recipient validation with smtplib

Tim Williams tim at tdw.net
Fri Sep 28 08:29:40 EDT 2007 

On 28/09/2007, Robin Becker <robin at reportlab.com> wrote:
> Tim Williams wrote:
> > On 28/09/2007, Robin Becker <robin at reportlab.com> wrote:
> >> Is there a way to use smtplib to get recipient validation. I can use smtplib
> >> quite happily to send emails using the locahost's sendmail, but sendmail is just
> >>  fire and forget, so some bad addresses eg idiot at www.dingo.zzz don't cause any
> >> error in the sending application. I know some smtp setups do enforce recipient
> >> validation, but it doesn't seem terribly easy to do this with sendmail. I
> >> wondered if there were some way to do this in python?
> >
> > There is no way of  validating *every* email address you send to using
> > SMTP alone.   Some servers accept every address and bounce later - as
> > you have found out. So for the purpose of the SMTP client, or relaying
> > server,  the address is valid at sending time to those servers.
> >
> > Checking DNS for MX records is a possibility for removing some bad
> > addresses, but it's not fool proof as the RFCs don't require MX
> > records to exist for a domain to be able to receive email.  If no MX
> > records are present, one (and only one!) IP address returned from the
> > domain's A record(s) should be tried.
> >
> > HTH :)
> Thanks, it's at least ammunition for me to say it cannot easily be done. I found
> this milter
>
> http://www.jmaimon.com/sendmail/callahead-milter/
>
> but I think this will cause every send to be checked which is probably not what
> we need.


Hmm,  call-ahead functions just initiate the first part of the SMTP
dialogue - to the RCPT TO,   unless you cache the results so that the
call-ahead only checks each address once a day or so there is no
benefit.  Without caching it will just slow down sending process as
you will get 1.5 SMTP conversations per outgoing message instead of
just 1.    However,  they still won't catch invalid email addresses
when the server accepts all addresses* and bounces later.

* all addresses = all addresses on domains local to that server.

I have written functions like this in the past for outbound/inbound
(recipient/sender) address checking,  using combinations of SMTP
dialogue, DNS and port checking, bounce-collection, SPF and other
techniques over the years.   There is no guaranteed way of checking
that all email addresses in your list are either VALID or INVALID.
Valid email addresses can get refused/bounce for a variety of reasons,
and invalid addresses sometimes get accepted/don't bounce at all.

You should work on either a best-effort basis,  running some checks
but accepting that its not foolproof  -OR- use no checks at all
knowing that most invalid email addresses will be handled correctly by
the SMTP processes

HTH :)

More information about the Python-list mailing list