We help IT Professionals succeed at work.

How is Email verification done

There are several online services /products that provide email verification in real time for a very low cost. How is this done?

Examples are services like xverify.com and briteverify.com.

How do they work?

Note: The info that is provided on their website is very limited and is mostly just marketing and sales information.

Watch Question

The primary way to check if an email address is functional (aka: There's an email account existing for it, somebody opens the messages) is to simply send an email to that account. And listen for the outcome.

There are some preliminary checks you could do, i.e. check if the domain really exists, if there's a mail server that accepts mail, etc. ... but after that you'll have to send an email to that account. Depending on the results (i.e. error message from the server) you could detect defunct/nonexistent addresses. If you include some "return receipt request" in your email, you might (!) be notified if somebody opens the mail.

But many spam filter applications sort out such test messages without notice, and many client might refuse to let their mailer return receipts - therefore email address validation is somewhat fuzzy.

Besides of that, such a company might maintain list of existing mail addresses (i.e. to sell these lists to spammers) - that heap of data could also generate a nice secondary income with the services you describe. And last but not least I bet they sell a bulk checking service where spammers could save bandwidth by just narrowing down their recipient lists.


The tools that I mentioned don't send an email to verify it. You just need to enter a set or a single email ID and it would be verified.
Don't talk to me.
Generally speaking, these services do one or more of the following:

1) check the syntax on the address

2) look up the domain to make sure it is registered

3) run the usernames against a regex of known "fake" emails (e.g. nospam@whatever.com, noreply@whatever.com, f*ckyou@whatever.com, etc.)

4) use the SMTP envelope to ping the mail server and user's mailbox and listen for a response.

(good reading here: http://lifehacker.com/5697360/how-to-verify-if-an-email-address-is-real-or-fake)

The last step is one that frankhelk refers to as "sending email" and it's kind of complicated.  You basically create the SMTP envelope and send it to the recipient and listen for a response that indicates a valid mailbox.  The problem with this approach is that mail server sysadmins a) don't want to advertise good addresses to anyone who pings the box and b) don't want to deal with the traffic overhead of potentially millions of address checks so most of the time the empty envelopes are discarded or bounces.  If the envelope is discarded, the verification software receives no response.  If bounced, the verification software parses it as false negative.

Good verification software then runs an algorithm to see how many tests are passed and makes a decision about the email address based on that data.  So in 3/4 of the tests above pass and the envelope never responds, it's possible the email address is good.  If the test fails on syntax or the domain name is not registered, you have a much higher liklihood that the email address is bad.

As you have hopefully figured out, the flaw in all of this is that we don't really know how many bad emails are bad when using a service like this to verify.  Assuming the service rates by tests passed, if an email address gets the highest possible score, you can assume it is good but for the rest of them?  Your guess is as good as ours.