• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Email Validity Query

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam

View previous topic :: View next topic  
Author Message
MR2
Just Arrived
Just Arrived


Joined: 30 Apr 2002
Posts: 1
Location: Somewhere between 0-160mph

Offline

PostPosted: Wed Aug 21, 2002 10:41 am    Post subject: Email Validity Query Reply with quote

Is there anyway we can check whether an email address is valid without sending a mail to it?
Back to top
View user's profile Send private message
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Wed Aug 21, 2002 12:33 pm    Post subject: Reply with quote

Telnet to the mail server on port 25

i.e telnet mail.ntlworld.com 25

Quote:

220 mta03-svc.ntlworld.com ESMTP server (InterMail vM.4.01.03.27 201-229-121-127
-20010626) ready Wed, 21 Aug 2002 11:25:16 +0100
250 mta03-svc.ntlworld.com
214-This SMTP server is a part of the InterMail E-mail system. For
214-information about InterMail, please see http://www.software.com


Then do help for a list of commands:

Quote:

214-
214- Supported commands:
214-
214- EHLO HELO MAIL RCPT DATA
214- VRFY RSET NOOP QUIT
214-
214- SMTP Extensions supported through EHLO:
214-
214- EXPN HELP SIZE
214-
214-For more information about a listed topic, use "HELP <topic>"
214 Please report mail-related problems to Postmaster at this site.



As you can see there is a Verify command, but upon running it, its disabled on this server, probably to stop people running their big spam lists against the server to see which are valid.

Quote:
502 Command is locally disabled



Then do
MAIL FROM: x@y.com
RCPT TO: intended@testrecipient.com

Quote:

501 Usage: MAIL FROM:<sender>
250 Sender <test@heh.com> Ok
501 Usage: RCPT TO:<recipient>
501 Usage: RCPT TO:<recipient>
250 Recipient <joe.bloggs@ntlworld.com> Ok


As you can see joe.bloggs does exist at NTLworld Smile

Im sure there are easy ways, applications, maybe even webpages to do this but I dont know of any at the moment Smile
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
MR2
Just Arrived
Just Arrived


Joined: 30 Apr 2002
Posts: 1
Location: Somewhere between 0-160mph

Offline

PostPosted: Wed Aug 21, 2002 8:06 pm    Post subject: Reply with quote

Cheers Saxo

Very Happy
Back to top
View user's profile Send private message
hads
Trusted SF Member
Trusted SF Member


Joined: 23 May 2002
Posts: 3
Location: New Zealand

Offline

PostPosted: Thu Aug 22, 2002 2:02 am    Post subject: Reply with quote

One thing to watch out for with this method is depending on the way some admins have setup their mail server it will look like it any address at the local domain will be valid. e.g.
Quote:

MAIL FROM: <asdfghjklwertwergg@localdomain.com>
250 Sender <asdfghjklwertwergg@localdomain.com> Ok


It is most likely that sdfghjklwertwergg is not a valid address, but it could appear to be depending on how the server is setup.

In saying that, this is still the best way to check. (to my knowledge).
Back to top
View user's profile Send private message
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Thu Aug 22, 2002 2:32 am    Post subject: Reply with quote

If you can specify a domain which is non local domain and its valid doesnt that mean its an open relay hence or a spammer's heaven Smile

If you can send mail through a server with a sender outside the domains control you can spoof reply addresses ?
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
Dioxins
Just Arrived
Just Arrived


Joined: 08 Nov 2002
Posts: 0


Offline

PostPosted: Fri Nov 08, 2002 7:44 pm    Post subject: Reply with quote

you could use aatools, it has an e-mail verifier function
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register