Empowering validation with fsockopen() - PHP

In order to find out whether an email domain is really in use, we’re going to take advantage of PHP’s fsockopen() function, which is used to open domain socket connections over the Internet. This serves our purposes handily, since we might try opening a socket connection to the mail server identified with the given domain. If the socket connection is successfully opened, then the supplied domain is currently in use.

The format for fsockopen() is the following:

int fsockopen ( string hostname, int port [, int errno [, string errstr [, float timeout]]]);

The function, when used for Internet domains, will open a TCP socket connection to the provided host name on the supplied port, and return a file pointer corresponding to that host. If the call fails, it will return false, and if the optional errno and errstr arguments are present, they will be set to indicate the actual system level error that occurred while performing the call. The optional timeout parameter can be used to set a timeout in seconds for the connect system call. 

Having taken a look at what this function does, it’s feasible to open a socket connection on port 25 (the default port for SMPT servers) to the given domain for a user’s email address in the following manner:

If(!fsockopen($domain,25,$errno,$errstr,30)) {
 return false;
}

Here we’re trying to open a socket connection to the provided domain on port 25, setting a timeout of 30 seconds for the connection. If the connection is successfully established, the function will return true, which means that the SMTP server is up and running, the email domain is real and, hopefully, there is a valid user for that domain. If the connection fails, the function will return false, either indicating that the domain is not being used, at least for the moment that we attempted to open the socket connection. As you can easily guess, there might be several reasons for a failed result. Even if the user was valid, the mail server might be down, our system might be having its own problems, or other difficulties inherent to any network process might exist.

Anyway, our rough attempt to enhance the validation process is still a valid effort worth considering. Here’s the checkEmail() function with the new enhancements:

function checkEmail($email) {
 // checks proper syntax
 if(preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" , $email)) {
  // gets domain name
  list($username,$domain)=split('@',$email);
  // checks for if MX records in the DNS
  if(!checkdnsrr($domain, 'MX')) {
   return false;
  }
  // attempts a socket connection to mail server
  if(!fsockopen($domain,25,$errno,$errstr,30)) {
   return false;
  }
  return true;
 }
 return false;
}

And the code to call the function is listed as follows:

$email = trim($_POST['email']);  
if(!checkEmail($email)) { 
echo 'Invalid email address!';
}
else {
 echo 'Email address is valid';
}

We have taken a considerable step forward to improve the validation routines within our function.

To explain what we did step-by-step: once the email address is passed to the function, it is first validated to make sure it matches the regular expression. If the validation is successful, then the address is divided to obtain the email domain.

Then, the function checks whether the domain is real, looking for MX records in the DNS. Again, if the records are found, the next step is to open a socket connection for that domain on port 25, to determine whether the given domain is in use. If the connection is successful, we’re pretty sure that the email address corresponds to a real domain, which is currently in use, and the user name is potentially valid.
Any checking process that returns false, will evaluate the function as false too, terminating it, therefore indicating that the supplied email address is not valid.

Finally we’ve successfully reached our objective, with a few lines of PHP code. Not too bad, huh?

Summary

As with many other user data, email addresses are certainly pretty hard to validate. We’re not completely sure that what a visitor is giving us is valid input. However, as reviewed in this article, using several powerful PHP network functions combined is a great way to make the validation process a relatively painless task. Additionally, we’ve taken an instructive approach for some other concepts, such as working with lookup functions and sockets, even though we only scratched their surfaces. Thus, the next time you need to implement email verification in your PHP applications, don’t forget these invaluable tools. They're really worthwhile.