The only way to correctly validate an email address is to send a message to it, and verify that it arrived.
If you’re accepting email addresses as user input (e.g. from a web form), it might be nice to check that what’s to the right of the rightmost @ sign is a domain name with an MX or A record. That way, if a user enters a typo’d address, you have some chance of telling them that instead of handing an email to user#example.net or user@gmailc.om to your MTA.
But the validity of the local-part (left of the rightmost @) is up to the receiving server.
Checking MX in your application means you needlessly fail on transient outages, like when a DNS server is rebooting or a net link hiccups. When it happens, this is likely to confuse or frustrate the user, will definitely waste their time, and may drive them away and/or generate support calls.
Also, MX records are not always needed for mail to be delivered.
Better to just hand the verification message off to your mail server, which knows how to handle these things. You can flag the address if your outgoing mail server refuses to accept it.
If DNS is transiently down, the most common mail domains are still in local resolver cache. And if you’re parsing live user requests, that means the IP network itself is not in transient failure at the moment. So it takes a pretty narrow kind of failure to trigger a problem… And the outcome is the app tells the user to recheck their email address, they do, and they retry and it works.
If DNS is having a worse problem, it’s probably down for your mail server too, which means an email would at least sit in the outbound mail spool for a bit until DNS comes back. Meanwhile the user is wondering where their confirmation email is, because people expect email delivery in seconds these days.
So yeah … yay, tradeoffs!
(Confirmation emails are still important for closed-loop opt-in, to make sure the user isn’t signing someone else up for your marketing department’s spam, though.)
If you’re accepting email addresses as user input (e.g. from a web form), it might be nice to check that what’s to the right of the rightmost
@sign is a domain name with an MX or A record. That way, if a user enters a typo’d address, you have some chance of telling them that instead of handing an email touser#example.netoruser@gmailc.omto your MTA.But the validity of the local-part (left of the rightmost
@) is up to the receiving server.Checking MX in your application means you needlessly fail on transient outages, like when a DNS server is rebooting or a net link hiccups. When it happens, this is likely to confuse or frustrate the user, will definitely waste their time, and may drive them away and/or generate support calls.
Also, MX records are not always needed for mail to be delivered.
Better to just hand the verification message off to your mail server, which knows how to handle these things. You can flag the address if your outgoing mail server refuses to accept it.
If DNS is transiently down, the most common mail domains are still in local resolver cache. And if you’re parsing live user requests, that means the IP network itself is not in transient failure at the moment. So it takes a pretty narrow kind of failure to trigger a problem… And the outcome is the app tells the user to recheck their email address, they do, and they retry and it works.
If DNS is having a worse problem, it’s probably down for your mail server too, which means an email would at least sit in the outbound mail spool for a bit until DNS comes back. Meanwhile the user is wondering where their confirmation email is, because people expect email delivery in seconds these days.
So yeah … yay, tradeoffs!
(Confirmation emails are still important for closed-loop opt-in, to make sure the user isn’t signing someone else up for your marketing department’s spam, though.)