How to Verify Email Address Without Sending an Email

The simplest way to verify the validity of an email address is to send a test email. If the email hard bounces, i.e. there will be no further attempt to deliver a message, the recipient does not exist. Fortunately, you don’t have to go this way to verify each email address from your mail list. In this blog post, we’ll show you how to check if an email address is valid without sending an email.

Why do you need to validate email addresses?

Let’s say, you’ve launched your email campaign without any verification of email addresses. The existing recipients will get their emails, and you’ll get hard bounces for non-existing recipients, right? Not quite.

The thing is that many hard bounces impair your sender’s reputation. The poor reputation, in turn, drops your deliverability. If you regularly send emails to invalid addresses, your email campaigns will end up in the spam folder. In the blog post How to Improve Email Deliverability, we shared the best practices for maintaining proper sender reputation.  

Email campaign performance depends on the accuracy of your email list.

When do you need to validate email addresses?

Email validation is not a recurrent activity. It is recommended to validate your mail list if:

  • new recipients have been added
  • it’s been long since the last validation (more than one month)
  • your bounce rate approached or exceeded 2%
  • you have low open rates 

Checklist to achieve proper email validation

This is what a proper email validation consists of:

  • Syntax validation
  • Check for disposable emails
  • Check for obvious typos
  • Look up DNS 
  • Ping email box 

Syntax validation

Let’s take a regular email address: example@mailtrap.io. It consists of local (example) and domain (mailtrap.io) parts. 

The local part can contain:

  • alphanumeric characters – A to Z (both upper and lower case) and 0 to 9
  • printable characters – !#$%&'*+-/=?^_`{|}~
  • a dot . (the local part cannot start and end with a dot, and you can’t use the dot consecutively like example..first@mailtrap.io). 

The domain part can contain alphanumeric characters (both upper and lower case). It can also contain a hyphen (-) if it is not the first or last character. The hyphen cannot be used consecutively. 

These validation rules can be implemented in a regular expression or RegEx to verify the email address syntax. However, do not limit the verification to a RegEx rule only. You should also consider IETF standards, ISP-specific syntax checking, quoted words, domain literals, non-ASCII domains, and so on. If you’re building your app using Angular or React Native, check our respective blog posts dedicated to email validation:

Check for disposable emails 

A disposable email address is a temporary address that is valid for some time. You should clean your mail of any disposable emails generated by Nada, Mailinator, and similar services. You can make use of a third-party API, such as InboxHit. Those can reliably detect disposable email addresses. Also, you may search for a list of domains used for temporary email addresses and use them in your RegEx

Check for obvious typos 

Misspellings and typos are another aspect you should focus on. For example, your email list may contain example@yashoo.com instead of example@yahoo.com. Such common typos can be implemented in your RegEx rule as well.

DNS lookup

A DNS lookup is the process of requesting a DNS record from a DNS server. In our case, we’re interested in the MX record. It is a DNS entry that specifies an email server for accepting emails for the domain name. Here is an example of a DNS lookup for mailtrap.io

  • Open your console app and run the following command:
nslookup –type=mx mailtrap.io
  • You’ll see a number of MX records for domain “mailtrap.io” and their priority values:
mailtrap.io     MX preference = 5, mail exchanger = alt2.aspmx.l.google.com
mailtrap.io     MX preference = 1, mail exchanger = aspmx.l.google.com
mailtrap.io     MX preference = 10, mail exchanger = aspmx2.googlemail.com
mailtrap.io     MX preference = 10, mail exchanger = aspmx3.googlemail.com
mailtrap.io     MX preference = 5, mail exchanger = alt1.aspmx.l.google.com
  • Pick the email server with the highest priority. The smaller is the preference value, the higher is the priority. In our case, this is “aspmx.l.google.com” You’ll need this input for the next step of the checklist.

Email box pinging 

After the DNS lookup, you can validate the email address via SMTP connection. You need to connect to the chosen SMTP server and request whether an email address exists. If the server replies with (250 OK), the email address is valid. If the client gets a negative response (550-5.1.1 User Unknown), the address does not exist. For the following manipulations, you’ll need a console app and Telnet.

  • Connect to the email server on standard SMTP port 25:
telnet aspmx.l.google.com 25

Here is the response that establishes the SMTP handshake:

220 mx.google.com ESMTP z23si732378lfb.34 - gsmtp
  • Commence the SMTP conversation 
EHLO mailtrap.io

Here is the response:

250-mx.google.com at your service, [31.42.66.68]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
  • Now, you need to specify the sender email address using the MAIL FROM: command:  
mail from:<sender@example.io>

Response:

250 2.1.0 OK z23si732378lfb.34 - gsmtp
  • Eventually, you can do the email address verification. Enter the recipient email address using the RCPT TO: command:
rcpt to:<new-recipient@mailtrap.io>

We’ve got 550-5.1.1 code response since the recipient was fake:

550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1  https://support.google.com/mail/?p=NoSuchUser z23si732378lfb.34 - gsmtp

On the other hand, if you get 250 OK, this will show that the email address is valid. 

