DEV Community

Sofia Tarhonska
Sofia Tarhonska

Posted on • Originally published at mailtrap.io

How to Verify Email Address Without Sending an Email

What do email marketers actually mean when they refer to email validation, email address check, or email verification? The answer to this question is as bewildering as it could possibly be: one marketer’s validation is the another one’s verification. To make things worse, recently verification providers have started changing their naming from verification to validation.

That’s not all bad news. Developers and QAs also mean different things under validation and verification methods.

First, let’s clarify this terminology confusion and then see how you could do both: validate and verify emails without actually sending an email.

Email validation VS email verification: what you need to know

While email validation may be part of the email verification process, they are not the same. Be careful not to mix them up and not to use them interchangeably.

Email validation is a procedure that helps identify if an email address is free of typos. Basically, email validation aims to detect and prevent typos in email syntax and invalid email addresses being entered into any forms. Email validation is mostly (but not always) done at the frontend.

Email validation is used:

  • To prevent users from making typos at the time of input
  • To limit the registration procedure to a certain group of users (i.g. you can’t sign up into Cambridge University library with your personal email domain, you need your “edu” domain account for this purpose);
  • To decrease the number of requests sent to the server and lower the server load (this is particularly important for big businesses).

Email verification is a process that helps verify if there is an actual user on the receiving end of the email address. Email validation could be part of email verification (and it usually is), however email verification is a more complex procedure involving both frontend and backend. To verify an email address properly, you will need to send an activation link/code to that email. Then the end user should activate it from their inbox: and we are talking about email confirmation here.

Email verification is used:

  • To prevent hard bounces;
  • To protect your sender’s reputation;
  • To keep your email sending list up-to-date;
  • To prevent your domain from being blacklisted;
  • To increase security and prevent users from malicious data input;
  • To cut costs on email marketing (not to waste money on useless inactive or falsified email addresses and lists)

It would be beneficial for everyone (marketers, projects, and developers) to agree on this: refer to email validation only in the context of email syntax while email verification should mean the entire complex of verification procedures from email validation to email address confirmation through SMTP verification, domain verification, or DOI (double opt-in) check.

This being said, let’s see how you can run email validation or email verification without sending an email.

Why do you need to verify email addresses?

The thing is that many hard bounces impair your sender’s reputation. The poor reputation, in turn, drops your deliverability. If you regularly send emails to invalid addresses, your email campaigns will end up in the spam folder. In the blog post How to Improve Email Deliverability, we shared the best practices for maintaining proper sender reputation.

Email campaign performance depends on the accuracy of your email list.

When do you need to verify email addresses?

Email verification is not a recurrent activity. It is recommended to review your mail list if:

  • new recipients have been added
  • it’s been a while since the last verification (more than one month)
  • your bounce rate approached or exceeded 2%
  • you have low open rates

Checklist to achieve proper email verification

This is what a proper email verification consists of:

  • Syntax validation
  • Check for disposable emails
  • Check for obvious typos
  • Look up DNS
  • Ping email box

Syntax validation

Let’s take a regular email address: example@mailtrap.io. It consists of local (example) and domain (mailtrap.io) parts.

The local part can contain:

  • alphanumeric characters – A to Z (both upper and lower case) and 0 to 9
  • printable characters – !#$%&'*+-/=?^_{|}~`
  • a dot . (the local part cannot start and end with a dot, and you can’t use the dot consecutively like example..first@mailtrap.io).

The domain part can contain alphanumeric characters (both upper and lower case). It can also contain a hyphen if it is not the first or last character. The hyphen cannot be used consecutively.

These validation rules can be implemented in a regular expression or RegEx to verify the email address syntax. However, do not limit the verification to a RegEx rule only. You should also consider IETF standards, ISP-specific syntax checking, quoted words, domain literals, non-ASCII domains, and so on. If you’re building your app using Angular, React, or React Native, check our respective blog posts dedicated to email validation:

Check for disposable email address

A disposable email address is a temporary address that is valid for some time. You should clean your mail of any disposable emails generated by Nada, Mailinator, and similar services. You can make use of a third-party API, such as InboxHit. Those can reliably detect disposable email addresses. Also, you may search for a list of domains used for temporary email addresses and use them in your RegEx.

