If you don t want to force people to confirm their email because if something goes wrong, they can t access their login straight away, why not do something like this:

• If they haven t confirmed their E-Mail, don t send PMs, but show them when they are logged in instead. Remind them to confirm their E-Mail.

• If they have confirmed their E-mail, send them out.

But anyway, your scenario sounds like a server misconfiguration. Why would a mail server keep re-sending mails that it got a "not deliverable" message for? As far as I know, re-sending mails only occurs when the receiving host was not reachable for technical reasons.

You really should just require confirmation.

Short of that, you can deactivate users whose emails have bounced a certain number of times, and require a new email at next login.

It will be hard without verifying, but you can at least verify the domain it s coming from:

Option 1: Use getmxrr to search for MX records on their hostname

Option 2: Use checkndsrr to check their DNS info

But all these really do is check the validity of the domain, and whether it s running a mailserver. To get real authenication a confirmation is the best way. You could also implement a tool to send out a test email, and see if it bounces back. But this method may not always work as expected, because of variations, some servers it s instant, others it can be a day later to return an undeliverable email.

I hope this helps.

consider having a checkbox so that people can opt-out of email notifications. if they do not enter a valid email address, it is surely because they do not want to receive emails in the first place, so let them tell you.

additionally, you may consider having an opt-in system, where people will not receive email notifications in the first place and have to enable it somewhere in their account settings, providing an email address at this moment. this way, the number of fake email addresses will be reduced to near zero.