So you have an email address from a new contact, say a new signup for your site. How do you know the email address is valid? Here at Twilio SendGrid, we’ve seen all sorts of problems with email addresses from simple typos to bad actors deliberately using spam trap addresses. The gold standard is to send recipients a confirmation email with a verification link, then continue to regularly engage with them over time. Sometimes that isn’t an option, or you want to quickly clean up your contact list, and need to look at alternative verification methods. We’ll share a few methods of verifying email addresses, our recommendations, and what you should avoid.

VRFY command

The Simple Mail Transfer Protocol (SMTP) includes a command for verifying an address, VRFY. If you open a Transmission Control Protocol (TCP) connection to a SMTP server, the VRFY command is supposed to validate the address. The problem is that virtually all mail servers don’t allow remote connections to verify addresses. While in theory this is a good option, it’s not the most practical. 

Broken SMTP handshake

Another option is to use a broken SMTP handshake. In a standard SMTP conversation (shown on the left), the last command you’d send is “DATA.” This command tells the server that the client is ready to send the message content. After the message content is sent to the server, the server will typically accept the message and the client can either send a new message or “QUIT” to close the connection.

With a broken SMTP handshake (shown on the right), you start an SMTP conversation and go through the steps to send a message. After getting the response to the recipient command, you stop the transaction without sending the data. The SMTP protocol allows this using a reset or quit command, or you can simply close the TCP connection. The end result is the same: the server has accepted (or rejected) the recipient email address, but you haven’t actually sent them a message. 

It seems like the perfect plan—you get to verify the address without risking your reputation, avoiding any messages that could be marked as spam. But, there are a couple of issues with the broken SMTP handshake:

1. If you do it often, it’s obvious in the logs what’s happening. One message getting disconnected before the message is received is normal for an internet mail server. Thousands of messages with this behavior looks like a bad actor, and could get your IP blocked.

Verifying your email addresses via the broken SMTP handshake is not a reliable or safe-sending practice. 

2. Many mail servers and anti-spam gateways will defer the recipient check until after the message is received, so the ok response for the recipient verb might not mean anything.

3. Many mail servers use a greylist <https://help.ubuntu.com/community/PostfixGreylisting>. A grey list temporarily blocks the recipient if the sending server is unknown. So a simple verification test against a domain protected by a grey list will always give a negative result.

Twilio SendGrid’s Email Validation API

When you send email through Twilio SendGrid, you can validate email addresses in your contact list by using our Email Validation API. Using machine learning, the API identifies common misspellings, inactive addresses, and shared email addresses (like team@company.com). This is a safe and effective method of verifying email addresses because it complies with mailbox provider best practices, helping to keep your position as a good sender. It also improves delivery rates by sending to only legitimate contacts. However, it will be up to you to keep an eye on open and click-through rates to ensure your contacts stay engaged.

Learn more about our Email Validation API to help clean up your email list and improve your delivery rates.

TL;DR

If you’re looking for a way to verify the email addresses in your contact list, here are our recommendations:

Do: Send a confirmation email with a verification link. This not only confirms that the email address is legitimate, it also tells you whether or not the recipient is engaged with your content. 

Do: For a quick and safe method of verifying email addresses, use Twilio SendGrid’s Email Validation API. 

Don’t: Verify email addresses using the broken SMTP handshake. It’s a poor sending practice. Use this method too often and mailbox providers will think you are a malicious sender.

For best results, use a combination of the Email Validation API and a confirmation email. This will allow you to check for typos and double-check that the recipient wants your content. This dynamic duo will help you achieve higher delivery and engagement rates. 

Ready to see the Email Validation API in action? Try it out when you sign up for a free trial



David Williams
David Williams is a principal engineer who has worked at SendGrid, then Twilio for the last 10 years. He currently spends most of his time on edge email ingestion and SGS, our distributed fault tolerant scheduler.