DEV Community: shahil shaikh The latest articles on DEV Community by shahil shaikh (@shahil_shaikh_73). https://dev.to/shahil_shaikh_73 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3804417%2F137f6e2c-d538-414d-9c95-857f0dcd53a7.jpg DEV Community: shahil shaikh https://dev.to/shahil_shaikh_73 en Email-Validation API shahil shaikh Fri, 13 Mar 2026 17:16:38 +0000 https://dev.to/shahil_shaikh_73/email-validation-api-1j67 https://dev.to/shahil_shaikh_73/email-validation-api-1j67 <h2> Overview </h2> <p>This Email Validator API goes beyond basic syntax checking. Most email validators only check if the format looks correct. This API actually connects to the mail server via SMTP and confirms the address exists — catching fake signups, disposable addresses, and dead mailboxes that simple checks completely miss.</p> <p>Imagine someone signs up on your website with a throwaway email. They pollute your database and never become a real user. This API catches those bad emails at the point of entry — before they ever reach your system.</p> <p>Unlike other validators that always run every check regardless of what you need, this API lets you specify exactly which checks to run using the <code>fields</code> parameter. Only the checks you request actually execute — so a disposable-only check responds instantly, while a full SMTP probe only fires when you explicitly ask for it. You get responses as fast as the check you need, nothing more.</p> <h2> What Gets Checked — 11 Fields </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>What It Does</th> </tr> </thead> <tbody> <tr> <td><code>syntax</code></td> <td>Checks email format against RFC 5321/5322 rules</td> </tr> <tr> <td><code>mx</code></td> <td>DNS MX lookup — confirms the domain is set up to receive email</td> </tr> <tr> <td><code>smtp</code></td> <td>Live SMTP probe — confirms the mailbox exists on the server</td> </tr> <tr> <td><code>disposable</code></td> <td>Detects throwaway emails — 769,000+ domains, live-updated from community blocklists</td> </tr> <tr> <td><code>role</code></td> <td>Detects shared inboxes: admin@, noreply@, support@, sales@, and 100+ variants (two-layer: exact match + fuzzy pattern)</td> </tr> <tr> <td><code>subaddress</code></td> <td>Detects plus-tag addressing like <a href="mailto:user+tag@gmail.com">user+tag@gmail.com</a> </td> </tr> <tr> <td><code>provider</code></td> <td>Detects free email providers — Gmail, Yahoo, Outlook, and 30+ more (two-layer: exact match + MX fingerprint)</td> </tr> <tr> <td><code>spamtrap</code></td> <td>Detects spam trap patterns like honeypot@, trap@, abuse@, blacklist@</td> </tr> <tr> <td><code>intelligence</code></td> <td>Domain entropy scoring + risky TLD detection (53+ TLDs hardcoded, live-updated from community list)</td> </tr> <tr> <td><code>auth</code></td> <td>Checks SPF, DMARC, and DKIM DNS records</td> </tr> <tr> <td><code>typo</code></td> <td>Detects common domain typos and suggests corrections (two-layer: dictionary + Levenshtein fuzzy matching)</td> </tr> </tbody> </table></div> <p>All 11 fields run when no <code>fields</code> param is provided. Pass <code>fields=</code> to run only what you need.</p> <h2> Quick Start </h2> <p><strong>Step 1</strong> — Subscribe to any plan including free and copy your RapidAPI key from the dashboard.</p> <p><strong>Step 2</strong> — Make your first request. Replace <code>YOUR_API_KEY_HERE</code> with your actual key.</p> <p><strong>JavaScript</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="dl">'</span><span class="s1">https://email-validator-rjwr.onrender.com/v1/validate?email=test@gmail.com</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">x-rapidapi-key</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">YOUR_API_KEY_HERE</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">x-rapidapi-host</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">email-validator-rjwr.onrender.com</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> </code></pre> </div> <p><strong>Python</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">url</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://email-validator-rjwr.onrender.com/v1/validate</span><span class="sh">"</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">x-rapidapi-key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">YOUR_API_KEY_HERE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">x-rapidapi-host</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">email-validator-rjwr.onrender.com</span><span class="sh">"</span> <span class="p">}</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">email</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">test@gmail.com</span><span class="sh">"</span><span class="p">},</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> </code></pre> </div> <p><strong>PHP</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$curl</span> <span class="o">=</span> <span class="nb">curl_init</span><span class="p">();</span> <span class="nb">curl_setopt_array</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="p">[</span> <span class="no">CURLOPT_URL</span> <span class="o">=&amp;</span><span class="n">gt</span><span class="p">;</span> <span class="s2">"https://email-validator-rjwr.onrender.com/v1/validate?email=test@gmail.com"</span><span class="p">,</span> <span class="no">CURLOPT_RETURNTRANSFER</span> <span class="o">=&amp;</span><span class="n">gt</span><span class="p">;</span> <span class="kc">true</span><span class="p">,</span> <span class="no">CURLOPT_HTTPHEADER</span> <span class="o">=&amp;</span><span class="n">gt</span><span class="p">;</span> <span class="p">[</span> <span class="s2">"x-rapidapi-key: YOUR_API_KEY_HERE"</span><span class="p">,</span> <span class="s2">"x-rapidapi-host: email-validator-rjwr.onrender.com"</span> <span class="p">],</span> <span class="p">]);</span> <span class="nv">$response</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nb">curl_exec</span><span class="p">(</span><span class="nv">$curl</span><span class="p">));</span> <span class="nb">curl_close</span><span class="p">(</span><span class="nv">$curl</span><span class="p">);</span> <span class="nb">print_r</span><span class="p">(</span><span class="nv">$response</span><span class="p">);</span> </code></pre> </div> <p><strong>cURL</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> GET <span class="se">\</span> <span class="s2">"https://email-validator-rjwr.onrender.com/v1/validate?email=test@gmail.com"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"x-rapidapi-key: YOUR_API_KEY_HERE"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"x-rapidapi-host: email-validator-rjwr.onrender.com"</span> </code></pre> </div> <h2> The <code>fields</code> Parameter — Run Only What You Need </h2> <p>This is the most important feature in v5.0. By default, all 11 fields run. If you pass <code>fields=</code>, only those specific checks execute — the rest never run. Response time depends entirely on which checks you request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>fields=syntax,role,provider,spamtrap → ~0ms (zero network I/O) fields=disposable → ~0ms (in-memory lookup) fields=typo → ~5ms (dictionary lookup) fields=mx → ~200ms (one DNS query) fields=auth → ~300ms (3 DNS TXT queries) fields=mx,disposable,role → ~200ms (MX + disposable in parallel) fields=smtp → ~1-3s (TCP + SMTP handshake) no fields param / fields=all → ~2-3s (all 11 fields) </code></pre> </div> <p><strong>Available