Email Validator: Stop Sending to Invalid Addresses

You build your email list to 5,000 subscribers. You send your first campaign. The results: 47% delivered, 18% bounced, and the rest disappeared into the void. Your email provider flags your account for high bounce rates. Your sender reputation drops. Future emails, even to valid addresses, start landing in spam folders.

This scenario is common, and it is almost entirely preventable with email validation. Validating email addresses before adding them to your list catches typos, fake addresses, and inactive mailboxes before they damage your sender reputation.

The Email Validator checks addresses for proper format, valid domain, and common issues. But validation is more than just checking if an @ sign is in the right place. Understanding what makes an email address valid or invalid helps you build better forms, cleaner lists, and more reliable delivery.

What Email Validation Actually Checks

Email validation operates at multiple levels, each catching different types of problems.

Level 1: Syntax validation. Does the address follow the technical format? An email address must have a local part (before @), an @ symbol, and a domain part (after @). The rules are defined in RFC 5321 and RFC 5322, and they are more permissive than most people think. Technically, "john doe"@example.com (with quotes) is valid. john+tag@example.com is valid. john@subdomain.example.com is valid. Most syntax validators check against a simplified rule set that covers 99.9% of real-world addresses.

Level 2: Domain validation. Does the domain exist? Does it have MX (Mail Exchange) records? A domain without MX records cannot receive email. If someone enters john@gmial.com (typo for gmail.com), the domain might exist but have no mail server.

Level 3: Mailbox verification. Does the specific mailbox exist on that domain's mail server? This involves connecting to the mail server and asking if it will accept mail for that address. This is the most accurate check but also the most invasive. Some servers refuse to answer, some give false positives, and doing this at scale can trigger rate limits.

Level 4: Behavioral signals. Is this address from a disposable email service (like Guerrilla Mail or Mailinator)? Is it a role address (info@, admin@, noreply@)? Has it been seen in spam trap databases? These checks use external databases and heuristics rather than technical verification.

The Email Validator handles levels 1 and 2 instantly. For level 3 and 4, specialized email verification services are needed.

Why Bounces Destroy Your Email Reputation

When you send email, inbox providers (Gmail, Outlook, Yahoo) are watching you. They track your bounce rate, spam complaint rate, and engagement metrics. These signals determine whether your future emails land in the inbox, the spam folder, or get blocked entirely.

Hard bounces occur when an email is permanently undeliverable. The address does not exist, the domain does not exist, or the server explicitly rejects the message. A hard bounce rate above 2% is a red flag for inbox providers.

Soft bounces are temporary failures. The mailbox is full, the server is temporarily down, or the message is too large. Soft bounces are normal in small quantities but become a problem if the same address soft bounces repeatedly.

The reputation damage works like a credit score. Every hard bounce lowers your score. Every spam complaint lowers it more. Once your score drops below a threshold, inbox providers start routing all your email to spam. Recovering from a bad reputation takes weeks or months of sending only to engaged, valid addresses.

This is why validation matters before you send, not after. Removing invalid addresses from your list before sending prevents the bounces from happening in the first place.

For context, input validation in general follows the same principle: verify data before processing it. The URL Validator checks URLs for proper format and reachability, and the Credit Card Validator verifies card numbers using the Luhn algorithm. All three tools prevent errors downstream by catching problems at the input stage.

Building Validation Into Your Signup Forms

The best time to validate an email address is when the user types it. Real-time validation in signup forms catches errors before they enter your database.

Implementation layers:

Client-side (instant feedback): `javascript const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;

function validateEmail(email) { if (!emailRegex.test(email)) { return 'Please enter a valid email address'; } // Check for common typos const domain = email.split('@')[1]; const commonTypos = { 'gmial.com': 'gmail.com', 'gmai.com': 'gmail.com', 'gamil.com': 'gmail.com', 'outlok.com': 'outlook.com', 'yaho.com': 'yahoo.com', }; if (commonTypos[domain]) { return Did you mean ${email.split('@')[0]}@${commonTypos[domain]}?; } return null; } `

Server-side (authoritative check): - Re-validate the format (never trust client-side validation alone) - Check DNS MX records for the domain - Optionally check against disposable email provider lists - Rate-limit validation requests to prevent abuse

Confirmation email: - Send a verification email with a unique link - Only add the address to your active list after the link is clicked - This is the gold standard because it proves both that the address is valid and that the person who owns it intentionally signed up

The double opt-in (confirmation email) approach eliminates nearly all invalid addresses from your list. It also provides legal compliance with regulations like GDPR and CAN-SPAM that require demonstrable consent.

