How to Verify Email Addresses (the Right Way)


how to verify email address - 1
January 11, 2024
Written by
David Williams
Contributor
Opinions expressed by Twilio contributors are their own

How to Verify Email Addresses (the Right Way)

Not every email address is a good one, which makes it all the more important to verify email addresses (the right way) to avoid getting yourself in trouble. 

Whether it's a new signup on your website or a long-standing contact, ensuring that you have a valid email address is essential to successful communication and engagement. 

At Twilio SendGrid, we’ve seen all sorts of problems with email addresses—from simple typos to bad actors deliberately using spam trap addresses. The gold standard is to send recipients a confirmation email with a verification link, then continue to regularly engage with them over time.

Sometimes that isn’t an option, though. You might want to quickly clean up your contact list, or you might want to confirm email addresses from the get-go. In that case, you'll need to use alternative methods.

Below, we'll walk you through how to verify email addresses (the right way), our recommendations, and what you should avoid.

How to verify email addresses

A verified email list reduces bounce rates, enhances deliverability, and improves overall engagement. There are several methods to verify email addresses, each with its own merits, but we want to start with the best (most secure) way.

Using Twilio SendGrid's Email Validation API to confirm email addresses

When you send email through Twilio SendGrid, you can validate email addresses in your contact list by using our Email Validation API. Using machine learning, the API identifies common misspellings, inactive addresses, and shared email addresses (like team@company.com).

This is a safe and effective method of verifying email addresses because it complies with mailbox provider best practices, helping to keep your position as a good sender. It also improves delivery rates by sending to only legitimate contacts.

However, it will be up to you to keep an eye on open and click-through rates to ensure your contacts stay engaged.

Learn more about our Email Validation API to help clean up your email list and improve your delivery rates.

How not to verify email addresses

While there are reliable methods for verifying email addresses, there are also techniques that can be counterproductive, potentially harming your sender reputation or leading to inaccurate results. These methods, though theoretically sound, can have unintended consequences.

VRFY command

The Simple Mail Transfer Protocol (SMTP) includes a command for verifying an address, VRFY. If you open a Transmission Control Protocol (TCP) connection to a SMTP server, the VRFY command is supposed to validate the address. The problem is that virtually all mail servers don’t allow remote connections to verify addresses. While in theory this is a good option, it’s not the most practical. 

Broken SMTP handshake

Another option is to use a broken SMTP handshake. In a standard SMTP conversation (shown on the left), the last command you’d send is “DATA.” This command tells the server that the client is ready to send the message content. After the message content is sent to the server, the server will typically accept the message and the client can either send a new message or “QUIT” to close the connection.
SMTP vs Broken SMTP

With a broken SMTP handshake (shown on the right), you start an SMTP conversation and go through the steps to send a message. After getting the response to the recipient command, you stop the transaction without sending the data. The SMTP protocol allows this using a reset or quit command, or you can simply close the TCP connection. The end result is the same: the server has accepted (or rejected) the recipient email address, but you haven’t actually sent them a message. 

It seems like the perfect plan—you get to verify the address without risking your reputation, avoiding any messages that could be marked as spam. But, there are a couple of issues with the broken SMTP handshake:

1. If you do it often, it’s obvious in the logs what’s happening. One message getting disconnected before the message is received is normal for an internet mail server. Thousands of messages with this behavior looks like a bad actor, and could get your IP blocked.

2. Verifying your email addresses via the broken SMTP handshake is not a reliable or safe-sending practice. 

3. Many mail servers and anti-spam gateways will defer the recipient check until after the message is received, so the ok response for the recipient verb might not mean anything.

4. Many mail servers use a greylist <https://help.ubuntu.com/community/PostfixGreylisting>. A grey list temporarily blocks the recipient if the sending server is unknown. So a simple verification test against a domain protected by a grey list will always give a negative result.

TL:DR: confirming email addresses

If you’re looking for how to verify the email addresses in your contact list, here are our recommendations:

  • Do: Send a confirmation email with a verification link. This not only confirms that the email address is legitimate, it also tells you whether or not the recipient is engaged with your content. 
  • Do: For a quick and safe method of verifying email addresses, use Twilio SendGrid’s Email Validation API. 
  • Don’t: Verify email addresses using the broken SMTP handshake. It’s a poor sending practice. Use this method too often and mailbox providers will think you are a malicious sender.

For best results, use a combination of the Email Validation API and a confirmation email. This will allow you to check for typos and double-check that the recipient wants your content. This dynamic duo will help you achieve higher delivery and engagement rates. 

Ready to see the Email Validation API in action? Try it out when you sign up for a free trial


Recommended For You



Most Popular


Send With Confidence

Partner with the email service trusted by developers and marketers for time-savings, scalability, and delivery expertise.