As webmasters and database administrators struggle to keep email address databases clean, web site form validation becomes key. At this point, the state of email address validation is poor. Feel free to prove it to yourself: go to your favorite site that requires registration, and enter “dlkjfdklj@djflkjdlkj.com” as your email address. More often than not, it will let you through no problem. Keep in mind that not only is it letting you through, but it is also storing that email address in an internal database. These email databases get littered with bad addresses, which companies usually handle in one of two ways:

• Ignore the problem and send membership emails anyway. This results in many bounced emails that waste bandwidth both to (when sent) and from (when returned) the Internet.
• Hire temps to painstakingly pick out individual bad email addresses. This is a costly and time-consuming endeavor. Additionally, this is a reactive, not proactive, solution.

What you should be thinking at this point is “Why not stop the bad email address before it gets into your database?” As you might guess, there are different approaches to validating email addresses on web site forms. Generally, there is an inverse relationship between ease of implementation and quality of validation. However, with the recent popularity of developer components, these types of solutions can typically be “snapped in” with little learning curve.

The following is an overview of the various levels of email address validation.

This is the type of email validation that most current web sites use. Code will generally be in-line and simply look for a “@” and a “.” in the email address. This is extremely inadequate and needs to be upgraded. The reason that most sites use this method is that it is easy to code. An example in VBScript would be:

	StrAddress = Request.Form(“emailaddress”)
	If InStr(1,StrAddress,”@”,vbTextCompare) = 0 OR InStr(1,StrAddress,”.”,vbTextcompare) = 0 Then
		Response.Redirect("badaddress.html")
	Else
		<continue form processing>
	End If

This email validation is a step up from Base Level Validation, but still extremely inadequate. This level of validation only requires that the domain name of the email address be a valid registered domain. Many domain names are registered but cannot receive email. Additionally, the majority of registered domain names are not currently active mail servers. This is usually implemented as code or a component that does domain name registration lookups or possibly even standard DNS lookups. For purposes of example, let's say you choose to use a DNS lookup component. After installing on the server, you need to first make sure the DLL is referenced in View-->References or Project-->References. Keep in mind that most DNS objects are expecting a domain name and not an email address. The following code is a generic example of how you might implement a DNS component for email validation:

	set DNSobject = Server.CreateObject("CompanyABC.DNS")
	emailaddress = Request.Form("emailaddress")
	thedomainname =Mid(emailaddress,InStr(1,emailaddress,"@",vbTextCompare)+1,Len(emailaddress))
	DNSobject.domain = thedomainname
	DNSobject.server = "XXX.XXX.XXX.XXX"
	goodorbad = DNSojbect.dolookup

	If goodorbad = "" Then	'Keep in mind some DNS object may return something other than ""
		Response.Redirect("badaddress.html")
	Else
		<continue form processing>
	End If

This email validation is currently the highest practical level. It is not 100% foolproof, but is a marked improvement over any lower form of validation. This level guarantees that the domain name of the email address is not only registered, but also that it is a live Internet host that can actually receive email. This is generally considered as the base practical level of email validation. This level of validation can be easily implemented via a developer component. Similar to #2, you must first install the component package on the server. After referencing the DLL, you might use code such as:

	set MXValidate = Server.CreateObject("CompanyABC.Emailvalidate")
	emailaddress = Request.Form("emailaddress")
	MXValidate.serveraddresses = "XXX.XXX.XXX.XXX","XXX.XXX.XXX.XXX" '(backup DNS)
	MXValidate.ValidateIt(emailaddress,resultcode)
	If resultcode = False Then
		Response.Redirect("badaddress.html")
	Else
		<continue form processing>
	End If

This is a theoretical level of email address validation. In this level, email addresses could be validated with 100% accuracy. Currently, this is nearly impossible to achieve. Internet servers run various operating systems, which handle email in various ways. Additionally, due to security considerations, many operating systems are configured in such a way that specific email account validation is impossible. Although this is theoretically the best, it is functionally impossible to implement. The closest way to implement this method is to send the user an email requiring that he reply in order to become registered for the web site.

The bottom line is that any web site that has little or no email address validation is just a victim of lazy developers. These days data is heaping around us at an alarming rate. We must strive to keep it clean and scrubbed if we expect it to be a productive and useful asset. Please visit Component Source, http://www.componentsource.com to see a selection of email address validation components.

Written by Joshua F. Finer September 24, 2000

Joshua is currently a 2nd year MBA student at The Pennsylvania State University, concentrating in Entrepreneurship. Additionally, Joshua is the President of Finer Technologies, a software publisher. Finer Technologies recently released EmailScreen, an email validation developer component that can be found at http://www.email-screen.com. Joshua welcomes anyone to write him: Joshua@finertechnologies.com