How does email verification work using SMTP?

Top questions about email verification

Curious about email verification?

Here's an overview of how it works, and a rundown of the top questions we get asked most often, along with straightforward answers. If you want to just dive into results, you can download our free guide here.

How does email verification work?

It starts with basic syntax checks. In an email address there must be a beginning, an '@'  and a dot.domain. Once we're sure we're dealing with a real email address we can check it in more detail.

someone at Email Hippo

This stage also involves analysing the domain status, (DNS records) to make sure the domain is real and that a mail server exists and is set up correctly. (To check a mail server we check what are called MX Records). Mail servers that are badly set up might be open to being hacked and used for fraudulent activity, which is one reason why we check them out.

SMTP and other sources build an email profile - pinging the server

Once syntax, DNS and MX checks have been made, and we're sure we're dealing with a real email address, mail server communication begins.

Email verification is a communication between computers - specifically one is a mail server. We 'ping' a mail server to check the status of the inbox associated with an email address. The response received should follow the SMTP rules (Simple Mail Transfer Protocol) and be coded accurately so that we can interpret the code to give results. At a very basic level, the response status tells whether an inbox exists and is able to receive incoming mail. Some mail servers are also set up badly and they don't follow protocol responses. Basic example - the mail server might say an email inbox exists when it doesn't. So if you sent an email, it would bounce.

Email verification checks: Syntax, DNS and MX, SMTP, External, Proprietary resources

Deep SMTP checks more detail

Deep SMTP detailed responses and information about the mail server itself help to determine whether for instance, the mail server is set up to receive ALL incoming mail to a domain, regardless of whether a specific inbox exists. Mail servers set up like this are called catch-all servers. the sever will accept every email, but it's less likely that the emails you send will be opened. A good example of this would be a company mail server that still received mail for people, long after they have left the business.

Other queries not dealt with by SMTP are more complex. For example, we check if an email is associated with spam, if it's on blocklists or whether it is a disposable email address. That's not information we get from the email server, we get that (and other results) from multiple sources that we either own or reliable third party resources that we check in with.

Role based email address checks

Role based email addresses e.g. 'info@' and 'sales@', are identified by checking the email against our lists of hundreds of role titles. We keep these roles up to date with new trends and also hold them in multiple languages.

There are details about response codes and results in this free results guide.

Do you send an actual email - will the person know I am checking their email address?

No. We don't email the address, we only shake hands with the server and perform other checks with other sources. Email verification shouldn't involve sending real emails.

Real-time email verification only takes milliseconds

How long does it take to verify an email address?

It depends on the server, the software and the infrastructure that's making everything happen. Checking an email address should take only milliseconds. That's why email verification APIs are used in sign-up forms. Checking an email address shouldn't ever impede an interaction. It's a tool to enhance user experience - not slow it down. We share our API response times publicly. (At the time of writing our API is running at a 444 millisecond response time, returning 74 pieces of data about every email address.)

This question is related to 'How long will it take to check my list?' The answer to that is more complicated as will depend on the number of emails, server load, the unique domains in the list, mail server rules about the speed we can make repeated contact and other variable factors out of our control. 

The words email verification and email validation written in Email Hippo brand colours

What is the difference between email verification and email validation?

Nothing. We use either term to make sure we're reaching everyone who is asking the question. Since we started it in 2009, email checking was always 'email validation' when it was being described formally. Just a few years ago, verification took over in search engines as it's a term that gets used more in Asia, so we use that word equally now.

According to the Oxford English Dictionary;

  • Validation is the action of checking or proving the validity or accuracy of something
  • Verification is the process of establishing the truth, accuracy, or validity of something

Download our guide for a masterclass in email verification

Do you store all the email addresses you check?

No. That would be against our data processing terms. Results are cached for a short period of time so they can be downloaded, or for retrying if we're asked by mail servers to return with another query. 

How can I ping an email address?

This is a popular question for student projects and start-ups! We've written the code out to help on our free apps site. Here is the top article to help with this.

Any questions?

If you've got any questions about email verification, get in touch. We're always happy to help.

Useful links

Beginners guide to email verification

How to ping an email address

A guide to email verification results - download

Email Hippo Compliance

New call-to-action



Written by: Jo

Tuesday, 13 August 2019