field names:</strong></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>What Runs</th> <th>Speed</th> <th>Returns</th> </tr> </thead> <tbody> <tr> <td><code>syntax</code></td> <td>RFC 5321/5322 format check</td> <td>instant</td> <td><code>syntax_valid</code></td> </tr> <tr> <td><code>mx</code></td> <td>DNS MX record lookup</td> <td>~200ms</td> <td> <code>mx_found</code>, <code>mx_records</code> </td> </tr> <tr> <td><code>smtp</code></td> <td>Live SMTP mailbox probe</td> <td>~1-3s</td> <td> <code>smtp_verified</code>, <code>smtp_catch_all</code>, <code>smtp_greylisted</code>, <code>smtp_skipped</code> </td> </tr> <tr> <td><code>disposable</code></td> <td>769,000+ domain blocklist, live-updated</td> <td>instant</td> <td> <code>is_disposable</code>, <code>disposable_method</code> </td> </tr> <tr> <td><code>role</code></td> <td>Role-based prefix detection</td> <td>instant</td> <td><code>is_role_based</code></td> </tr> <tr> <td><code>subaddress</code></td> <td>Plus-tag detection</td> <td>instant</td> <td><code>is_sub_address</code></td> </tr> <tr> <td><code>provider</code></td> <td>Free provider detection</td> <td>instant</td> <td><code>is_free_provider</code></td> </tr> <tr> <td><code>spamtrap</code></td> <td>Spam trap pattern matching</td> <td>instant</td> <td><code>spam_trap_suspected</code></td> </tr> <tr> <td><code>intelligence</code></td> <td>Domain entropy + TLD risk</td> <td>instant</td> <td> <code>risky_tld</code>, <code>domain_entropy</code>, <code>intelligence</code> </td> </tr> <tr> <td><code>auth</code></td> <td>SPF, DMARC, DKIM DNS records</td> <td>~300ms</td> <td><code>email_auth</code></td> </tr> <tr> <td><code>typo</code></td> <td>Common domain typo detection</td> <td>instant</td> <td><code>suggestions</code></td> </tr> </tbody> </table></div> <p>The response only includes fields for the checks that actually ran. Fields you did not request are simply absent — the response is clean and minimal.</p> <p><strong>Example — signup form, fast, no SMTP:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">GET /v1/validate?email=user@example.com&amp;fields=mx,disposable,role </span></code></pre> </div> <p><strong>Example — typo correction only, near-zero latency:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">GET /v1/validate?email=user@gmial.com&amp;fields=typo </span></code></pre> </div> <p><strong>Example — security audit only:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">GET /v1/validate?email=user@example.com&amp;fields=auth,intelligence </span></code></pre> </div> <p>Pass <code>fields=all</code> or omit the parameter to run all checks. Unknown field names are ignored and reported back in <code>_unknown_fields</code> so you can catch typos in your integration.</p> <h2> Endpoints </h2> <h3> 1. Validate Single Email </h3> <p><code>GET /v1/validate</code></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Parameter</th> <th>Type</th> <th>Required</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>email</td> <td>string</td> <td>Yes</td> <td>The email address you want to validate</td> </tr> <tr> <td>fields</td> <td>string</td> <td>No</td> <td>Comma-separated list of checks to run. Omit for all 11 fields.</td> </tr> <tr> <td>quick</td> <td>boolean</td> <td>No</td> <td>Set to true to skip SMTP. Ignored if smtp is not in your fields list.</td> </tr> </tbody> </table></div> <p><strong>Full Response — Valid Email</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"shahilshaikh5718@gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VALID"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reason"</span><span class="p">:</span><span class="w"> </span><span class="s2">"All checks passed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"score_label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Excellent"</span><span class="p">,</span><span class="w"> </span><span class="nl">"checks"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"syntax_valid"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"mx_found"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"mx_records"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"gmail-smtp-in.l.google.com"</span><span class="p">,</span><span class="w"> </span><span class="s2">"alt1.gmail-smtp-in.l.google.com"</span><span class="p">,</span><span class="w"> </span><span class="s2">"alt2.gmail-smtp-in.l.google.com"</span><span class="p">,</span><span class="w"> </span><span class="s2">"alt3.gmail-smtp-in.l.google.com"</span><span class="p">,</span><span class="w"> </span><span class="s2">"alt4.gmail-smtp-in.l.google.com"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"smtp_verified"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"smtp_catch_all"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"smtp_greylisted"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"smtp_skipped"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_disposable"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"disposable_method"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_role_based"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_sub_address"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_free_provider"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"spam_trap_suspected"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"risky_tld"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"domain_entropy"</span><span class="p">:</span><span class="w"> </span><span class="mi">25</span><span class="p">,</span><span class="w"> </span><span class="nl">"email_auth"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"spf"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"spf_policy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"neutral"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dmarc"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"dmarc_policy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"none"</span><span class="p">,</span><span class="w"> </span><span class="nl">"dkim"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"intelligence"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"suggestions"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"latency_ms"</span><span class="p">:</span><span class="w"> </span><span class="mi">2536</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Response — Disposable Email Rejected</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"temp123@tempmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="s2">"REJECT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reason"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Disposable email detected via domain_list"</span><span class="p">,</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"score_label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Very Poor"</span><span class="p">,</span><span class="w"> </span><span class="nl">"checks"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"syntax_valid"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"mx_found"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"mx_records"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"mx.tempmail.com"</span><span class="p">],</span><span class="w"> </span><span