Jump to content

Validating e


Go to solution Solved by M.O.S. Studios,

Recommended Posts

Hey everyone,

 

I am piping email to a php scripts. I am doing this to automate some processes.

I would like to program the script to check the email of the sender, and delete any that are not on an approved list.

Is there a way to validate the email isn't spoofed? I’d like to make sure the email is actually from the domain they claim to be from

 

Thanks in advance!

Link to comment
Share on other sites

No, there's no way to authenticate an email like that. Maybe if the protocol had been designed within the last decade or so they would have considered that, but right now, the identities behind email accounts are entirely unknowable.

The best you can do is what I'm sure you've seen other sites do: send the email with a confirmation code or link and have the user enter/click that so you know they received it.

Link to comment
Share on other sites

8 hours ago, requinix said:

No, there's no way to authenticate an email like that. Maybe if the protocol had been designed within the last decade or so they would have considered that, but right now, the identities behind email accounts are entirely unknowable.

The best you can do is what I'm sure you've seen other sites do: send the email with a confirmation code or link and have the user enter/click that so you know they received it.

Thanks for the reply.

 

That's unfortunate. I am not using it as a client e-mail validator. Here in Canada, we use E-transfer for payments. Essentially, people can send you money all they need to know is your email. It's pretty awesome. When you receive payment; you get an email from Interac (it's like Visa, but only for debit transactions).

I plan to have a dedicated email for E-transfers and pipe all incoming e-mails to a PHP script. When Interact sends a confirmation email; the php program will automatically mark the order as paid. My concern is that someone could easily spoof an email like that. So I was hoping there was a way to validate the email

Link to comment
Share on other sites

...Oh wait, you want to validate the sender? I completely misunderstood what you were asking for.

Good news: validation of an email's sender is more or less a solved problem with SPF and DKIM records. It's up to the sender to opt-into those things, but if they do, emails passing validation can be pretty confidently attributed to that sender.
So check if your emails are being validated like that - which they really ought to be, and I'd be surprised if they weren't. If so then you should be able to retrieve that validation information through PHP.

  • Like 1
Link to comment
Share on other sites

50 minutes ago, requinix said:

...Oh wait, you want to validate the sender? I completely misunderstood what you were asking for.

Good news: validation of an email's sender is more or less a solved problem with SPF and DKIM records. It's up to the sender to opt-into those things, but if they do, emails passing validation can be pretty confidently attributed to that sender.
So check if your emails are being validated like that - which they really ought to be, and I'd be surprised if they weren't. If so then you should be able to retrieve that validation information through PHP.

Yeah, That's so amazing to hear. Do you have any libraries you can recommend? When I look up this topic, the majority of stuff is about validating the content of an outgoing email, as opposed to what I am looking for.

Link to comment
Share on other sites

It'll depend on your email provider. For example, Gmail adds headers to the message detailing its attempt to authenticate the sender. These are from an email from GitHub:

ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@github.com header.s=pf2023 header.b=bHsZs+1u;
       spf=pass (google.com: domain of noreply@github.com designates 192.30.252.210 as permitted sender) smtp.mailfrom=noreply@github.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=github.com
Received-SPF: pass (google.com: domain of noreply@github.com designates 192.30.252.210 as permitted sender) client-ip=192.30.252.210;

Here, you'd retrieve the full message from Gmail and then look for those headers.

Link to comment
Share on other sites

45 minutes ago, requinix said:

It'll depend on your email provider. For example, Gmail adds headers to the message detailing its attempt to authenticate the sender. These are from an email from GitHub:

ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@github.com header.s=pf2023 header.b=bHsZs+1u;
       spf=pass (google.com: domain of noreply@github.com designates 192.30.252.210 as permitted sender) smtp.mailfrom=noreply@github.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=github.com
Received-SPF: pass (google.com: domain of noreply@github.com designates 192.30.252.210 as permitted sender) client-ip=192.30.252.210;

Here, you'd retrieve the full message from Gmail and then look for those headers.

Sorry, I meant can you recommend a good php library that can verify its not a spoof once I get the headers.

Link to comment
Share on other sites

10 minutes ago, requinix said:

A library for a one-line regular expression?

One step at a time. Get the headers first, then see exactly what you have to work with.

Is it really just regex? That’s way easier than I thought it was going to be.

 

I assumed I needed to grab some kind of address, then verify it using a service.

 

thanks! I will look more into this andmuodate the post 

 

 

Link to comment
Share on other sites

Ok! So I have been doing the following research:

  1. I watched this video to understand how these protocols work
  2. I took a look at the headers you posted
  3. I sent my php script some real, and spoofed emails

I now have a better understanding of what you were explaining to me.

My email server does all the checking for me and puts the results into the header of the email.

 

All I need to do is create a php script that checks the headers to see if it passed. Thus the regex code.

 

Is that correct?

Link to comment
Share on other sites

es, you can implement several methods to help verify that an email isn't spoofed and that it's from the claimed domain. Here are a few techniques you can use:

SPF (Sender Policy Framework): SPF allows the domain owner to specify which mail servers are allowed to send email on behalf of their domain. You can check if the sender's IP address is listed in the SPF record of the claimed domain.

DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to the email headers, which can be verified against a public key published in the DNS records of the claimed domain.

 

Best Regard

Danish hafeez | QA Assistant

ICTInnovations

Link to comment
Share on other sites

9 hours ago, M.O.S. Studios said:

All I need to do is create a php script that checks the headers to see if it passed. Thus the regex code.

Is that correct?

Probably, yes. Like I said, get yourself the email and headers in your PHP code and see what you have to work with. If the headers include the results of your provider validating the email, like apparently it does, then that's all you need to do and there's no need for what ChatGPT said about verifying it yourself.

Link to comment
Share on other sites

19 hours ago, M.O.S. Studios said:

Ok! So I have been doing the following research:

  1. I watched this video to understand how these protocols work
  2. I took a look at the headers you posted
  3. I sent my php script some real, and spoofed emails

I now have a better understanding of what you were explaining to me.

My email server does all the checking for me and puts the results into the header of the email.

All I need to do is create a php script that checks the headers to see if it passed. Thus the regex code.

Is that correct?

 

Yes, however, people can actually use a DMarc configuration to just flat out reject or quarantine emails that fail SPF or DKIM validation.  

The other thing to do is to make sure all the domains lineup, so that the user@domain of the email matches the domain check for SPF and DKIM.

  • Like 1
Link to comment
Share on other sites

  • Solution
function spamTest($header){

$output_array = preg_grep('/^(X-Spam-Score:)\s([-+]?\d{1,3}\.\d)?/i', explode("\n", $header));

list($xSpamScore, $score) = explode(": ", $output_array[array_key_first($output_array)]);

return ($score < 5);

}

I ran the email header into this and it seems to work.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.