search

egulias / EmailValidator

PHP Email address validator
MIT License
11.42k stars 206 forks source link

Should domains with "void.blackhole.mx." be considered valid ? #384

Open williamdes opened 4 months ago

williamdes commented 4 months ago

https://bornoe.org/blog/2016/05/fighting-spam-with-fake-mx-records/

Example domain: wdes.ru

williamdes commented 4 months ago 
diff --git a/app/Validator/DNSCheckValidation.php b/app/Validator/DNSCheckValidation.php
index a94f30fd8..a3f181a12 100644
--- a/app/Validator/DNSCheckValidation.php
+++ b/app/Validator/DNSCheckValidation.php
@@ -39,6 +39,18 @@ class DNSCheckValidation implements EmailValidation
         'lan',
     ];

+    /**
+     * @see https://bornoe.org/blog/2016/05/fighting-spam-with-fake-mx-records/
+     */
+    public const INVALID_MX_VALUES = [
+        'tar.junkemailfilter.com',
+        'mx.fakemx.net',
+        'in.verboten.net',
+        'void.blackhole.mx',
+        // "Null MX" record indicates the domain accepts no mail (https://tools.ietf.org/html/rfc7505)
+        '.',
+    ];
+
     public const GOOD_DOMAINS = [
         'free.fr',
         'sfr.fr',
@@ -651,7 +663,7 @@ class DNSCheckValidation implements EmailValidation
         }

         // "Null MX" record indicates the domain accepts no mail (https://tools.ietf.org/html/rfc7505)
-        if (empty($dnsRecord['target']) || $dnsRecord['target'] === '.') {
+        if (empty($dnsRecord['target']) || in_array($dnsRecord['target'], self::INVALID_MX_VALUES)) {
             $this->error = new InvalidEmail(new DomainAcceptsNoMail(), "");
             return false;
         }
egulias commented 4 months ago

Hi @williamdes The objective of this library is to check whether the email is semantically valid against the various RFCs. The DNS validations is on the limits of that mission, as it goes to the internet to check for MX records. I'd also argue that for this to be useful a comprehensive list should be maintained, either retrieving it from some source or keeping it up to date.

Given the above and answering your question, the domain is syntactically valid. A different matter is if you want to filter out some domains based on other rules.

In case you want to add these rules to the validation process of the validator, you always can by implementing the interface. Cheers!

williamdes commented 4 months ago

Hi @egulias Thank you for this reply.

Would you then accept to integrate into this repo validators for:

There is currently no repo or google search else than the blog post linked above that lists such services. GitHub code search did find nothing.

/cc @smeinecke