Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Verifying E-Mail Addresses

from [Jimmie Jones] Network Security [Permanent Link]
Subject: RE: Verifying E-Mail Addresses
Date: Wed, 25 Oct 2006 10:55:03 -0700 
That would be unreliable as a lot of companies/ISPs have relays in front of
their mail servers to protect against DHA or Directory Harvest Attacks
(among other things) to keep people from finding out what users actually
exist.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Krpata, Tyler
Sent: Tuesday, October 24, 2006 3:04 PM
To: Mister Dookie; security-basics@securityfocus.com
Subject: RE: Verifying E-Mail Addresses

The SMTP VRFY command is supposed to do this, but most mail servers
disable it due to privacy concerns. There's no other reliable way to do
it. In theory you might be able to write something custom that goes to
the mail server and does a "mail from/rcpt to" and checks the response,
but that may be unreliable and could potentially be frowned upon by the
ISP.

-----Original Message-----
From: Mister Dookie [mailto:misterdookie@gmail.com] 
Sent: Tuesday, October 24, 2006 5:03 PM
To: security-basics@securityfocus.com
Subject: Verifying E-Mail Addresses

Hello list,

Is there a way to verify that an e-mail address
(e.g."johnsmith@company.com") is valid and exists or does not exist
(is a fake e-mail address) without actually sending a message to that
address and awaiting the response?

Here's why this is a security issue. Our company administers a small
"municipal-type" 802.11 network where for limited open-access the only
form of ID we require is an e-mail address and a password. We simple
don't have the resources to send out e-mails and then have
verification and so forth. We are trying to prevent users from
entering fake addresses into our system. We want at least a small
amount of accountability.

We would like to be able to do a quick check, say query an IMAP, POP3,
or SMTP and check to see if there is actually an account at that
address without sending a verification e-mail and waiting for users to
click on a link or get something that bounces back. Does something
like that exist?

I do recognize that somebody can enter a valid e-mail address that
does not belong to them, but we are trying to address one issue at a
time. At this point we are just trying to prevent people who give us
"dude@dude.com" from getting on to our network.

Thanks,
John

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Security policy, Roger A. Grimes
Next by Date:  Re: FW: Hydra or network logon cracker for Windows?, Brian Loe
Previous by Thread:  RE: Verifying E-Mail Addresses, Krpata, Tyler
Next by Thread:  RE: Verifying E-Mail Addresses, Weir, Jason
Indexes:  [Date] [Thread] [Top] [All Lists]