Hi guys,

first post and i'm looking forward to be a part of this great community.

Is it possible to confirm someone's email w/o having them to go to their inbox and verifying it (click on the confirmation email)? For instances a program or code that would verify the provided email address automatically?

This code/program should be PHP preferably, if not i'll find a way to implant it.

Thank a lot

The spammers would be able to spam everyone if there was - so there isn't.

There actually is an SMTP command to check for a username on a system. But, since this command can be disabled on most major mail servers, it's mostly worthless to mention it--let alone rely on it. So, the closest you're likely going to get to verifying an email address is just making sure it's formatted properly with a regular expression.

Just about everywhere would have that command disabled by now since those that don't would be inundated with spam to the point where finding the one genuine email from within the millions of spam messages would be impossible. At best you can test that the domain exists - the code to tell you about individual email addresses within the domain is just about always disabled.

I wanted to use this at at the registration page/module. that way to command would send an email to the registrar's email and if it bounces back it would mean it's a fake email address.

I found this (http://www.filetransit.com/view.php?id=18590) on File Transit...what do you guys think?

One idea would be is to have a person supply their email.. Then you send out an email to that person, with the From of the email being a specific email address which will check for bounced emails. If the email is bounced, its not a valid email address.. I don't know exactly how you could set this up, but I know its possible. Maybe have the person be good on a 1 day period while you wait for that bounce email. If you don't get it, then its a valid email. You could possibly check using a cronjob that opens up the mailbox using PHP and check for a bounced email that way.

I'm sure someone can add onto this idea..

As far as I'm concerned, anything that depends upon the recipient mail server returning some sort of confirmation or error is inherently unreliable, especially with the ever increasing need to thwart spammers. I would therefore always opt for requiring the user to respond to an email, as anything else will have the possibility of generating false negatives or false positives, which in the long run may be more annoying to users than having to open an email message and click a link.

One idea would be is to have a person supply their email.. Then you send out an email to that person, with the From of the email being a specific email address which will check for bounced emails. If the email is bounced, its not a valid email address.. I don't know exactly how you could set this up, but I know its possible. Maybe have the person be good on a 1 day period while you wait for that bounce email. If you don't get it, then its a valid email. You could possibly check using a cronjob that opens up the mailbox using PHP and check for a bounced email that way.
This will not work in most cases. Many ISPs "black hole" undeliverable mail: mail with a bad recipient simply goes nowhere, and the sender (reply-to address) is never contacted about the failed delivery.

Generally, the only instance in which a failure message is promised is when the sending user's ISP cannot make contact with the receiving user's ISP, or when the receiving ISP encounters an internal error. Though, in that case, you'll be getting a completely different error message. So, it's unreliable at best to wait for an ISP to respond with a "No such user" type of message anymore.

As felgall said, "The spammers would be able to spam everyone .."

This will not work in most cases. Many ISPs "black hole" undeliverable mail: mail with a bad recipient simply goes nowhere, and the sender (reply-to address) is never contacted about the failed delivery.

Generally, the only instance in which a failure message is promised is when the sending user's ISP cannot make contact with the receiving user's ISP, or when the receiving ISP encounters an internal error. Though, in that case, you'll be getting a completely different error message. So, it's unreliable at best to wait for an ISP to respond with a "No such user" type of message anymore.

As felgall said, "The spammers would be able to spam everyone .."

ISPs might have black hole but...

i don't think generic mail servers such as Yahoo, hotmail, gmail and etc. have any sort of blackhole.

I'm doing this for to make sure users are proving valid email address. That way after getting banned or removed, they won't just turn around and create a new with a phoney email address.

...
I'm doing this for to make sure users are proving valid email address. That way after getting banned or removed, they won't just turn around and create a new with a phoney email address.
And if you do the usual practice of sending a confirmation email to the supplied email address with a link for the user to click to activate their account, then you have no worries (other than reminding them to check their spam folder to look for your email :rolleyes: ).

