Skip to content
Inbox OSS

Email Validation API

Seven checks. One verdict.

The industry's deepest email validation engine — syntax, DNS, SMTP probe, catch-all detection, risk databases, MX blacklist, and WHOIS domain-age verification. Catch invalid addresses, disposable domains, and spam-traps before they damage your sender reputation. Available as a real-time API, a bulk CSV processor, and a pre-send hook integrated directly into the email pipeline.

The 7-check engine

Most validators perform 3 checks. We perform 7.

Each check has a distinct failure mode no other check catches. Skipping any one of them means shipping bounces, spam-traps, or fraud risk into your campaigns. The cumulative lift from running all seven is dramatic: 12.4 percentage points more invalid addresses caught versus standard 3-check competitors, measured on cold acquisition lists in our internal benchmarks.

  1. 01

    Syntax

    RFC 5321/5322 compliance with quoted-local-part and IDN (internationalized domain name) handling. Catches typos, malformed addresses, and structurally invalid formats. Industry table stakes — every validation tool does this, but ours is strict about the corner cases.

  2. 02

    DNS

    A, AAAA, and MX record resolution with DNSSEC where present. Catches dead domains, parked domains, and domains with no mail infrastructure. We cache aggressively to keep the latency low without serving stale results.

  3. 03

    SMTP probe

    Real RCPT TO over a short-lived SMTP session against the recipient's MX. We do not send a message — only verify whether the mailbox would accept one. Catches mailboxes that do not exist on real domains. Most validators stop here. We do not.

  4. 04

    Catch-all detection

    Many domains accept every local-part as a courtesy or business decision. A naive SMTP probe passes; the address might still be invalid. We test with a known-bad local-part and report the risk verdict so you can decide whether to send.

  5. 05

    Risk databases

    Spam-trap, abuse, litigator, breach, and global-suppress lists. This is where most validation tools quietly fail you. We run these checks BEFORE the DNS check so trap hits on dead domains classify correctly as spamtrap rather than misleading no_dns_entries.

  6. 06

    MX blacklist

    Spamhaus Zen and Barracuda Reputation Block List lookups against each MX host. If your recipient's mail server is blacklisted, you will bounce or land in spam — better to know before you send.

  7. 07

    WHOIS domain age

    35 TLD parser with per-TLD format handling. Catches brand-new disposable domains registered hours ago that pass every other check. GDPR-aware caching for jurisdictions that redact registrant data (.de, .nl, etc.).

Three ways to validate

Real-time, bulk, or pre-send — your choice

Same 7-check engine across every interface. Use the one that fits your workflow.

Real-time API

POST one address, get a verdict in under 300ms p95. Perfect for signup form validation, list-import flows, or anywhere you need a synchronous answer.

Bulk CSV processor

Upload a CSV or TXT file via the dashboard. Concurrent worker pool processes 40,000-80,000 addresses per minute. Result CSV downloads with per-address verdicts and risk scores.

Pre-send hook

Inline validation right before /mail/send executes. Suspicious addresses are quarantined automatically; clean addresses pass through with sub-300ms added latency.

Result caching

Per-address verdicts cached 7-30 days. We do not re-charge for the same address within the cache window. Bulk re-runs only pay for new addresses or expired entries.

IDN and i18n support

Full Unicode support including non-ASCII local-parts and internationalized domain names. Punycode normalization handled automatically. GDPR-aware WHOIS handling for redacted jurisdictions.

Rate-limit aware

Our validation infrastructure backs off automatically when probing reputation-sensitive domains so we never get blocklisted ourselves. Your validation budget is never wasted on retries.

<300ms

p95 single check

With cached and partial-cache results

98.4%

Match vs. send-truth

Verdict accuracy versus actual SMTP outcome

7

Distinct checks

Industry-leading verification depth

35

TLDs in WHOIS check

Disposable domain coverage

Why pre-send validation is the single highest-leverage email investment

Pre-send validation — running every address through the 7-check engine immediately before /api/v1/mail/send executes — is the single most cost-effective intervention available to most email programs. The economics are stark: a validation check costs a fraction of a cent; a bounce costs you the send credit plus the reputation damage that follows.

