Email Deliverability · · 5 min read

How to Verify if an Email Address Is Real and Active

Learn how to check if an email address is valid and deliverable. Covers syntax validation, MX record checks, SMTP verification, and bulk list cleaning.

email

How to Verify if an Email Address Is Real and Active

Sending email to invalid addresses wastes resources, increases bounce rates, and damages sender reputation. Verifying email addresses before sending -- whether for a mailing list, a registration form, or a business contact -- is a practical step that protects deliverability. This guide covers the methods available, from simple syntax checks to SMTP-level verification, along with their limitations.

Why Email Validation Matters

Mailbox providers like Gmail, Outlook, and Yahoo closely monitor the bounce rate of every sender. A high bounce rate (above 2%) signals that you are sending to unverified or purchased lists -- behavior associated with spammers. The consequences:

  • Your sending IP or domain gets throttled.
  • Messages start landing in spam folders.
  • In severe cases, your IP is blocklisted entirely.

Validating addresses before sending keeps your bounce rate low and your sender reputation intact.

Level 1: Syntax Validation

The most basic check confirms that an email address follows the correct format defined in RFC 5321 and RFC 5322:

  • Contains exactly one @ symbol.
  • The local part (before @) does not exceed 64 characters.
  • The domain part (after @) does not exceed 253 characters.
  • The domain contains valid characters and at least one dot.
  • No spaces, invalid special characters, or consecutive dots.

A simple regex or library-level validation catches typos like user@gmailcom (missing dot), user@@gmail.com (double @), or [email protected] (empty domain label).

Syntax validation is fast, free, and should be the first check at every point of data entry. However, it tells you nothing about whether the address actually exists.

Level 2: Domain and MX Record Verification

A valid syntax does not mean the domain can receive email. The next step is checking whether the domain part of the address has valid MX (Mail Exchange) records in DNS.

If a domain has no MX records (and no fallback A record), it cannot receive email at all. Common indicators of an invalid domain:

  • No DNS records exist for the domain (NXDOMAIN).
  • No MX records are published, and no A record exists as a fallback.
  • The domain has expired or been suspended.

Use the InboxTooling MX Lookup to check any domain's MX records instantly. If the tool returns no results, the address is undeliverable.

This check catches:

  • Misspelled domains (gnail.com, yaho.com, outlok.com).
  • Made-up domains ([email protected]).
  • Expired or parked domains with no mail infrastructure.

Level 3: SMTP Verification (RCPT TO Check)

SMTP verification goes a step further by connecting to the recipient's mail server and initiating a partial SMTP transaction without actually sending a message. The process:

  1. Look up the domain's MX records.
  2. Connect to the highest-priority MX server on port 25.
  3. Send HELO (or EHLO) to introduce yourself.
  4. Send MAIL FROM:<> to indicate a verification probe.
  5. Send RCPT TO:<[email protected]> with the address to verify.
  6. The server responds with a status code:
  7. 250 -- the address is accepted (likely valid).
  8. 550 or 553 -- the address does not exist (invalid).
  9. 450 or 451 -- temporary failure (inconclusive).
  10. Send QUIT to close the connection without transmitting a message.

This technique can confirm or deny the existence of a specific mailbox. However, it has significant limitations.

Limitations of SMTP Verification

  • Catch-all domains: Some domains accept mail for any address (*@domain.com), returning 250 for every RCPT TO attempt regardless of whether the mailbox exists. Verification cannot distinguish real addresses from non-existent ones on these domains.
  • Greylisting: Servers using greylisting temporarily reject the first connection from unknown senders. This produces a 450 response that looks like a temporary failure, making verification inconclusive.
  • Rate limiting and blocking: Mail servers detect and block verification probes. Sending too many RCPT TO checks from the same IP in a short period will get you blocked or blacklisted.
  • Gmail, Outlook, Yahoo: Major providers do not reliably reject invalid addresses at the SMTP level during the RCPT TO phase. Gmail in particular accepts all RCPT TO commands and bounces later if the address is invalid. This makes SMTP verification ineffective for most consumer email addresses.

Level 4: Email Verification Services

Dedicated email verification services combine multiple techniques:

  • Syntax checking.
  • Domain and MX validation.
  • SMTP verification (with infrastructure designed to avoid detection and blocking).
  • Disposable email detection (identifying throwaway addresses from services like Guerrilla Mail, Temp Mail).
  • Role-based address detection (flagging addresses like info@, admin@, noreply@ which often should not be on marketing lists).
  • Historical data and pattern matching (using databases of known-invalid addresses).

These services process lists in bulk and return a confidence score or status (valid, invalid, risky, unknown) for each address. Popular services include ZeroBounce, NeverBounce, Hunter, and BriteVerify.

Best Practices for Maintaining a Clean List

  1. Validate at the point of entry. Check syntax and domain validity when the user submits a form. Reject obviously invalid addresses immediately.
  2. Use double opt-in. Require new subscribers to click a confirmation link sent to their email address. This is the most reliable way to verify that an address is real, active, and owned by the person who submitted it.
  3. Verify before importing. Any list you import (from a CRM migration, event, partnership, or legacy database) should be run through a verification service before sending.
  4. Monitor bounce reports. After every send, remove hard bounces and investigate patterns in soft bounces.
  5. Re-verify periodically. Email addresses go stale. People change jobs, abandon addresses, and let domains expire. Run your list through verification every 3 to 6 months.
  6. Check MX records for new signups. A quick MX lookup at registration time catches misspelled or non-existent domains before they enter your database. The InboxTooling MX Lookup provides this check instantly.

What Validation Cannot Do

No verification method can guarantee that a specific person is actively reading email at a given address. An address can be syntactically valid, have working MX records, accept SMTP connections, and still belong to an abandoned inbox that nobody checks.

The only definitive proof that an address is active is engagement: the recipient opens the message, clicks a link, or replies. This is why double opt-in remains the gold standard and why engagement-based list hygiene (removing subscribers who have not opened or clicked in 6-12 months) is essential for long-term deliverability.

Stay on top of your email infrastructure. Sign up for the InboxTooling newsletter for deliverability tips, tool updates, and best practices.

Related articles

Email Deliverability · 7 min read

Why Are My Emails Going to Spam? 7 Causes and How to Fix Each One

Diagnose why your emails land in spam. Covers authentication failures, IP reputation, content triggers, list hygiene, and sending patterns with specific fixes.
Email Deliverability · 5 min read

Email Bounce Backs Explained: Types, Causes, and Solutions | InboxTooling

Understand email bounces: hard vs soft bounces, SMTP error codes (550, 450), NDR format, common causes, and how to reduce your bounce rate.
Email Deliverability · 4 min read

Why You Should Use a Domain Email for Business | InboxTooling

Learn why a custom domain email address is critical for credibility, deliverability, and brand trust. Covers SPF, DKIM, DMARC benefits for business email.