Top questions about email verification
Curious about email verification?
Here's an overview of how it works, and a rundown of the top questions we get asked most often, along with straightforward answers. If you want to just dive into results, you can download our free guide here.
- How does email verification work?
- Do you send an actual email - will a person know if I'm checking their email address?
- How long does it take to verify an email address?
- What's the difference between email verification and email validation?
- Do you keep details of all the email addresses you check?
- How do you 'ping' an email address?
It starts with basic syntax checks. In an email address there must be a beginning, an '@' and a dot.domain. Once we're sure we're dealing with a real email address we can check it in more detail.
This stage also involves analysing the domain status, (DNS records) to make sure the domain is real and that a mail server exists and is set up correctly. (To check a mail server we check what are called MX Records). Mail servers that are badly set up might be open to being hacked and used for fraudulent activity, which is one reason why we check them out.
SMTP and other sources build an email profile - pinging the server
Once syntax, DNS and MX checks have been made, and we're sure we're dealing with a real email address, mail server communication begins.
Email verification is a communication between computers - specifically one is a mail server. We 'ping' a mail server to check the status of the inbox associated with an email address. The response received should follow the SMTP rules (Simple Mail Transfer Protocol) and be coded accurately so that we can interpret the code to give results. At a very basic level, the response status tells whether an inbox exists and is able to receive incoming mail. Some mail servers are also set up badly and they don't follow protocol responses. Basic example - the mail server might say an email inbox exists when it doesn't. So if you sent an email, it would bounce.
Deep SMTP checks more detail
Deep SMTP detailed responses and information about the mail server itself help to determine whether for instance, the mail server is set up to receive ALL incoming mail to a domain, regardless of whether a specific inbox exists. Mail servers set up like this are called catch-all servers. the sever will accept every email, but it's less likely that the emails you send will be opened. A good example of this would be a company mail server that still received mail for people, long after they have left the business.
Other queries not dealt with by SMTP are more complex. For example, we check if an email is associated with spam, if it's on blocklists or whether it is a disposable email address. That's not information we get from the email server, we get that (and other results) from multiple sources that we either own or reliable third party resources that we check in with.
Role based email address checks
Role based email addresses e.g. 'info@' and 'sales@', are identified by checking the email against our lists of hundreds of role titles. We keep these roles up to date with new trends and also hold them in multiple languages.
There are details about response codes and results in this free results guide.
No. We don't email the address, we only shake hands with the server and perform other checks with other sources. Email verification shouldn't involve sending real emails.
It depends on the server, the software and the infrastructure that's making everything happen. Checking an email address should take only milliseconds. That's why email verification APIs are used in sign-up forms. Checking an email address shouldn't ever impede an interaction. It's a tool to enhance user experience - not slow it down. We share our API response times publicly. (At the time of writing our API is running at a 444 millisecond response time, returning 74 pieces of data about every email address.)
This question is related to 'How long will it take to check my list?' The answer to that is more complicated as will depend on the number of emails, server load, the unique domains in the list, mail server rules about the speed we can make repeated contact and other variable factors out of our control.
Nothing. We use either term to make sure we're reaching everyone who is asking the question. Since we started it in 2009, email checking was always 'email validation' when it was being described formally. Just a few years ago, verification took over in search engines as it's a term that gets used more in Asia, so we use that word equally now.
According to the Oxford English Dictionary;
- Validation is the action of checking or proving the validity or accuracy of something
- Verification is the process of establishing the truth, accuracy, or validity of something
No. That would be against our data processing terms. Results are cached for a short period of time so they can be downloaded, or for retrying if we're asked by mail servers to return with another query.
This is a popular question for student projects and start-ups! We've written the code out to help on our free apps site. Here is the top article to help with this.
If you've got any questions about email verification, get in touch. We're always happy to help.