The bounce-to-spam-folder pipeline

Mailbox providers monitor sender bounce rate as a primary reputation signal. Bounce rates above 2 percent trigger reputation degradation at Gmail and Microsoft. Bounce rates above 5 percent trigger temporary blocks. Pre-send validation drops typical bounce rates from 5-10 percent on cold lists to under 0.5 percent — a dramatic reputation-protection lever. The downstream effect is even more valuable: lower bounce rate means higher inbox-placement percentage, which means more revenue per send for marketing campaigns and higher conversion on transactional flows.

Spam-trap protection is reputation protection

Spam-trap hits are the single most damaging event in an email-program lifecycle. A single recycled-trap hit on a major mailbox provider can drop your domain reputation tier overnight. Pristine-trap hits — addresses created from scratch and seeded specifically to catch list scrapers — typically result in same-day blocklisting on Spamhaus or Barracuda. Recovery from a Spamhaus listing takes 30-90 days of remediation. Pre-send validation cross-references every address against known-trap databases and the WHOIS domain-age signal, catching these addresses before they ever reach your send queue.

Disposable-domain detection prevents fraud loops

Many free-trial abuse and fraud-signup workflows use disposable email services (10minutemail, mailinator, throwaway domain registrations). The WHOIS domain-age check is uniquely powerful here — a domain registered within the last 24 hours that has never appeared in any other system is overwhelmingly likely to be a disposable. Catching these at signup time, before you provision the trial or send the welcome email, eliminates an entire class of fraud loss.

Integration patterns

Signup form validation: hit the real-time API in your signup handler before account creation. Return a friendly error for failed addresses (“Please double-check your email — we could not verify this address”). Best practice is to distinguish between hard failures (typos, malformed) and soft failures (catch-all, role-account) and only block the hard ones.

List-import validation: when importing a contact list, queue it through the bulk validation processor first. Quarantine high-risk and invalid addresses to a separate list and only import the verified-deliverable ones. The bulk processor returns a per-address risk score so you can apply your own thresholds.

Pre-send hook: enable validation on every send by toggling the pre-send hook in your dashboard's Email Validation settings. Every address passes through the validator immediately before /api/v1/mail/send executes. Failed addresses are auto-suppressed and the original send returns a structured error indicating which addresses were rejected. Minimal latency overhead (under 300ms p95) and dramatic reputation protection.

Frequency and cache strategy

Verdicts cache for 7-30 days depending on the verdict type — definitive verdicts (clear invalid, clear spam-trap, clear catch-all) cache longer; ambiguous verdicts (risk-flagged, soft-deliverable) cache shorter. The recommended re-validation cadence is monthly for active marketing lists and 90-day intervals for transactional address pools. Bulk re-validation is cheap thanks to caching — re-running last month's 100k-address list typically pays for only the newly-added addresses plus a small percentage of expired verdicts.

Comparison

How Inbox OSS validation compares to standalone validators

Same 7-check engine, but bundled into the email platform you are already paying for.

CapabilityInbox OSSNeverBounceZeroBounceKickbox
Syntax + DNS + SMTP probe
Catch-all detection
Risk-database lookupsLimitedLimited
MX blacklist check (Spamhaus + Barracuda)
WHOIS domain-age check
Bundled into email platform
Pre-send hook integrationVia webhookVia webhookVia webhook
Real-time + bulk + pre-send modesAll threeReal-time + bulkReal-time + bulkReal-time + bulk
Free monthly credits100-50,000+Trial onlyTrial onlyTrial only

FAQ

Frequently asked questions about email validation

Email validation is the process of verifying that an email address is valid, deliverable, and not associated with risky senders or domains. Sending to invalid, disposable, or spam-trap addresses damages your sender reputation, which causes mailbox providers to filter your legitimate mail to spam or reject it entirely. The economic case: the cost of validation (a fraction of a cent per address) is roughly two orders of magnitude lower than the cost of a bounce in lost reputation and wasted send credits. Customers who enable pre-send validation see bounce rates under 0.5 percent on cold acquisition lists versus 5-10 percent without validation.

Clean your list. Save your reputation.

100 free email validation checks per month, forever. No credit card required.