class="nl">"smtp_verified"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"smtp_catch_all"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"smtp_greylisted"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"smtp_skipped"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_disposable"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"disposable_method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"domain_list"</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_role_based"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_sub_address"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_free_provider"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"spam_trap_suspected"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"risky_tld"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"domain_entropy"</span><span class="p">:</span><span class="w"> </span><span class="mi">12</span><span class="p">,</span><span class="w"> </span><span class="nl">"email_auth"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"spf"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"spf_policy"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"dmarc"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"dmarc_policy"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"dkim"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"intelligence"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"risk_score"</span><span class="p">:</span><span class="w"> </span><span class="mi">85</span><span class="p">,</span><span class="w"> </span><span class="nl">"flags"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"Domain registered only 12 days ago"</span><span class="p">,</span><span class="w"> </span><span class="s2">"MX IP shared by 620 domains — disposable infrastructure"</span><span class="p">,</span><span class="w"> </span><span class="s2">"No web presence detected"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"suggestions"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"latency_ms"</span><span class="p">:</span><span class="w"> </span><span class="mi">891</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Response — Selective fields (fields=mx,disposable,role)</strong></p> <p>When you pass a <code>fields</code> parameter, only those checks run and only those fields are returned.<br> The response is clean — no null placeholders for checks that did not run.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"admin@mailinator.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="s2">"REJECT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reason"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Disposable email detected via domain_list"</span><span class="p">,</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">25</span><span class="p">,</span><span class="w"> </span><span class="nl">"score_label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Poor"</span><span class="p">,</span><span class="w"> </span><span class="nl">"checks"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"syntax_valid"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"mx_found"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"mx_records"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"mail.mailinator.com"</span><span class="p">],</span><span class="w"> </span><span class="nl">"is_disposable"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"disposable_method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"domain_list"</span><span class="p">,</span><span class="w"> </span><span class="nl">"is_role_based"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"latency_ms"</span><span class="p">:</span><span class="w"> </span><span class="mi">203</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Notice: no smtp fields, no email_auth, no intelligence, no suggestions — because none of those checks were requested. The response time is 203ms instead of 2-3 seconds.</p> <h2> Understanding Every Field </h2> <p><strong>Top Level Fields</strong></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>What It Means</th> </tr> </thead> <tbody> <tr> <td>email</td> <td>The email address you submitted</td> </tr> <tr> <td>result</td> <td>The final verdict. See the Result Values table below.</td> </tr> <tr> <td>reason</td> <td>A plain English explanation of why this result was given</td> </tr> <tr> <td>score</td> <td>A number from 0 to 100 showing how trustworthy this email is</td> </tr> <tr> <td>score_label</td> <td>A label for the score — Excellent, Good, Fair, Poor, or Very Poor</td> </tr> <tr> <td>intelligence</td> <td>Extra analysis for suspicious unknown domains. Only present if intelligence was requested.</td> </tr> <tr> <td>suggestions</td> <td>If the domain looks like a typo this shows the corrected version. Only present if typo was requested.</td> </tr> <tr> <td>latency_ms</td> <td>How long the validation took in milliseconds</td> </tr> <tr> <td>_unknown_fields</td> <td>Only present if you passed unrecognised field names. Lists them so you can fix your integration.</td> </tr> </tbody> </table></div> <p><strong>Result Values</strong></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Result</th> <th>What It Means</th> <th>What To Do</th> </tr> </thead> <tbody> <tr> <td>VALID</td> <td>Email passed all checks</td> <td>Accept it</td> </tr> <tr> <td>REJECT</td> <td>Email definitively failed — fake, disposable, or non-existent</td> <td>Reject it</td> </tr> <tr> <td>RISKY</td> <td>Email passed basic checks but has suspicious signals</td> <td>Flag for review or require email confirmation</td> </tr> <tr> <td>UNKNOWN</td> <td>SMTP was inconclusive — server blocked the probe</td> <td>Allow but send a confirmation email</td> </tr> </tbody> </table></div> <p><strong>Score Guide</strong></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Score</th> <th>Label</th> <th>What To Do</th> </tr> </thead> <tbody> <tr> <td>80 to 100</td> <td>Excellent</td> <td>Accept with confidence</td> </tr> <tr> <td>60 to 79</td> <td>Good</td> <td>Accept — minor concerns only</td> </tr> <tr> <td>40 to 59</td> <td>Fair</td> <td>Consider requiring email confirmation</td> </tr> <tr> <td>20 to 39</td> <td>Poor</td> <td>Flag for manual review</td> </tr> <tr> <td>0 to 19</td> <td>Very Poor</td> <td>Reject</td> </tr> </tbody> </table></div> <p><strong>The checks object — every field explained</strong></p> <p><code>syntax_valid</code> — true means the email format is correct. false means it is not a properly formatted email at all — for example missing the @ symbol or having illegal characters. If this is false everything else is skipped.</p> <p><code>mx_found</code> — true means the domain is set up to receive emails. false means even if the email looks correct it can never receive any messages because the domain has no mail servers.</p> <p><code>mx_records</code> — The list of mail servers responsible for delivering email to this domain.<br> Multiple entries are normal — they are fallback servers listed in order of priority.<br> You do not need to act on this directly.</p> <p><code>smtp_verified</code> — The result of the live SMTP check. true means the mailbox was confirmed to exist on the mail server. false means it was confirmed to not exist. null means the check was skipped or the server blocked the probe — see smtp_skipped for why.</p> <p><code>smtp_catch_all</code> — true means the mail server accepts every email address regardless of whether the mailbox actually exists. This makes individual verification impossible for this domain. Do not outright reject these — flag them for manual review instead.