DNS lookup

A DNS lookup is the process of requesting a DNS record from a DNS server. In our case, we’re interested in the MX record. It is a DNS entry that specifies an email server for accepting emails for the domain name. Here is an example of a DNS lookup for mailtrap.io:

  • Open your console app and run the following command:


nslookup –type=mx mailtrap.io

  • You’ll see a number of MX records for domain “mailtrap.io” and their priority values:


mailtrap.io MX preference = 5, mail exchanger = alt2.aspmx.l.google.com
mailtrap.io MX preference = 1, mail exchanger = aspmx.l.google.com
mailtrap.io MX preference = 10, mail exchanger = aspmx2.googlemail.com
mailtrap.io MX preference = 10, mail exchanger = aspmx3.googlemail.com
mailtrap.io MX preference = 5, mail exchanger = alt1.aspmx.l.google.com

  • Pick the email server with the highest priority. The smaller is the preference value, the higher is the priority. In our case, this is “aspmx.l.google.com” You’ll need this input for the next step of the checklist.

Email box pinging

After the DNS lookup, you can verify the email address via SMTP connection. You need to connect to the chosen SMTP server and check if an email address exists. If the server replies with (250 OK), the email address is valid. If the client gets a negative response ([550-5.1.1 User Unknown](https://mailtrap.io/blog/550-5-1-1-rejected-fix/)), the address does not exist. For the following manipulations, you’ll need a console app and Telnet.


telnet aspmx.l.google.com 25

Here is the response that establishes the SMTP handshake:


220 mx.google.com ESMTP z23si732378lfb.34 - gsmtp

  • Commence the SMTP conversation


EHLO mailtrap.io

Here is the response:


250-mx.google.com at your service, [31.42.66.68]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8

  • Now, you need to specify the sender email address using the MAIL FROM: command:


mail from:<sender@example.io>

Response:


250 2.1.0 OK z23si732378lfb.34 - gsmtp

  • Eventually, you can do the email address verification. Enter the recipient email address using the RCPT TO: command:


rcpt to:<new-recipient@mailtrap.io>

We’ve got 550-5.1.1 code response since the recipient was fake:


550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 https://support.google.com/mail/?p=NoSuchUser z23si732378lfb.34 - gsmtp

On the other hand, if you get 250 OK, this will show that the email address is valid.

  • After that, you can close the conversation with the QUIT command.

Here is how the entire SMTP session to verify the invalid recipient looks:


C: ehlo mailtrap.io
S: 250-mx.google.com at your service, [31.42.66.68]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
C: mail from:<sender@example.com>
S: 250 2.1.0 OK q25si5330153lfb.56 - gsmtp
C: rcpt to:<new-recipient@mailtrap.io>
S: 550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550.1.1 unnecessary spaces. Learn more at
550 5.1.1 https://support.google.com/mail/?p=NoSuchUser q25si5330153lfb.56 - gsmtp
C: quit
S: 221 2.0.0 closing connection q25si5330153lfb.56 - gsmtp

And here is the session for a valid email address:


C: ehlo mailtrap.io
S: 250-mx.google.com at your service, [31.42.66.68]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8 C: mail from:<sender@example.io>
S: 250 2.1.0 OK q14si6283798lji.50 - gsmtp
C: rcpt to:<support@mailtrap.io>
S: 250 2.1.5 OK q14si6283798lji.50 - gsmtp
C: quit
S: 221 2.0.0 closing connection q14si6283798lji.50 - gsmtp

Why the VRFY and EXPN commands are not considered?

