How to Verify If Email Address Exists

Objective: Verify if an email address is valid.

The easiest way to verify an email address is to send an email to that email address and if your email does not get bounced, then there is a high chance that it’s a valid email address. This will work most of the time, but not necessarily if there’s a catch-all email account defined. A catch-all usually refers to a mailbox on a domain that will “catch all” of the emails addressed to the domain that do not exist in the mail server.

The other way is to check the SMTP (Simple Mail Transfer Protocol) response of the mail server. How to do that? Let’s look at an example. Let’s say that we want to check if the email address “404@gmail.com” is valid. First, we need to determine the SMTP servers for “@gmail.com“. This can be done by querying the DNS MX records for the domain gmail.com.

Based on the output of the dig query, we have received 5 SMTP server addresses with different priorities. The smaller the number, the higher the priority, so let’s choose “gmail-smtp-in.l.google.com” as the SMTP server that we want to use.

First, we connect to the SMTP server on port 25 – the well known port for SMTP servers. I am using netcat (nc) to connect to the SMTP server. If you do not have netcat installed, you can use the telnet command instead.

Once connected, the server prints a short message and waits for input. We start the conversation by sending the “HELO” command.

Once we send “HELO“, the server responds with another message (starting with 250). Now we send the sender’s email address to the server using the “MAIL FROM” command. Let’s use “foo@bar.com” as the sender’s email address.

Note that the server responds with a “250 OK”, it means we can proceed further. Now, we send the recipient email address or the email address that we want to verify using the “RCPT TO” command. We are going to verify the email address “404@gmail.com“.

If you see the server response, it is saying that the email address does not exist. This means that the email address is not valid. The response could be different for some other type of email addresses. For example, the response for “support@gmail.com” is different – is says that the account is disabled.

Note the server response code is 550 when an email address is either not valid or disabled. If you enter your own gmail account, you will get a response of 250. Replace “validemail@gmail.com” with your own email address.

Finally to close the connection, use the “QUIT” command.

In summary, you will need to use the “HELO”, “MAIL FROM” and “RCPT TO” commands when talking to a SMTP server. You can find the full SMTP conversation below.

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }