Yahoo Emails Validation
shahzadthathal opened this issue · comments
Yahoo emails validation failed,what's problem there?
I'm guessing you did not use any form of authentication when connecting to the yahoo smtp servers?
In 2013 some form of authentication is probably needed (which you could develop yourself and share the code back [in form of a pull request] so everyone benefits).
It's failed for me as well, what authentication are you referring to?
@Hengjie If you're having the same issue (hard to say without any logs / debug messages), I was referring to http://en.wikipedia.org/wiki/SMTP_Authentication
Okay thanks. So the issue isn't that the script fails upon checking Yahoo mail, the issue is that the script allows invalid emails of yahoo.com domain to pass. Upon emailing a yahoo account, I receive a This user doesn't have a yahoo.com account message. You may try this yourself but trying to validate a yahoo account with some random and super long email address and the script will return that email address with true indicating that it's valid.
Does that help you debug the issue?
That's exactly what I'm talking about...
If you were Yahoo, wouldn't you try to block anonymous attempts at data harvesting? SMTP Auth is just one of the available methods to enable that.
It's email. It's 2013. You're most likely a spammer or someone with suspicious intentions (from the MTA's PoV at least) -- that's just how it is.
If you want to circumvent Yahoo's data protection measures, you're going to have to dig deep.
It could involve:
- connecting on a port other than 25 (which might need some additional code to properly support TLS and such)
- authenticating with a real yahoo account prior to issuing
RCPT TOetc. - connecting from a verified/trusted source (or at least an IP with no recent suspicious activities on record)
- all of the above and/or some other tricks
The thing I'd try first (and the thing I've done, result of which you appear to be using) is to record all the SMTP command exchange that happens during a "successful" session (in this case, your expected response that there is no such address) and then try replicating that in whichever language you're most comfortable with.
When done, share your findings.
Since I've already done that (and shared my findings through free (and working!) code), now I'm thinking it's time that the (ab)users of my findings also contribute back...
P.S.
I'm not picking on anyone in particular -- I just needed to post this so I have a link to send to everyone that inquires about these and similar issues via email etc. (until I get an FAQ up or something)
Probably need to write in an exception for something like Yahoo. Not sure it belongs in this class. But you could filter yahoo addresses out before passing them into this class and feed them into Yahoos own availability checker.
This just responds with a JSON packet with SUCCESS (if its available, i.e not in use/dead address) or PERMANENT FAIL (If it is valid, i.e in use)
Nice find! The endpoint blocks IPs after excessive usage/querying from a single IP, but that's completely expected.
I agree it doesn't belong in this class, but thanks a lot for pointing out an alternative solution for validating Yahoo emails (for those that encounter problems validating them).
I think there should probably be a warning, emboldened somewhere, that says 'Do this quickly at your peril'.
Cleaning a list in any way, unless you have thousands of disposable IPs, will take weeks, it needs to be started at like 1 an hour, then ramped up slowly from there. I'd be interested to know how many requests you made before they blocked you though. ;)
More complex but another way to check Yahoo accounts:
https://edit.yahoo.com/forgot
Cool on the JSON above! What would you suggest on other domains that just report everything successful. Any ideas from anyone?
@zytzagoo WHM has SMTP Restrictions ON to bypassing the mail server to send mail, a common practice used by spammers.
It seems there is no option to use something like smtp-relay.gmail.com on smtp-validate-email class.
Can this be added.
As of 2023, the validator returns a positive result on any non-existent yahoo.com e-mail address. The same problem applies to any Mail.ru servers (mail.ru, inbox.ru, list.ru, etc.). Do you have any ideas on how this can be fixed? Maybe there's a new standard for validating those mailboxes. What actually happends is that e-mails get sent to those addresses with no errors, but then a reply from the server follows that the e-mail could not be delivered.