The VRFY command is used to verify whether a mailbox in the argument exists on the local host. For example:


C: VRFY recipient
S: 250 The Recipient recipient@example.io

The EXPN command is used to verify whether a mailing list in the argument exists on the local host. For example:


C: EXPN mail-list
S: 250-recipient1@example.io
250-recipient2@example.io
250-recipient3@example.io

Both commands implement SMTP authentication. However, they are considered a security risk – spammers can use them to steal valid email addresses from the server. Therefore, most of the servers disable these commands for security purposes.

How to verify bulk emails with online email verification services

Going through the checklist takes a long time to validate even a single email address. However, you don’t have to do manual validation all the time since there are many ready-to-use solutions available. Online email verification services provide an all-in-one tool to complete each step of the aforementioned checklist. But there are so many email checkers on the market – so, which one is worth using? We asked Google and found dozens of options for 2022. ZeroBounce, Xverify, and Email List Validation to name a few. We’ve analyzed user feedback from the web and selected the top ten based on the following criteria:

  • Domain / MX record check
  • Single email verification
  • Bulk email verification
  • Syntax check
  • Mail server validation
  • Verification API
  • Disposable email address detection
  • GDPR compliance

Here is the list of winners:

  1. ZeroBounce
  2. MyEmailVerifier
  3. MillionVerifier
  4. QuickEmailVerification
  5. Bouncer
  6. Xverify LLC
  7. Clearout
  8. Email Checker
  9. DeBounce

Email verification like a breeze

Check out the regular flow of email address verification with one of the above listed services. We randomly picked a verifier, Email Checker, and tried it in action to verify the following:

Valid email address

Image description

Invalid email address

Image description

Misspelled email address

Image description

Email box pinging or online email validators – which is the best option?

Email address verification using an automated solution is definitely the preferred option. The verification process is fast and user-friendly. Besides, this is undisputedly the best method for bulk email verification. But you should keep in mind that top-notch email verifiers are not free. You pay for and receive a set of techniques in a package, such as:

  • Syntax verification
  • Email address deduplication
  • Spam trap identification and removal
  • Bounce detection
  • Toxic domain identification
  • MTA validation

Free services are unlikely to offer more than two of these features. That’s why you should be careful with your choice of an email validator. Also, it’s always a walk on thin ice when you have to share the personal data of users with a third-party service. You can’t be 100% sure that a reliable service has no security issues. That’s why you should always check whether a chosen email validator is GDPR-compliant.

On the other hand, email box pinging is truly your area of responsibility. You perform the email address verification manually, which is more reliable in some cases. This is definitely not an option for validating a long mail list verification. At the same time, if you’re looking for a free solution to check a couple of newly added subscribers, you can benefit from this.

To wrap up

Email address validation is aimed at email syntax check, while email verification is a more complex methodology involving the process of determining whether the email address exists or is active. Email validation is always part of email verification as email input is where the verification journey begins.

Also, when somebody asks you to “check” email address, make sure you ask them to specify whether they want to “validate” or to “verify” an email.

Email verification lets you get rid of fake or invalid recipients in your mailing list, and thus improves the performance of your email campaign. You don’t have to send an email to verify whether an email address is real, functional, and responsive. You can opt for a dedicated tool or manually ping the email box. At the same time, test email sending is a technique for testing the email-sending capability of an app or website. Green hands use fake email addresses for this, while experienced developers employ email sandbox services, for example, one that is part of our Email Delivery Platform.

Mailtrap Email Sandbox is a robust solution that allows developers to validate, verify, and test emails in a safe environment with no risk of spamming users.

Thank your for reading this guide! To visit the original version check out this mailtrap.io blog post.

Top comments (1)

Collapse
 
webjose profile image
José Pablo Ramírez Vargas

So you're saying that we should not send an email, just verify at the end if I receive an HTTP 250? What prevents a user to use another person's email address? The address is valid all the way, it is just not his/hers. I believe that the most important part about sending a verification email address is to make sure the owner of the mailbox agrees.