Re: Authentication via libwww?
Aliza R. Panitz (buglady@ability.net)
Mon, 19 Feb 1996 08:34:19 -0500 (EST)
Ramon M Felciano <felciano@camis.stanford.edu> wrote:
>> Is there a simple way to authenticate an e-mail address via libwww or a
>> similar package? Ideally, I'd like to be able to send a username and
>> password to a POP (or IMAP) server and have it tell me whether this is a
>> registered user or not.
>> Barring that, I'd at least like to know whether name@host is a valid
>> address.
First of all, you don't need the user's password to know whether an e-mail
address is valid.
Secondly, depending on the particular needs of your application, you are
not necessarily going to be able to reach the servers involved. If you
are trying to validate generic Internet addresses, "live" validation will
fail for people whose mail hosts:
(1) are behind some kinds of firewall
(2) point off to an MX record rather than an A record
(3) are through a UUCP link or other gateway
If you are working in a particular environment where you know that users
read their e-mail through POP or IMAP servers, then you may be able to use
specific features of that environment to validate e-mail addresses, but
the solution would not be generically applicable.
The best you can do, I suspect, is to use network tools like "dig" to look
up the hostname, and make sure that portion is valid.
johnl@meer.net (John Labovitz) suggested:
> [...] if you can open a socket
> connection to the Simple Mail Transfer Protocol (SMTP, port 25) server
> on the remote machine, there is a VRFY command in the SMTP protocol that
> will verify an address. [...]
>
> * telnet meer.net 25
> * VRFY johnl
Many sites have disabled VRFY (and EXPN) as a security measure.
- Aliza
--
Aliza R. Panitz http://www.ability.net/~buglady buglady@ability.net
AccessAbility Internet Services: http://www.ability.net
(Web page design and maintenance; Mail domain services, and more)