But to verify whether it's semantically valid can be done only one way... send email to the address with a unique token, and have them return it (in a way that's not a bounce message) or visit a web site.

There is no real-time way to do that. You'll get both false positives and false negatives. As a specific example, there is no way you can verify that jeffrey.dahmer@stonehenge.com is a valid email address in real time. You have to just send it. And you'll either get a bounce later, or a response.

I have an example of doing that for mod_perl, and an older version for CGI.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Wrap your sendmail portions in an eval block:

eval {
    open (SENDMAIL, '|/usr/sbin/sendmail -oi -t');
    print SENDMAIL <<"EOF";
From:<$MAIL{'FROM'}>
To:<$MAIL{'TO'}>
Subject: $MAIL{'SUBJECT'}

$MAIL{'BODY'}
          
EOF
    close (SENDMAIL);
};

if($@) { 
   print "Something went wrong!\n";
}
[download]

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated

You should think of this the other way around. Validate the address before you attempt to send to it, that way you have some hope of catching the error early.

There are a number of CPAN modules, I have used this one Mail::CheckUser very succesfully in several products.

However, you should bear in mind that some of the larger ISP's do not reject at the SMTP connection, they receive the email, then send back a bounce message later. You really need to make the data persistent - ie, some session management and a database maybe - in order to ensure that you get valid email.

In fact, depending on what you are doing, you should possibly accept the unverifiable email, then send an email with a non-trivial nonce requiring that they respond to it - maybe to a script - in order to be signed up for whatever it is.

jdtoronto

Having solved this issue a time or three let me share some thoughts with you:

Is this address valid?

First off consider looking at Email::Valid. This module will do two things for you. First it will check to see if the address is well formed. Seondly it checks to see if there is a mail server for the domain part. Example:

--$  perl -MEmail::Valid
printf "%s\n",(Email::Valid->address("peter\@berghold.net")?"Yes":"no"
+);
 
Yes
--$  perl -MEmail::Valid
printf "%s\n",(Email::Valid->address("peter@yuckster.com")?"Yes":"no")
+;
 
 
no
--$  host yuckster.com
yuckster.com has address 216.21.229.209
--$  host -tany yuckster.com
yuckster.com name server dns21.register.com.
yuckster.com name server dns22.register.com.
yuckster.com has address 216.21.229.209
[download]

With that information in hand I can go to the next step in validating this user's email address.

But do they have a valid account at that address?

Here is here I get really clever. (well... maybe not that clever..) First some assumptions:

1. I have an RDBMS I can shove info into or a reasonable facimile
2. I can generate unique keys for the user's email address and a link to a page to validate that unique key

http://my.server.com/cgi-bin/validate.cgi?key=oiweruojaklsdfklh&email=
+dude@isp.com
[download]

Now you have validated that the email address is valid AND you have validated that it exists... Like it? There is more than one way to do this, but this is one of them.

OK - the problem here is that you're underestimating the complexity of what you're asking.

First of all, you cannot guarantee that you can get to the authoritative mail server for someone's email from the internet. For example, they may run an e-mail gateway which does virus checking before forwarding onto the real mail server (like messagelabs, or a home grown equivelant), their main mail server may be down, and you'll get through to a backup mail server (a temp spool only, which forwards to the primary e-mail server once it comes back online), or maybe others!

Secondly, piping out to sendmail will return success if sendmail accepts the message - not if sendmail can deliver it. If sendmail cannot deliver the message, it'll give up later, and send a DSN to the sender (you wouldn't want to wait until sendmail times out before continuing in your code, would you :)

In short, you have two options:-

1. Attempt to deliver the message, set the from address to somehting that'll get delivered back to a POP account, and use Net::POP to check the POP account for DSNs or other failures (RFC-1894 is your friend here)
2. Send the member an e-mail address before enabling their account. If they click on a link in the e-mail (include their user-id, and some authentication details), they call a CGI which will then enable their account

I personally think that (2) is the safest, easiest, and most reliable, as long as you're willing to run a nightly cron job to clear out any old accounts that haven't been activated within X days.

My message is generated from my server perl.to and sent to the address bad@perl.to. My catch-all's are OFF and only mail sent to specific users specified in my virtusertable will be accepted. I need a perl script to attempt to send this message and:

1. Not crash the perl cgi.
2. give me an error message i can translate

If i can only get number one i can live with it. Thanks for reading and thanks for all the advice. I hope this post streamlines my question a little bit.

jtrue

If you're trying to verify users e-mail addresses on your machine then don't do this at all--check your local user database instead. If you don't have one, make one. (And odds are you do have one, you just need to find it. What, where, and how depends on your system)

(If you're looking to verify addresses on other machines in realtime, you can't. Stop trying, it's impossible in general and all you'll do is make a mess of things, probably leave a spam and/or abuse hole, and piss people off)

sub SendMail{
my %MAIL = @_;
my $RESULT = "SendMail to".$MAIL{'TO'};
use IPC::Open2;
open2(*READA,*WRITEA,"/usr/lib/sendmail -oi -t");
print WRITEA "To:$MAIL{'TO'}\n";
print WRITEA "From:$MAIL{'FROM'}\n";
print WRITEA "Subject:$MAIL{'SUBJECT'}\n\n";
print WRITEA "$MAIL{'BODY'}\n";
close WRITEA;
while ($line = <READA>){$RESULT .= "<li>$line\n";}
close READA;
return $RESULT;
}############################ end SendMail
[download]

Where do you get the parameters to this subroutine? Please dear gawd, don't say "from a web form". Argh!

If so, you've just created a spam engine.

Have you actually read any of the answers to your post? You appear to be ignoring the fundamental problem.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Please try your test with @aol.com addresses.

Last time I heard AOL accepts ALL email address to the aol.com domain, and deals with dumping it later.

Please correct me if I'm wrong.

IMHO the only method that works are the procedures blue_cowdawg and merlyn outlined.

The user must receive an email with a Unique identifer, and respond with that secret and unique "key" (preferable non-guessable and random).

Hi smellysocks!

The only time AOL does not accept the message is if originating machine is in their black list - then they 550 it at the connection. Otherwise they accept and notify in the bounce message as you surmise.

jdtoronto

Also, sendmail was reporting a bad header and dropping the bad address in a dead.letter file. By using open2 my perl script can easily read this error and report to the user the problem. This saves my script a lot of time and gives me the most information. Thanks monks.

jtrue