</p> <p><code>smtp_greylisted</code> — true means the server temporarily rejected the SMTP probe using a technique called greylisting. The API automatically waits and retries when this happens. <br> If it is still true after retry it means the server is being cautious — not that the email is invalid.</p> <p><code>smtp_skipped</code> — true means SMTP verification was not performed. This happens for two reasons: either you used quick=true mode, or the domain belongs to a major provider like Gmail or Yahoo that blocks automated SMTP probing. When skipped the result is based on the other 11 checks.</p> <p><code>is_disposable</code> — true means this is a known throwaway email address. People use these to sign up without giving their real email. You should reject these.</p> <p><code>disposable_method</code> — How the disposable email was detected. Can be <code>domain_list</code><br> (matched against 769,000+ known domains updated live from community blocklists),<br> <code>keyword_match</code> (domain contains a known disposable keyword), or <code>mx_fingerprint</code><br> (mail server is known disposable infrastructure). <code>null</code> if the email is not disposable.</p> <p><code>is_role_based</code> — true means this is a shared inbox address like admin@, info@, support@, noreply@, sales@, or similar. Detection uses two layers: an exact match against 50+ known role prefixes, then fuzzy segment matching to catch variants like <code>noreply2@</code>, <code>admin.team@</code>, or <code>support_dept@</code>. For consumer apps and newsletters you should reject these. For B2B tools and contact forms they are perfectly legitimate.</p> <p><code>is_sub_address</code> — true means the email uses plus addressing like <a href="mailto:user+tag@gmail.com">user+tag@gmail.com</a>. This is a real technique used by legitimate users but also sometimes used to bypass duplicate email checks. The base address without the tag is the real mailbox.</p> <p><code>is_free_provider</code> — true means this is from a free email provider like Gmail, Yahoo, Hotmail, or Outlook. Detection uses two layers: a hardcoded list of 30+ known free providers, then MX fingerprinting to catch custom domains that route through the same infrastructure (e.g. a Google Workspace or O365 domain). Useful if your application requires a business email address. Has no impact on validity — Gmail addresses are<br> perfectly valid.</p> <p><code>spam_trap_suspected</code> — true means the email address matches known spam trap patterns like spamtrap@, honeypot@, or <a href="mailto:abuse@">abuse@</a>. These addresses are set up specifically to catch spammers. If you are seeing this on real user emails it means someone is entering fake data — reject it.</p> <p><code>risky_tld</code> — true means the domain uses a top-level domain statistically associated with spam and disposable email services. The check uses 53+ hardcoded TLDs (<code>.xyz</code>, <code>.top</code>, <code>.click</code>, <code>.loan</code>, etc.) plus a live-updated community list fetched at server startup. A risky TLD alone does not mean the email is invalid but it lowers the trust<br> score.</p> <p><code>domain_entropy</code> — A score from 0 to 100 measuring how pronounceable and human-like the domain name is. Higher is better. A score below 25 suggests the domain name may be randomly generated — a common characteristic of disposable email services. 25 or above is normal. You do not need to act on this field directly — it feeds into the overall score automatically.</p> <p><strong>The email_auth object</strong></p> <p><code>spf</code> — true means the domain has an SPF record published. SPF lets domain owners declare which mail servers are allowed to send email on their behalf. Legitimate domains almost always have this configured.</p> <p><code>spf_policy</code> — How strictly SPF is enforced. strict means hard fail — unauthorized senders are rejected. softfail means soft fail — unauthorized senders are flagged but not necessarily rejected. neutral means no policy preference. null means no SPF record.</p> <p><code>dmarc</code> — true means the domain has a DMARC record. DMARC builds on SPF and tells receiving mail servers what to do with emails that fail authentication.</p> <p><code>dmarc_policy</code> — How the domain handles authentication failures. none means monitoring only — no action taken. quarantine means send suspicious emails to spam. reject means block them completely. null means no DMARC record exists.</p> <p><code>dkim</code> — true means the domain has DKIM signing keys published. DKIM is a digital signature system that proves an email actually came from the domain it claims to be from. false does not automatically mean the email is bad — many legitimate domains do not publish DKIM selectors publicly, including Gmail which manages DKIM internally.</p> <p><strong>The intelligence object</strong></p> <p>The intelligence engine runs additional analysis on domains that are not in the known disposable list. It checks domain age, how many other domains share the same mail server IP, the hosting provider reputation, and whether the domain has a real website. This catches brand new disposable email services before they appear in any blocklist.</p> <p><code>intelligence.risk_score</code> — A number from 0 to 100 representing how suspicious the domain appears based on infrastructure signals. Above 60 is flagged as likely disposable. 30 to 60 is considered risky.</p> <p><code>intelligence.flags</code> — A list of human readable reasons for the risk score. Examples are "Domain registered only 3 days ago", "MX IP shared by 800 domains — disposable infrastructure", or "No web presence detected". null means no red flags were found.</p> <p>When intelligence is null it means the domain passed all infrastructure checks cleanly and no red flags were detected.</p> <p><strong>The suggestions object</strong></p> <p><code>suggestions.did_you_mean</code> — If the domain looks like a common typo this field shows the corrected version. Uses two layers: a dictionary of known typos (e.g. <code>gmial.com</code> → <code>gmail.com</code>), then Levenshtein fuzzy matching for variants not in the dictionary. For example <code>user@gmial.com</code> suggests <code>user@gmail.com</code>. <code>null</code> means no typo detected.</p> <h3> 2. Validate Single Email via POST </h3> <p><code>POST /v1/validate</code></p> <p>Identical to the GET endpoint but accepts the email in the request body.<br> Useful when you do not want the email address to appear in server logs or URLs.</p> <p><strong>Request Body:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"fields"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mx,disposable,role"</span><span class="p">,</span><span class="w"> </span><span class="nl">"quick"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>email</td> <td>string</td> <td>Yes</td> <td>The email address to validate</td> </tr> <tr> <td>fields</td> <td>string</td> <td>No</td> <td>Comma-separated checks to run. Omit for all.</td> </tr> <tr> <td>quick</td> <td>boolean</td> <td>No</td> <td>Skip SMTP if true</td> </tr> </tbody> </table></div> <p>Response format is identical to the GET endpoint.</p> <h3> 3. Bulk Validate Emails </h3> <p><code>POST /v1/validate/bulk</code></p> <p>Validate multiple emails in one request. Much faster and more efficient than calling the single endpoint repeatedly. Ideal for cleaning existing email lists before sending campaigns.