Cleaning an Existing Email List

If you already have a list with unknown quality, clean it before your next send. Here is the process:

Step 1: Remove obvious invalids. Filter out addresses with clearly wrong syntax (missing @, spaces, special characters), addresses from domains you know are defunct, and any addresses that have hard bounced in previous sends.

Step 2: Check for disposable addresses. Services like Guerrilla Mail, 10MinuteMail, and Mailinator provide temporary addresses that people use to bypass signup forms. These addresses stop working within hours. Remove them.

Step 3: Verify with a bulk email verification service. Services like ZeroBounce, NeverBounce, or Hunter.io check each address against their databases and verify mailboxes in bulk. They cost $3-10 per 1,000 addresses, which is dramatically cheaper than the sender reputation damage from bounces.

Step 4: Segment by engagement. Separate addresses that have opened or clicked in the past 90 days (active) from those that have not (inactive). Send to the active segment first. If your metrics look good, gradually re-engage the inactive segment with smaller sends.

Step 5: Set up ongoing hygiene. Remove hard bounces automatically after each send. Remove addresses that have not engaged in 6 months. Re-validate your full list every 6-12 months.

The math is clear: a smaller, clean list outperforms a large, dirty one. Sending to 3,000 valid, engaged addresses produces more opens, clicks, and conversions than sending to 10,000 addresses where half are invalid and most of the rest are unengaged.

Technical Deep Dive: MX Records and SMTP Verification

For developers building email validation into their applications, understanding the underlying protocols helps you make informed decisions about validation depth.

MX Record Lookup: Every domain that receives email has MX (Mail Exchange) DNS records that specify which servers handle email for that domain. You can query these programmatically:

`bash dig MX gmail.com # Returns: gmail-smtp-in.l.google.com (and alternates) `

If a domain has no MX records and no A record fallback, it cannot receive email. This is a fast, non-invasive check that eliminates a significant percentage of invalid addresses.

SMTP Verification: The more thorough approach involves connecting to the mail server and initiating an SMTP conversation:

` CONNECT mail-server:25 HELO my-server.com MAIL FROM: RCPT TO: # Server responds 250 (exists) or 550 (not found) QUIT `

The RCPT TO command asks the server if it would accept mail for that address. A 250 response usually means the mailbox exists. A 550 means it does not.

Caveats: - Many servers implement catch-all configurations that accept any address, making verification unreliable for those domains - Some servers (Gmail, Outlook) rate-limit or block SMTP verification attempts - Greylisting temporarily rejects the first delivery attempt, which can look like a failure - SMTP verification without actually sending an email is increasingly viewed as suspicious behavior by mail servers

For most applications, syntax validation + MX record check + confirmation email is the right balance of thoroughness and simplicity. Full SMTP verification is best left to dedicated services that manage the complexity at scale.

FAQ

How often should I validate my email list?

Re-validate your full list every 6-12 months. Email addresses become invalid over time as people change jobs, abandon accounts, or close mailboxes. Between full validations, remove hard bounces after every send and monitor your bounce rate trend.

Can I validate email addresses for free?

Syntax validation and MX record checks are free and can be done locally. Mailbox-level verification requires external services that typically charge per address. The Email Validator handles format and basic validation for free. For large-scale verification, paid services are worth the investment.

What is a good bounce rate target?

Below 2% is the industry standard for a healthy email list. Below 0.5% is excellent. Above 5% indicates a list hygiene problem that will affect your deliverability. If you are consistently above 2%, clean your list before sending again.

Should I remove unsubscribed addresses from my database entirely?

You must stop sending to them (legally required under CAN-SPAM and GDPR), but you should keep the record with a suppression flag rather than deleting it entirely. This prevents accidentally re-adding the address if the person signs up through a different form. A suppression list is a standard practice.

Is there a difference between validation and verification?

In common usage, the terms are often interchangeable. Technically, validation checks format and syntax (can this be a real address?), while verification checks whether the address actually exists and can receive mail (does this address work?). Validation is fast and free. Verification requires interacting with external mail servers.