1. 33
  1. 5

    This is mostly not good, these email validation/testing requests are blocked in practice.Meaning most mail servers should accept mail for any user and drop it for invalid destination addresses. This kind of thing would have been clever in the 90s, now it should be largely not possible.

    1. 2

      Agreed. The best way to check if an email address is valid is to send email to it (with a verification link? please don’t send tracking pixels)

      1. 1

        Everything inside me screams that this should not be possible and is a very stupid idea for mail servers to do it like this, but in practice it is surprisingly effective! We’re using this at work to check e-mail addresses are valid when entering them into forms, and it works for a large percentage of mail servers.

      2. 3

        I wrote a script once to do the same thing and iterate over a couple possible email combinations knowing first and last name, it’s very meh written but has served me well a couple of times.

        1. 1

          Oh cool, thanks for sharing! I don’t actually do this stuff enough to have used smtplib much at all so this is useful to see

        2. 1

          The only true way to know is to actually send an email to that address and see if someone clicks a link in it.

          1. 1

            Neat idea!

            Note to author though, the italics made it really hard for me to read. Luckily it was easy enough to turn off in the inspector.

            I’ve artificially inserted a prompt here to denote what I’ve entered but generally, nslookup will have no such prompt.

            Did you mean telnet?

            1. 4

              I did! Oops, it should be fixed now

              I’ve also turned off italics. I don’t generally share what I write that much so I’d almost forgotten italics were even on at this point. Under the hood, I moved everything to asciidoc a little while ago so I’m planning on revamping the whole layout anyway to support some of the cooler asciidoc features

              1. 1

                haha. Glad I wasn’t the only one who noticed that type-o.

              2. 1

                I’ve never seen “rcpt from” before. I’ve always written “MAIL FROM” and “RCPT TO”.

                1. 3

                  Neither have I ;) It must have just been a typo cause by staying up too late haha! It should be corrected now

                2. 1

                  I had been talking to someone about a job interview

                  Just as a tangent: this would be a good interview question. If they’re familiar with SMTP, it’s a pretty simple text based protocol and I remember the HELO part from back in undergrad. You can also probably get them to talk about 7-bit ASCII and UU/MIME encoding if they’re familiar with it.

                  I mean, it’s not a great interview question. If they’ve never worked with low level e-mail, you can move on to something else. But if they have, it’s a good way to get them to elaborate about a protocol.

                  If the candidate doesn’t know SMTP, you could go on to the “A person enters a web address into a web browser and presses enter. Describe what happens” to see how much they know about DNS, HTTP, TLS, load balancers, web servers, web applications, etc.

                  You could also just the candidate to pick a protocol they’re familiar with and describe the parts of it: the handshake, data, etc.

                  1. 1

                    I’ve never worked with low level email and only have a vague understanding of SMTP so I don’t know that I would pass it myself ;)

                    This sounds similar to one of the questions we ask where I work, which is along the lines of “You click a button on a website, can you explain what happens”. It’s more for a candidate to show that are aware of DNS, load balancers, caches/CDNs and so on but you could definitely adapt it for non-HTTP protocols

                    I think that question has a bias towards what happens from the ISP onwards side of things because you could spend years talking about well, your CPU receives an interrupt and then…

                  2. 1

                    > rcpt from: test@example.com

                    mail from: test@example.com

                    250 2.1.0 OK b26si1910042pgs.432 - gsmtp

                    How do I do this part? When I hit return after the rcpt line, I immediately get a 503.

                    1. 2

                      I think this may just be a typo in the OP. Leaving out the rcpt from: line and just using the mail from: line worked for me.

                      1. 2

                        Sorry, it should be mail from: test@example.com

                        The second line is actually the command being echoed back at the user but for some reason, I ended up with “rcpt from” instead of “mail from”. It should be fixed now