Do you know how to verify that an email (email address) is real or fake? The obvious solution is to send a test email to this address and if your message is not returned as non-deliverable then it is safe to assume that the address is real.
Although the above method is not entirely certain as some sites may have set up a situation in which they accept all emails and do not return to the sender all emails addressed to a non-existent mailbox. But how do we know if there is an email address without sending it an email?
First of all, let's see how emails work. When you send an e-mail to someone, the message goes to an SMTP server, which then searches for the MX (Mail Exchange) files in the e-mail recipient domain. For example, when you send an email to [email protected], the mail server will try to find the MX records for the gmail.com domain. If there are registrations, the next step would be to determine whether or not this email username exists (hello in our example).
Using a similar logic, we can verify an email address from our computer without actually sending an email. See how:
Suppose we want to verify if the address exists [email protected]
Step 2. At the command prompt, type nslookup:
nslookup –type=mx gmail.com
The nslookup command will explore the name servers for this domain. Once we have defined the formula as MX, our command will export and list the MX records of the email domain (gmail for our example). Replace gmail.com with the domain of the email address you are trying to verify.
gmail.com MX preference=20, exchanger = alt2.gmail-smtp-in.l.google.com
gmail.com MX preference=30, exchanger = alt3.gmail-smtp-in.l.google.com
gmail.com MX preference=5, exchanger = gmail-smtp-in.l.google.com
gmail.com MX preference=10, exchanger = alt1.gmail-smtp-in.l.google.com
gmail.com MX preference=40, exchanger = alt4.gmail-smtp-in.l.google.com
Step 3. As you may have noticed in the nslookup results, it is not uncommon to have multiple MX records for one domain. Choose one of the servers listed in the MX records, preferably the one with the lowest number of privileged levels (in our example, gmail-smtp-in.l.google.com) and "pretend" to send an e-mail from your computer on it.
To do this, go to the telnet window and type the following commands in the following sequence:
3a: Connecting to the mail server:
telnet gmail-smtp-in.l.google.com 25
3b: Welcome to the other server
3c: Identify yourself with a fictitious email address
mail from:[email protected]
3d: Enter the email address of the recipient you are trying to verify:
rcpt to:[email protected]
The server response to the 'rcpt to' command will give you an idea of whether an email address is valid or not. If you receive an "OK" then the address exists, otherwise you will receive a 550 error such as:
[email protected] - The email account you tried to access does not exist (The email account you tried to reach does not exist).
[email protected] - The email account you tried to access is disabled (The email account you tried to reach is disabled).
That's it! If the address is valid, you can run it reverse email search to find the person behind the address.