</p> <p><strong>Request Body:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"emails"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"user@gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="s2">"fake@tempmail.com"</span><span class="p">,</span><span class="w"> </span><span class="s2">"admin@example.com"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"fields"</span><span class="p">:</span><span class="w"> </span><span class="s2">"disposable,role"</span><span class="p">,</span><span class="w"> </span><span class="nl">"quick"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>emails</td> <td>array</td> <td>Yes</td> <td>Array of email addresses to validate</td> </tr> <tr> <td>fields</td> <td>string</td> <td>No</td> <td>Comma-separated checks to run. Omit for all.</td> </tr> <tr> <td>quick</td> <td>boolean</td> <td>No</td> <td>Skip SMTP if true</td> </tr> </tbody> </table></div> <p><strong>Plan limits:</strong></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Plan</th> <th>Max emails per bulk call</th> </tr> </thead> <tbody> <tr> <td>BASIC (free)</td> <td>5</td> </tr> <tr> <td>PRO</td> <td>50</td> </tr> <tr> <td>ULTRA</td> <td>100</td> </tr> <tr> <td>MEGA</td> <td>500</td> </tr> </tbody> </table></div> <p><strong>Response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"count"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"results"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user@gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VALID"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reason"</span><span class="p">:</span><span class="w"> </span><span class="s2">"All checks passed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"score_label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Excellent"</span><span class="p">,</span><span class="w"> </span><span class="nl">"checks"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">"..."</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"intelligence"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"suggestions"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"latency_ms"</span><span class="p">:</span><span class="w"> </span><span class="mi">1243</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"fake@tempmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="s2">"REJECT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reason"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Disposable email detected via domain_list"</span><span class="p">,</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"score_label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Very Poor"</span><span class="p">,</span><span class="w"> </span><span class="nl">"checks"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">"..."</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"intelligence"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"risk_score"</span><span class="p">:</span><span class="w"> </span><span class="mi">85</span><span class="p">,</span><span class="w"> </span><span class="nl">"flags"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"..."</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"suggestions"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"latency_ms"</span><span class="p">:</span><span class="w"> </span><span class="mi">312</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"admin@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="s2">"RISKY"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reason"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Role-based address — low engagement, high spam risk"</span><span class="p">,</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">65</span><span class="p">,</span><span class="w"> </span><span class="nl">"score_label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Good"</span><span class="p">,</span><span class="w"> </span><span class="nl">"checks"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">"..."</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"intelligence"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"suggestions"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="nl">"latency_ms"</span><span class="p">:</span><span class="w"> </span><span class="mi">890</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>What It Means</th> </tr> </thead> <tbody> <tr> <td>count</td> <td>How many emails were processed in this request</td> </tr> <tr> <td>results</td> <td>An array with one full result per email in the same order you sent them</td> </tr> </tbody> </table></div> <p>Each entry in results is the same response object as the single validate endpoint. If you passed a <code>fields</code> parameter, each result only contains the checks you requested.</p> <h3> 4. List Available Fields </h3> <p><code>GET /v1/fields</code></p> <p>Returns the complete list of all available field names with their speed estimates and what they return. Useful for building dynamic integrations or confirming field names.</p> <p>No parameters needed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"available_fields"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"syntax"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"instant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"checks.syntax_valid"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"~200ms"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"mx_found"</span><span class="p">,</span><span class="w"> </span><span class="s2">"mx_records"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"smtp"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"~1-3s"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"smtp_verified"</span><span class="p">,</span><span class="w"> </span><span class="s2">"smtp_catch_all"</span><span class="p">,</span><span class="w"> </span><span class="s2">"smtp_greylisted"</span><span class="p">,</span><span class="w"> </span><span class="s2">"smtp_skipped"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"disposable"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"instant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"is_disposable"</span><span class="p">,</span><span class="w"> </span><span class="s2">"disposable_method"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"role"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"instant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"is_role_based"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"subaddress"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"instant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"is_sub_address"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"provider"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"instant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"is_free_provider"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"spamtrap"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"instant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"spam_trap_suspected"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"intelligence"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"instant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"risky_tld"</span><span class="p">,</span><span class="w"> </span><span class="s2">"domain_entropy"</span><span class="p">,</span><span class="w"> </span><span class="s2">"intelligence (top-level)"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"auth"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"~300ms"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"email_auth (spf, spf_policy, dmarc, dmarc_policy, dkim)"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"typo"</span><span class="p">,</span><span class="w"> </span><span class="nl">"speed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"instant"</span><span class="p">,</span><span class="w"> </span><span class="nl">"returns"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"suggestions (top-level)"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"always_returned"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"email"</span><span class="p">,</span><span class="w"> </span><span class="s2">"result"</span><span class="p">,</span><span class="w"> </span><span class="s2">"reason"</span><span class="p">,</span><span class="w"> </span><span class="s2">"score"</span><span class="p">,</span><span class="w"> </span><span class="s2">"score_label"</span><span class="p">,</span><span class="w"> </span><span class="s2">"latency_ms"</span><span class="p">,</span><span class="w"> </span><span class="s2">"checks.syntax_valid"</span><span class="p">],</span><span class="w"> </span><span class="nl">"usage"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Pass ?fields=mx,disposable,auth — only those checks run. Omit for full validation."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> 5. Health Check </h3> <p><code>GET /health</code></p> <p>Check if the API is online. No parameters needed. Use this before making<br> bulk requests to confirm the service is running.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ok"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"5.0.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ts"</span><span class="p">:</span><span class="w"> </span><span class="mi">1741267200000</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>What It Means</th> </tr> </thead> <tbody> <tr> <td>status</td> <td>ok means everything is working normally</td> </tr> <tr> <td>version</td> <td>The current version of the API</td> </tr> <tr> <td>ts</td> <td>Current server timestamp in milliseconds</td> </tr> </tbody> </table></div> <h2> Quick Mode vs Full Mode vs Selective Fields </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Mode</th> <th>How To Use</th> <th>Speed</th> <th>Best For</th> </tr> </thead> <tbody> <tr> <td>Full mode</td> <td>No params</td> <td>~2-3s</td> <td>Maximum accuracy — all 11 fields run</td> </tr> <tr> <td>Quick mode</td> <td><code>quick=true</code></td> <td>~300ms</td> <td>Skip SMTP only, all other checks run</td> </tr> <tr> <td>Selective fields</td> <td><code>fields=mx,disposable</code></td> <td>Depends on fields</td> <td>Run only what you need — fastest option</td> </tr> <tr> <td>Selective + quick</td> <td><code>fields=smtp&amp;quick=true</code></td> <td>~300ms</td> <td>Selective without SMTP</td> </tr> </tbody> </table></div> <p>The <code>fields</code> parameter is more powerful than <code>quick=true</code> alone. With <code>fields</code> you control exactly which checks execute. With <code>quick=true</code> you only skip SMTP — everything else still runs.</p> <p>For real-time typing validation, <code>fields=syntax,typo</code> gives you instant feedback with near-zero latency. Then run <code>fields=mx,disposable,role</code> on submit for a thorough but fast check. Only use <code>fields=smtp</code> for high-value signups where confirming the mailbox is worth the extra 1-3 seconds.</p> <h2> How To Use The Results In Your Code </h2> <p><strong>Simple accept or reject based on result:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/v1/validate?email=</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">email</span><span class="p">,</span> <span class="p">{</span> <span class="nx">headers</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">result</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">VALID</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="nf">proceedWithSignup</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">result</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">RISKY</span><span class="dl">"</span> <span class="o">||</span> <span class="nx">data</span><span class="p">.</span><span class="nx">result</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">UNKNOWN</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="nf">sendConfirmationEmail</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="c1">// allow but verify</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">showError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Please enter a valid email address</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Use the score for more nuanced decisions:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">score</span> <span class="o">&amp;</span><span class="nx">gt</span><span class="p">;</span><span class="o">=</span> <span class="mi">80</span><span class="p">)</span> <span class="p">{</span> <span class="nf">acceptDirectly</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">score</span> <span class="o">&amp;</span><span class="nx">gt</span><span class="p">;</span><span class="o">=</span> <span class="mi">50</span><span class="p">)</span> <span class="p">{</span> <span class="nf">requireEmailConfirmation</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">rejectSignup</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Handle catch-all domains separately:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">checks</span><span class="p">.</span><span class="nx">smtp_catch_all</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Cannot verify individual mailbox — allow but flag</span> <span class="nf">flagForManualReview</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">result</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">REJECT</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="nf">rejectSignup</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Help users fix typos:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">suggestions</span><span class="p">?.</span><span class="nx">did_you_mean</span><span class="p">)</span> <span class="p">{</span> <span class="nf">showMessage</span><span class="p">(</span><span class="s2">`Did you mean </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">suggestions</span><span class="p">.</span><span class="nx">did_you_mean</span><span class="p">}</span><span class="s2">?`</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Require business email only:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">checks</span><span class="p">.</span><span class="nx">is_free_provider</span><span class="p">)</span> <span class="p">{</span> <span class="nf">showError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Please use your business email address</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>Use selective fields for a fast signup form:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Only run mx + disposable + role — responds in ~200ms</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="dl">'</span><span class="s1">/v1/validate?email=</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">email</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">&amp;fields=mx,disposable,role</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">headers</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">checks</span><span class="p">.