I'm doing this for to make sure users are proving valid email address. That way after getting banned or removed, they won't just turn around and create a new with a phoney email address.
In that case, your fundamental goal is impossible. Seeing as how Yahoo!, Gmail, etc. addresses are all free and easy to obtain, anyone who gets banned can easily just get another email address.

Your only option is to start checking tax ID numbers and running them through the appropriate country's governmental systems ... or fingerprints ... you could require a full set of 10 fingerprints maybe ...

Though, common practice, and my recommendation, is to do as NogDog has suggested:
... do the usual practice of sending a confirmation email to the supplied email address with a link for the user to click to activate their account ...
It's pretty easy to set something like this up. And most people will be expecting an email confirmation link anyway.

ISPs might have black hole but...

i don't think generic mail servers such as Yahoo, hotmail, gmail and etc. have any sort of blackhole.


The email addresses that are definitely blackholes are those from hotmail, yahoo and gmail. Some ISPs do and others don't block the lookup and so it does work for some ISPs but never for the big email providers.

In that case, your fundamental goal is impossible. Seeing as how Yahoo!, Gmail, etc. addresses are all free and easy to obtain, anyone who gets banned can easily just get another email address.

Your only option is to start checking tax ID numbers and running them through the appropriate country's governmental systems ... or fingerprints ... you could require a full set of 10 fingerprints maybe ...

Though, common practice, and my recommendation, is to do as NogDog has suggested:

It's pretty easy to set something like this up. And most people will be expecting an email confirmation link anyway.

i completely understand that.

here is the deal: i work at a social networking site (involving questions and polls) and how it works is that when a user comes across our website, they want to be able to answer immediately. That actually is the best way for a user to get involved and enjoy our website. Manual email verification woudl hinder this process. the user woudl have to go back to their email inbox, click to verfiy, then answer. By marketing standards that method of verification would take the user out of the "Heat of the moment"...But then again there are user who abuse our laxed registration and abuse the fact that currently system doesn't really require a real email account, similiar to how myspace used to be.(they create fake/ghost account to get more vote for certain answer or to harass other users).

as you see it's not as easy...

It may not feel like an easy choice, but the reality is simple. There is a trade-off between two poles, A and B, which contain the following attributes:

A

less assurance that each account = 1 distinct human
quick/easy account creation
less accurate polls
less serious/dedicated users
more total users

B

more assurance that each account = 1 distinct human
more complicated signups
more accurate polls
more serious/dedicated users
fewer total users


This clearly isn't a comprehensive comparison. But, depending on the nature and quality of the site, you could be doing yourself a favor by filtering out the users who can't handle clicking a link in their mail before voting ... They're less likely to be serious, dedicated users who frequent the site. And holding onto all that extra user data could get expensive.

You could also "accept" their vote and hold it until they activate their account--which you could put a 90-day time-limit on or something.

But seriously, you're trying to make incompatible things compatible.

Given the new light on your situation, and the great importance that you've place on letting a user vote right away, just settle for less accurate poll data. It's not like you'll have accurate poll data anyway. Aside from being biased by your site demographic, people will still be able to sign up for multiple accounts.

thanks for the input. i'm really thinking it through right now.

Also consider the implication of false negatives causing some (small?) number of valid users to be rejected versus requiring all valid users to have to respond to an email.

Maybe there's a compromise:

As soon as a user signs up, they are allowed to participate. However, you also send a confirmation email. If they do not respond to the email within X number of days (maybe sending a reminder email first?), their account is deactivated and their responses are either deleted, flagged in some way so as not to be counted, or whatever makes sense to you.

As soon as a user signs up, they are allowed to participate. However, you also send a confirmation email. If they do not respond to the email within X number of days (maybe sending a reminder email first?), their account is deactivated and their responses are either deleted, flagged in some way so as not to be counted, or whatever makes sense to you.
That's a pretty neat idea. It's kind of like an application of a pretty recent software/website design principle (which may take some time to become popular): Don't use OK or Confirmation [buttons]. Use Undo buttons instead.

Cool idea.