How do you know an email id is genuine?

Moderators: visolve, ragavendraganesh, Karthikeyan, sena

How do you know an email id is genuine?

Postby sena » Wed Apr 13, 2016 3:54 pm

Is there a simple way you can validate an email id? I am not looking for syntax check but and email id is genuine or not...

For example, you send a request to port 25 to a mail server with the name (at least on unix) it will tell whether that is
a valid mail id.

Is there a latest and greatest tools that are available to do this?
sena
 
Posts: 1
Joined: Sat Jul 20, 2013 12:15 pm

Re: How do you know an email id is genuine?

Postby khaleela » Wed Apr 13, 2016 4:11 pm

Sir,

What we actually do programatically is, we will just check for the correct syntax.
But to check, whether that email ID really exist or not - we can send a verification link to that mail ID and ask the user to click on the same to verify.

Even inbuild Email validators that comes along with the program languages, checks for the exact email syntax as far as I know.
There maybe tools to do this, we need to explore on it.
khaleela
 
Posts: 1
Joined: Tue Aug 13, 2013 2:35 pm

Re: How do you know an email id is genuine?

Postby Ruban » Tue Apr 19, 2016 3:06 pm

Some of the online Tools to check Mail ID validity.



Above Websites/Tools checks the genuine Email ID by the following common methods.

• SPF
• DKIM
• DMARC

SPF
(Sender Policy Framework) SPF allows to specify which domain are allowed to send email from a given domain by creating DNS SPF record in the public DNS. The Mail exchanger then checks with the public DNS for the SPF record. IF this is in allowed list, then the mail is authentic else it is regarded as Spam.
Eg SPF record: v=spf1 include:spf.visolve.com ?all

Image


DKIM
DKIM (Domain Keys Identified Mail) is a method to verify that the messages/Mail trustworthy, meaning that they weren't changed from the moment the message left the initial mail server. This additional layer of security is achieved by implementation of public/private key signing process. Since DKIM uses a keys, public key and a private key - the signing Mail Transfer Agent (MTA) generates a public key, which is published in DNS, and a private key, used to sign all the sent email messages.
The verifying MTA on the Receiver end retrieves the public key and compares it to the digital signature of the received email. If the key pair is a match, then the email is legitimate and is accepted by the ISP. Otherwise rejected.
Eg DKIM key : v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB\;

Image


DMARC
(Domain-based Message Authentication, Reporting and Conformance)
DMARC enables the message sender to indicate that their messages are protected with SPF and/or DKIM. A DMARC policy applies clear instructions for the message receiver to follow if an email does not pass SPF or DKIM authentication—for instance, reject or junk it. If it fails or succeeds it will notify the sender that his message is accepted or rejected with info. Since DMARC leverages both SPF and DKIM it is highly secure way for mail authentication check.

Image

Courtesy:
http://www.mcafee.com/
http://www.zimbra.com/
Ruban
 
Posts: 2
Joined: Tue Jan 27, 2015 4:51 pm


Return to Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron