问题
I am almost done with a tool to detect if email is valid or not. I am stuck at small point where I have to detect If mail server or domain has catch-all policy enable.
Catch all: mail server will accept all email even if email address do not exits.
Thank you.
回答1:
There is no 100% reliable way to detect a catch-all of a mail server you don't control yourself. The most promising way is to generate a random address in the target domain which is definitely not used as a real account and send a test message.
If you don't get a reject while sending and no bounce to the envelope sender address of your script within a few minutes, there could be a catch-all involved. But it could also simply mean that the target server quarantined or dropped your message or that the bounce didn't make it back to you.
If you go down that road, make sure your tool generates valid messages, with all the necessary headers, has correct dns/helo settings, doesn't use any non-rfc smtp shortcuts, etc. in order not to get filtered.
On a side note: if this tool is going to be public, make sure its properly protected. Tools that automatically send mails are popular targets for abuse.
回答2:
You can identify domain is catchall or not by using Telnet. Create invalid email address against that domain.
e.g.
domain : example.com
Email Adddress : dummyemail@example.com, invalid.email@example.com
How to Telnet:
Step 1 - Find mail exchanger or mail server of example.com
Commmand :
nslookup -q=mx example.com
Response:
Non-authoritative answer:
example.com mail exchanger = 10 aspmx.l.google.com.
example.com mail exchanger = 20 alt1.aspmx.l.google.com.
example.com mail exchanger = 30 alt2.aspmx.l.google.com.
example.com mail exchanger = 40 aspmx2.googlemail.com.
example.com mail exchanger = 50 aspmx3.googlemail.com.
Step 2 - Now we know mail server so let connect to it.
Command:
telnet aspmx.l.google.com 25
Response:
Trying 74.125.24.27...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP z79si2772641pfi.381 - gsmtp
Step 3 - Enter helo hi
Command:
helo hi
Response:
250 mx.google.com at your service
Step 4 - Email address from which you telnet to targeted email address
Command:
mail from: <emailaddress@gmail.com>
Response:
250 2.1.0 OK z79si2772641pfi.381 - gsmtp
Step 5 - Target email address which you want to validate
Command:
rcpt to: <targetemailid@example.com>
Response:
250 2.1.5 OK z79si2772641pfi.381 - gsmtp
If you got "ok" for invalid email address then that domain is catchall domain.
A catch-all domain in simple terms means, the server of that company will catch any email sent to that domain, even a non-existent address and store it in a section called the catch-all. When this happens, you have no clue if it’s a legitimate email address or not.
来源:https://stackoverflow.com/questions/17947198/how-to-detect-if-domain-has-catch-all-policy-to-accept-email