</span><span class="nx">is_disposable</span><span class="p">)</span> <span class="nf">showError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Disposable emails not allowed</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">checks</span><span class="p">.</span><span class="nx">is_role_based</span><span class="p">)</span> <span class="nf">showError</span><span class="p">(</span><span class="dl">"</span><span class="s2">Please use a personal email address</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">data</span><span class="p">.</span><span class="nx">checks</span><span class="p">.</span><span class="nx">mx_found</span><span class="p">)</span> <span class="nf">showError</span><span class="p">(</span><span class="dl">"</span><span class="s2">This email domain does not exist</span><span class="dl">"</span><span class="p">);</span> </code></pre> </div> <p><strong>Clean an email list before sending a campaign:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">bulkValidate</span><span class="p">(</span><span class="nx">emailList</span><span class="p">,</span> <span class="p">{</span> <span class="na">fields</span><span class="p">:</span> <span class="dl">"</span><span class="s2">disposable,role,spamtrap</span><span class="dl">"</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">cleanList</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">results</span> <span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">r</span> <span class="o">=&amp;</span><span class="nx">gt</span><span class="p">;</span> <span class="nx">r</span><span class="p">.</span><span class="nx">result</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">VALID</span><span class="dl">"</span> <span class="o">&amp;&amp;</span> <span class="nx">r</span><span class="p">.</span><span class="nx">score</span> <span class="o">&amp;</span><span class="nx">gt</span><span class="p">;</span><span class="o">=</span> <span class="mi">70</span><span class="p">)</span> <span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">r</span> <span class="o">=&amp;</span><span class="nx">gt</span><span class="p">;</span> <span class="nx">r</span><span class="p">.</span><span class="nx">email</span><span class="p">);</span> </code></pre> </div> <h2> Recommended Combinations By Use Case </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Use Case</th> <th>fields=</th> <th>Speed</th> <th>Why</th> </tr> </thead> <tbody> <tr> <td>Signup form</td> <td><code>mx,disposable,role</code></td> <td>~200ms</td> <td>Blocks the most common bad emails, no SMTP wait</td> </tr> <tr> <td>Real-time typing</td> <td><code>syntax,typo</code></td> <td>~0ms</td> <td>Instant format + typo correction as user types</td> </tr> <tr> <td>Email marketing list clean</td> <td><code>disposable,spamtrap,role,mx</code></td> <td>~200ms</td> <td>Removes all bad senders before a campaign</td> </tr> <tr> <td>Security audit</td> <td><code>auth,intelligence</code></td> <td>~300ms</td> <td>SPF/DMARC/DKIM + domain reputation</td> </tr> <tr> <td>High-value lead verification</td> <td><code>mx,smtp,disposable</code></td> <td>~1-3s</td> <td>Full SMTP mailbox confirmation</td> </tr> <tr> <td>Business email gate</td> <td><code>provider,syntax</code></td> <td>~0ms</td> <td>Block free providers instantly</td> </tr> <tr> <td>Bulk list cleaning</td> <td><code>disposable</code></td> <td>~0ms</td> <td>In-memory lookup — instant even for thousands</td> </tr> </tbody> </table></div> <h2> Honest Limitations </h2> <p>We believe in being upfront about what this API can and cannot do.<br> Major providers like Gmail, Yahoo, Outlook, iCloud, and ProtonMail block automated SMTP probing. For these domains smtp_skipped will be true and smtp_verified will be null. The result is still based on the other 11 checks and is reliable for detecting obvious fakes and disposable patterns — but we cannot confirm whether a specific Gmail mailbox exists.</p> <p>Catch-all domains accept every email address regardless of whether the individual mailbox exists. smtp_catch_all will be true for these. We cannot tell you if a specific address on that domain is real — we recommend flagging these for manual review rather than outright rejecting.</p> <p>No email validator guarantees 100% accuracy. Some valid emails will occasionally score lower than expected due to server timeouts, temporary DNS issues, or conservative server configurations. Use the result and score together to make decisions, and always give users a way to receive a confirmation email if they believe their address is valid.</p> <p>We do our best across 11 fields but we are not the only option and may not be perfect for every use case. Test on the free tier first to confirm it meets your needs.</p> <p>Every live data source has a hardcoded fallback built in. If the <br> disposable blocklist fetch fails, 769,000+ built-in domains still run. <br> If the risky TLD live fetch fails, 53 hardcoded TLDs still fire. If MX <br> fingerprinting cannot resolve, the hardcoded provider list covers all <br> major cases. The API never returns an error due to a failed external <br> fetch — it degrades gracefully and silently to its hardcoded layer.</p> <h2> FAQ </h2> <p><strong>Is this GDPR compliant?</strong></p> <p>Yes. Email addresses submitted for validation are never stored, logged, or shared with any third party. Every request is processed in memory and discarded immediately after the response is sent.</p> <p><strong>Why is smtp_verified null for Gmail addresses?</strong></p> <p>Gmail and other major providers block automated SMTP verification by design — they return 250 for every address regardless of whether it exists, making the check useless. We detect this and skip SMTP for these providers, marked by smtp_skipped: true. The result is still based on 11 other checks and is reliable.</p> <p><strong>What is the fields parameter?</strong></p> <p>It lets you specify exactly which checks to run. Only those checks execute — the rest are skipped entirely. This means the response time depends on what you ask for. Asking for just disposable takes under 10ms. Asking for smtp takes 1-3 seconds. Pass <code>fields=mx,disposable,role</code> for a fast signup form check, or omit fields entirely for full validation.</p> <p><strong>What is a catch-all domain?</strong></p> <p>Some domains are configured to accept every email address regardless of whether the individual mailbox actually exists. smtp_catch_all: true indicates this. We recommend flagging these for manual review and sending a confirmation email rather than rejecting.</p> <p><strong>What does is_sub_address mean?</strong></p> <p>It means the email uses plus addressing — for example <a href="mailto:user+newsletter@gmail.com">user+newsletter@gmail.com</a>. This is a real technique where email goes to the base address (<a href="mailto:user@gmail.com">user@gmail.com</a>). Some users do this to track who shares their email. It is valid but worth knowing about.</p> <p><strong>How often is the disposable domain list updated?</strong></p> <p>The list is fetched from live community blocklists every time the server starts. The 769,000+ domain fallback is always available even if the live fetch fails. New disposable services are typically picked up within hours of being added to community sources.</p> <p><strong>What does the intelligence object tell me?</strong></p> <p>It runs deeper analysis on unknown domains — checking how old the domain is, how many other domains share its mail server, the reputation of its hosting provider, and whether it has a real website. A domain registered 3 days ago with 800 other domains on the same IP and no website is almost certainly a disposable email service even if it is not in any blocklist yet.