  • After that, you can close the conversation with the QUIT command. 

Here is how the entire SMTP session to verify the invalid recipient looks:

C: ehlo mailtrap.io
S: 250-mx.google.com at your service, [31.42.66.68]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
C: mail from:<sender@example.com>
S: 250 2.1.0 OK q25si5330153lfb.56 - gsmtp
C: rcpt to:<new-recipient@mailtrap.io>
S: 550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550.1.1 unnecessary spaces. Learn more at
550 5.1.1  https://support.google.com/mail/?p=NoSuchUser q25si5330153lfb.56 - gsmtp
C: quit
S: 221 2.0.0 closing connection q25si5330153lfb.56 - gsmtp 

And here is the session for a valid email address:

C: ehlo mailtrap.io
S: 250-mx.google.com at your service, [31.42.66.68]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8                                                                                                           C: mail from:<sender@example.io>
S: 250 2.1.0 OK q14si6283798lji.50 - gsmtp
C: rcpt to:<support@mailtrap.io>
S: 250 2.1.5 OK q14si6283798lji.50 - gsmtp
C: quit
S: 221 2.0.0 closing connection q14si6283798lji.50 - gsmtp

Why the VRFY and EXPN commands were not considered?

The VRFY command is used to verify whether a mailbox in the argument exists on the local host. For example:

C: VRFY recipient
S: 250 The Recipient recipient@example.io

The EXPN command is used to verify whether a mailing list in the argument exists on the local host. For example:

C: EXPN mail-list
S: 250-recipient1@example.io 
250-recipient2@example.io 
250-recipient3@example.io 

Both commands implement SMTP authentication. However, they are considered a security risk – spammers can use them to steal valid email addresses from the server. Therefore, most of the servers disable these commands for security purposes.

How to validate email list with online email validators

Going through the checklist would have taken much more time to validate even a single email address. However, you don’t have to do manual validation since there are many ready-to-use solutions available. Online email validation services provide an all-in-one tool to complete each step of the aforementioned checklist. But there are so many email address verifiers on the market – so, which one is worth using? We asked Google and found dozens of options. NeverBounce, MyEmailVerifier, and TheChecker to name a few. We’ve analyzed user feedback from the web and selected the top ten based on the following criteria:

  • Domain check
  • Single email verification
  • Bulk email verification
  • Syntax check
  • Mail server validation
  • Verification API
  • GDPR-compliance

Here is the list of winners:

1. ZeroBounce
2. GetEmail.io
3. HuBuCo
̶S̶n̶o̶v̶i̶o̶
4. Proofy
5. Bouncer
6. EmailVerifier
7. Clearout
8. Email Checker
9. NeverBounce

The initial list of winners consisted of top 10 options, but we noticed that Snovio had no information about GDPR compliance (at the time of publication). This is a crucial selection criteria since you’re going to share personal data (email address) of your users with a third-party service. For more about GDPR in email marketing, read our blog post Emails and GDPR – 11 Questions to Answer.

Email validation like a breeze 

Check out the regular flow of email address verification with one of the above listed services. We randomly picked a verifier, Email Checker, and tried it in action for validating the following: 

  • support@mailtrap.io – a valid email address
  • firebird@mailtrap.io – an invalid email address
  • example@gnail.com – an email address with a typo

Valid email address

Invalid email address

Misspelled email address

Email box pinging or online email validators – which is the best option? 

Email address validation using an automated solution is definitely the preferred option. The verification process is fast and user-friendly. Besides, this is undisputedly the best method for bulk email validation. But you should keep in mind that top-notch email verifiers are not free. You pay for and receive a set of techniques in a package, such as:

  • Syntax verification
  • Email address deduplication
  • Spam trap identification and removal
  • Bounce detection
  • Toxic domain identification
  • MTA validation

Free services are unlikely to offer more than two of these features. That’s why you should be careful with your choice of an email validator. Also, it is always a walk on thin ice when you have to share personal data of users with a third-party service. You can’t be 100% sure that a reliable service has no security issues. That’s why you should always check whether a chosen email validator is GDPR-compliant. 

On the other hand, email box pinging is truly your area of responsibility. You perform the email address verification manually, which is more reliable in some cases. This is definitely not an option for validating a long mail list. At the same time, if you’re looking for a free solution to check a couple of newly added subscribers, you can benefit from this.

To wrap up

Email address validation is an essential part of the email testing checklist. It lets you get rid of fake or invalid recipients in your mail list, and thus improve the performance of your email campaign. You don’t have to send an email to verify whether an email address exists. You can opt for a dedicated tool or manually ping the email box. At the same time, test email sending is a technique for testing the email sending capability of an app or website. Green hands use fake email addresses for this, while experienced developers employ the email sandbox services, such as Mailtrap. You should give it a try as well! Good luck with your emails!