When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
ASPFAQs.com
Message Board
Related Web Technologies
User Tips!
Coding Tips

Sections:
Sample Chapters
Commonly Asked Message Board Questions
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Security
Stump the SQL Guru!
XML Info
Information:
Feedback
Author an Article
ASP ASP.NET ASP FAQs Message Board Feedback
Print this page.
Published: Saturday, September 30, 2000

The Forgotten Art of Email Address Validation

By Joshua Finer


As webmasters and database administrators struggle to keep email address databases clean, web site form validation becomes key. At this point, the state of email address validation is poor. Feel free to prove it to yourself: go to your favorite site that requires registration, and enter dlkjfdklj@djflkjdlkj.com as your email address. More often than not, it will let you through no problem. Keep in mind that not only is it letting you through, but it is also storing that email address in an internal database. These email databases get littered with bad addresses, which companies usually handle in one of two ways:

- continued -

  • Ignore the problem and send membership emails anyway. This results in many bounced emails that waste bandwidth both to (when sent) and from (when returned) the Internet.
  • Hire temps to painstakingly pick out individual bad email addresses. This is a costly and time-consuming endeavor. Additionally, this is a reactive, not proactive, solution.

What you should be thinking at this point is "Why not stop the bad email address before it gets into your database?" As you might guess, there are different approaches to validating email addresses on web site forms. Generally, there is an inverse relationship between ease of implementation and quality of validation. However, with the recent popularity of developer components, these types of solutions can typically be "snapped in" with little learning curve.

The following is an overview of the various levels of email address validation.

    1. Base Level Validation - This is the type of email validation that most current web sites use. Code will generally be in-line and simply look for a @ and a . in the email address. This is extremely inadequate and needs to be upgraded. The reason that most sites use this method is that it is easy to code. An example in VBScript would be:

    StrAddress = Request.Form("emailaddress")
    If InStr(1,StrAddress,"@",vbTextCompare) = 0 OR _
       InStr(1,StrAddress,".",vbTextcompare) = 0 Then
    
    	Response.Redirect("badAddress.html")
    Else
    	'continue form processing...
    End If
    

    There is a more indepth email validation routine availabe in the following article: Email Address Validation!

    2. Base Domain Level Validation This email validation is a step up from Base Level Validation, but still extremely inadequate. This level of validation only requires that the domain name of the email address be a valid registered domain. Many domain names are registered but cannot receive email. Additionally, the majority of registered domain names are not currently active mail servers. This is usually implemented as code or a component that does domain name registration lookups or possibly even standard DNS lookups. For purposes of example, let's say you choose to use a DNS lookup component. Keep in mind that most DNS objects are expecing a domain name and not an email address. The following code is a generic example of how you might implement a DNS component for email validation:

    Set DNSobject = Server.CreateObject("CompanyABC.DNS")
    
    Emailaddress = Request.Form("emailaddress")
    
    TheDomainName = Mid(emailaddress, _
         InStr(1,emailaddress,"@",vbTextCompare)+1,Len(emailaddress))
    
    DNSobject.domain = thedomainname
    DNSobject.server = "XXX.XXX.XXX.XXX"
    goodorbad = DNSojbect.dolookup
    
    'Keep in mind some DNS object may return something other than ""
    If goodorbad = "" Then
    	Response.Redirect("badAddress.html")
    Else
    	'continue form processing...
    End If
    

    3. MX Domain Level Validation This email validation is currently the highest practical level. It is not 100% foolproof, but is a marked improvement over any lower form of validation. This level guarantees that the domain name of the email address is not only registered, but also that it is a live Internet host that can actually receive email. This is generally considered as the base practical level of email validation. This level of validation can be easily implemented via a developer component. Similar to #2, you must first install the component package on the server. After referencing the DLL, you might use code such as:

    set MXValidate = Server.CreateObject("CompanyABC.Emailvalidate")
    
    emailaddress = Request.Form("emailaddress")
    MXValidate.serveraddresses = "XXX.XXX.XXX.XXX","XXX.XXX.XXX.XXX"
    MXValidate.ValidateIt(emailaddress,resultcode)
    
    If resultcode = False Then
    	Response.Redirect("badAddress.html")
    Else
    	'continue form processing...
    End If
    

    4. Absolute Validation This is a theoretical level of email address validation. In this level, email addresses could be validated with 100% accuracy. Currently, this is nearly impossible to achieve. Internet servers run various operating systems, which handle email in various ways. Additionally, due to security considerations, many operating systems are configured in such a way that specific email account validation is impossible. Although this is theoretically the best, it is functionally impossible to implement. The closest way to implement this method is to send the user an email requiring that he reply in order to become registered for the web site.

The bottom line is that any web site that has little or no email address validation is just a victim of lazy developers. These days data is heaping around us at an alarming rate. We must strive to keep it clean and scrubbed if we expect it to be a productive and useful asset. Please visit Component Source to see a selection of email address validation components!

  • By Joshua Finer

    Validation Articles
    For more information on email address and form validation, check out these great articles!

  • The Forgotten Art of Email Address Validation
  • ASP/JScript Email Validation
  • A Server-Side Email Validation Routine
  • Another Email Validation Routine
  • Form Validation Using JavaScript
  • Using the Dictionary Object Data Collection and Validation

  • Joshua is currently a 2nd year MBA student at The Pennsylvania State University, concentrating in Entrepreneurship. Additionally, Joshua is the President of Finer Technologies, a software publisher. Finer Technologies recently released EmailScreen, an email validation developer component that can be found at http://www.email-screen.com. Joshua welcomes anyone to write him: Joshua@finertechnologies.com!


  • ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article