Email Validation using SMTP

Transcript

1. EMAIL VALIDATION USING SMTP ABU ASHRAF MASNUN @MASNUN

2. Gmail iCloud Internet [email protected] [email protected] SMTP SIMPLIFIED

3. TALKING SMTP • (Connect to Server) • Server: Good morning

   to you sir. I am smtp.icloud.com, and you? • Client: Hello I am smtp.gmail.com • Server: Hello smtp.gmail.com, I am so glad to meet you. How can I help you? • Client: I want to send an email from [email protected] • Server: Alright. Tell me more. • Client: I need to send it to [email protected] • Server: Sounds good. Keep going. • Client: Here’s the message body – “Hello there!” • Server: Got it, I am putting it in a queue for delivery • Client: Thanks a lot, disconnecting now, talk later! • Server: By bye! • (Disconnects)

4. KEY COMMANDS • MAIL – pass the email address you

   want to send from • RCPT – the email address you want to send to • DATA – pass the full email, including headers, message body

5. OUR STRATEGY • Pretend to be a email service provider

   • Connect to the target SMTP server • Continue up to the RCPT command and see if it fails • Most SMTP servers would send back a 550 if the user does not exist • Handle the exceptional cases

6. STEP – 1 : LOOKUP THE MX RECORD • Email

   address: [email protected] • Host: me.com

7. STEP – 2,3,4: TALK SMTP

8. STEP - 5 : MAKING SENSE OF THE RESPONSE •

   Check the errors • Check the error code to find specific reasons of failure • We are only interested in 550 for now

9. LESSONS LEARNED SO FAR • Looks simple but not simple

   at all! • Yahoo! always sends positive response to prevent spams • For Yahoo!, you need to follow a separate work around that involves sending an actual email • Cache MX Lookup • Query to different MX servers • Store the results in database, don’t query the same address twice • Rotate IP address / Use proxies or VPNs • Throttle requests

10. FURTHER DISCUSSION • Email me: [email protected] • Twitter: @masnun •

    Discuss after my session