0

We have a database of over 200.000 e-mail addresses and associated contacts. I had an idea that if I could find out which e-mail addresses don't exist anymore I could inactivate those contacts, thus keeping a more up to date database. My main goal is not to validate if an e-mail exists. My main goal is to find as many non-exsitent e-mail addresses as possible.

I have based a lot of my research on these answers: How to check if an email address exists without sending an email?

I have tried the python validate_email library, but it was very unreliable. It's also unsafe because you could get banned if you try to validate multiple contacts at the same company any time. It returned False to my active company e-mail, and None to my active gmail as well... so definitely unreliable.

I have tried both DNS with py3dns and MX records. Also the VRFY command. Unfortunately none of these seemed to be reliable since any e-mail server could send a fake response.

Greylisting is also a problem:

There is also an antispam technique called greylisting, which will cause the server to reject the address initially, expecting a real SMTP server would attempt a re-delivery some time later. This will mess up attempts to validate the address.

The idea also occured to my that I could send a dummy e-mail, or two because of greylisting with a bit of delay in between them. I am afraid that this could get me blacklisted after a while, especially if multiple of these contacts work at the same company. Another idea is to do this from randomly generated e-mail addresses and hosts but that is probably not possible. Is there any way I could determine if an e-mail does not exist, preferably in a way that the chance of getting banned is minimal?

CaptainCsaba
  • 266
  • 2
  • 12
  • Sending a single email is the standard practice, but there is no guarantee that you will get a bounce if it is invalid. Some mail servers simply ignore you if you don't have an existing relationship with them, and so won't even send a bounce message back to you. Sending more than one will not help against greylisting; if anything, it will persuade them to greylist you for longer. – tripleee May 23 '21 at 11:26
  • Could you send an email with an attachment hosted on a server and see the download activity of the attachment? – schullzroll May 23 '21 at 11:29
  • @tripleee So the best way to do this is to send one e-mail and hope that there is a bounce? When does a mail server removes the greylisting from an e-mail? Are there no ways around it? – CaptainCsaba May 23 '21 at 11:53
  • @schullzroll I don't think that is the best idea, given how paranoid companies are today of phishing e-mails. Not to mention, what would motivate a recipient to actually spend time on downloading something not relevant to their work? – CaptainCsaba May 23 '21 at 11:55
  • There is no "one size fits all" for greylisting. but a typical arrargement is to hold the first message for some hours and then let traffic through. It's obviously up to the local admin to configure it in a way which is suitable for their site. Some are happy to set up quite aggressive policies because they don't get a lot of "cold call" email, or their spam problem is so significant that the benefits still seem to outweigh the nuisances. – tripleee May 23 '21 at 15:00
  • Your use case seems confused, anyway. If you have a list and you want to reach them with an actual message, just send that message. You will need to handle bounces each time you do that anyway. If the list was not collected with the explicit consent of the people whose addresses you collected, you end up looking like a spammer if you try to use it for _anything._ Maybe you could argue that a one-off mailing to invite these people to subscribe to a proper opt-in list could be acceptable; I probably wouldn't. Throwing away the list and starting over with a better understanding might be safest. – tripleee May 23 '21 at 15:06
  • @tripleee Yes, my thoughts exactly. There is probably no way to verify if these e-mails exist without sending a mail which could seem dubious as I am not sure if all fo them were collected with explicit consent. Oh well... – CaptainCsaba May 23 '21 at 18:13
  • @CaptainCsaba if you send the email as html and include a 1x1 pixel image that is hosted on your server, you can expect the user to not notice and many users allow referenced images in the html part of received email body. – schullzroll May 24 '21 at 12:20
  • @schullzroll I apologise for not understanding, how is that helping me in determining if an e-mail does not exists if I include a 1x1 pixel image in an html email that is hosted on my server? – CaptainCsaba May 24 '21 at 16:54
  • @CaptainCsaba it could help you find active emails that are worth interacting with, since as soon as they view the email your webserver will log the activity. But it's commonly paired with "we are still here, do you know about us?" type email body. Other than that, this request seems a bit sketchy, since explicit email consent shall be given and the email verification already validates existing email addresses. – schullzroll May 25 '21 at 07:58

0 Answers0