aschafer324
asked on
issues using nslookup to authenticate an e-mail address
I have a number of mail forms on my site, with the user's e-mail address a required field. For years I've used nslookup to authenticate the user's e-mail before I sent the comment off to my company. I did this by running the following script (more or less):
"nslookup"
"set type=mx"
"domain.com"
And then searching the return string for the string "mail exchanger." This has proved a reliable technique, until I found a valid domain that does not return "mail exchanger." It does, however, return "responsible mail addr."
Does the presence of "responsible mail addr" in the nslookup return string guarantee valid e-mail?
If not, what does?
"nslookup"
"set type=mx"
"domain.com"
And then searching the return string for the string "mail exchanger." This has proved a reliable technique, until I found a valid domain that does not return "mail exchanger." It does, however, return "responsible mail addr."
Does the presence of "responsible mail addr" in the nslookup return string guarantee valid e-mail?
If not, what does?
Could you give an example of a domain name that's returning 'responsible mail addr'?
ASKER
I'd rather not, but this is exactly what the nslookup returns (I replaced the real serial with "########" and the real domain with "domain.com"):
primary name server = ns1.adgrafix.com
responsible mail addr = webmaster.domain.com
serial = ##########
refresh = 10800 <3 hours>
retry = 3600 <1 hour>
expire = 604800 <7 days>
default TTL = 86400 <1 day>
primary name server = ns1.adgrafix.com
responsible mail addr = webmaster.domain.com
serial = ##########
refresh = 10800 <3 hours>
retry = 3600 <1 hour>
expire = 604800 <7 days>
default TTL = 86400 <1 day>
Ah, in that case you're looking at the 'SOA' record
So, responsible mail addr has got nothing to do with mail delivery. It means that 'webmaster@domain.com' is the person who you should send email to if you want to contact someone about this domain.
The 'responsible mail addr' is the 'RNAME' field of the SOA response (see RFC1035 section 3.3.13) and is basically an email address in a 'domain name format'
"RNAME A <domain-name> which specifies the mailbox of the person responsible for this zone."
ALL domains should have an SOA record, so they should ALL have a 'responsible mail addr' record in your NSLOOKUP results.
Hope this helps
So, responsible mail addr has got nothing to do with mail delivery. It means that 'webmaster@domain.com' is the person who you should send email to if you want to contact someone about this domain.
The 'responsible mail addr' is the 'RNAME' field of the SOA response (see RFC1035 section 3.3.13) and is basically an email address in a 'domain name format'
"RNAME A <domain-name> which specifies the mailbox of the person responsible for this zone."
ALL domains should have an SOA record, so they should ALL have a 'responsible mail addr' record in your NSLOOKUP results.
Hope this helps
Oh, if you don't normally see an SOA record like this, then it's because you're asking for a specific type of record (eg 'set type=mx'). In this case the target DNS server is deciding to give you back an SOA record as well.
Try looking at other domains but have 'set type=all' first and you'll see what I mean about all domains having an SOA.
(Note that hosts don't have SOAs, just domains - so 'microsoft.com' has one, but 'www.microsoft.com' doesn't)
Try looking at other domains but have 'set type=all' first and you'll see what I mean about all domains having an SOA.
(Note that hosts don't have SOAs, just domains - so 'microsoft.com' has one, but 'www.microsoft.com' doesn't)
ASKER
So is there any fail safe way to authenticate an e-mail domain that doesn't return "mail exchanger" in its nslookup return string?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.