALSE.

Conclusion

While there’s no foolproof way to make sure a user isn’t giving you a completely bogus email address, you can at least help cut down on the problem by making sure that email addresses your site is given at least correspond to a real domain. Using PHP’s checkdnsrr() function, you can look up the registration record for a given domain and see if it’s a real domain before saving away a user’s email address. end of article

download Download the code for this tutorial.

Copyright © Joe Marini. All rights reserved.

For information about how to obtain permission to re-publish this material, please contact us at [email protected].