</p> <p><strong>Should I reject RISKY emails outright?</strong></p> <p>Not necessarily. RISKY means there are signals worth noting but nothing definitive. The best approach is to allow the signup but send a confirmation email — if they can confirm it the address is real enough to use.</p> <p><strong>What is domain_entropy?</strong></p> <p>It is a measure of how pronounceable and human-like the domain name is. Randomly generated domains like xk7mq2p.com score very low. Real business domains and well known providers score high. It feeds into the overall score automatically — you do not need to check it directly.</p> <p><strong>What happens if I pass an unknown field name?</strong></p> <p>The API runs the valid field names you provided and returns the unrecognised ones in <code>_unknown_fields</code>. So <code>fields=mx,typo,fakething</code> would run mx and typo normally, and return <code>"_unknown_fields": ["fakething"]</code> in the response so you can fix your integration.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F00btmnd00xigm85dr063.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F00btmnd00xigm85dr063.png" alt=" " width="500" height="500"></a></p> api backend security webdev An Email Validation API That Only Runs the Checks You Actually Need shahil shaikh Tue, 10 Mar 2026 19:10:38 +0000 https://dev.to/shahil_shaikh_73/an-email-validation-api-that-only-runs-the-checks-you-actually-need-l92 https://dev.to/shahil_shaikh_73/an-email-validation-api-that-only-runs-the-checks-you-actually-need-l92 <p>I want to start with a question.</p> <p>When was the last time you needed to verify every single thing about an email address all at once?</p> <p>Probably never. Most of the time maybe you just want to know one or two things. Is this a throwaway email? Is this a real domain? Does this address even look valid?</p> <p>But if you have ever used an email validation API you already know the problem. Perhaps in most of the cases, you ask for one thing and it runs everything. You wait 2 seconds for a live SMTP probe that you never asked for. You get back a response with half the fields set to null. And you pay for all of it in latency whether you needed it or not.</p> <p>That is where this API gives advantage.</p> <h2> The Idea Is Simple </h2> <p>You tell the API exactly which checks to run. Only those checks execute. Nothing else fires.</p> <p>That is it. That is the whole idea.</p> <p>It sounds obvious when you say it out loud. But almost no email validation API actually works this way. Most of them were all built around the assumption that you want everything. This one was built around the assumption that you know what you need.</p> <h2> How It Works in Practice </h2> <p>You pass a <code>fields</code> parameter with the checks you want.</p> <p>Say you are building a signup form and you just want to block disposable emails. One field. One check.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">GET /v1/validate?email=user@gmail.com&amp;fields=disposable </span></code></pre> </div> <p>That comes back in under 10ms. It is checking against 769,000 known throwaway domains entirely in memory. No DNS. No network. Nothing. Just an instant lookup.</p> <p>Now say you want to be a bit more thorough on that signup form. Block disposable emails, check the domain actually receives mail, filter out role-based addresses like admin@ or noreply@, and catch spam traps.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">GET /v1/validate?email=user@gmail.com&amp;fields=mx,disposable,role,spamtrap </span></code></pre> </div> <p>Four checks. About 200ms. Still no SMTP. Still fast enough that your users will not notice anything.</p> <p>And if you are verifying a high value lead and you genuinely need the full picture including whether the mailbox actually exists:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">GET /v1/validate?email=user@gmail.com </span></code></pre> </div> <p>Leave out the fields parameter entirely. All 11 checks run. Live SMTP included. Takes 1 to 3 seconds but you are getting everything.</p> <p>The point is you are in control. You decide what runs. You decide how long you are willing to wait. The API just does what you ask.</p> <h2> The 11 Checks Available </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>What it checks</th> <th>Speed</th> </tr> </thead> <tbody> <tr> <td><code>syntax</code></td> <td>Is the format valid</td> <td>Instant</td> </tr> <tr> <td><code>mx</code></td> <td>Does the domain receive email</td> <td>~200ms</td> </tr> <tr> <td><code>smtp</code></td> <td>Does the mailbox actually exist</td> <td>~1-3s</td> </tr> <tr> <td><code>disposable</code></td> <td>769,000+ throwaway domains</td> <td>Instant</td> </tr> <tr> <td><code>role</code></td> <td>admin@, noreply@, support@ variants</td> <td>Instant</td> </tr> <tr> <td><code>provider</code></td> <td>Free vs corporate domain</td> <td>Instant</td> </tr> <tr> <td><code>spamtrap</code></td> <td>Honeypot and trap patterns</td> <td>Instant</td> </tr> <tr> <td><code>subaddress</code></td> <td>Plus tag like <a href="mailto:user+spam@gmail.com">user+spam@gmail.com</a> </td> <td>Instant</td> </tr> <tr> <td><code>intelligence</code></td> <td>Risky TLDs and gibberish domains</td> <td>Instant</td> </tr> <tr> <td><code>auth</code></td> <td>SPF, DMARC, DKIM records</td> <td>~300ms</td> </tr> <tr> <td><code>typo</code></td> <td>gmial→gmail, yahooo→yahoo</td> <td>Instant</td> </tr> </tbody> </table></div> <p>Notice how most checks are instant. That is because they run entirely in memory with no network calls. The slow ones — mx, smtp, auth — are slow because they have to talk to the outside world. That is just how it works. But since you only run the ones you need, you only wait when you actually have to.</p> <h2> How the Detection Stays Accurate Automatically </h2> <p>Every feature in this API uses two layers of detection.</p> <p>The first layer is hardcoded. A fast in-memory lookup against a set of known values. This is what runs when someone submits a form on your site. Instant. Zero network. Works even if everything else goes down.</p> <p>The second layer is automatic. It fetches live data at server startup and fills in everything the hardcoded layer does not cover. New throwaway domains. New risky TLDs. New variants of known patterns. All caught automatically without anyone having to update a list manually.</p> <p>Here is what that looks like for each feature:</p> <p><strong>Disposable email detection</strong></p> <p>The hardcoded layer has 769,000 known throwaway domains already in memory when the server starts. The live layer fetches a community maintained blocklist from GitHub at startup and adds anything new. If that fetch fails for any reason the API just keeps running on the hardcoded layer. You never get an error. You never even know the fetch failed.</p> <p><strong>Role-based address detection</strong></p> <p>The hardcoded layer knows 101 exact prefixes. Admin. Noreply. Support. Billing. Postmaster. And dozens more. The automatic layer uses fuzzy segment matching to catch variants that are not in the list. Noreply2. Admin123. Support.team. Billing_dept. Caught automatically without any manual updates.</p> <p><strong>Free provider detection</strong></p> <p>The hardcoded layer covers 64 known domains. Gmail. Yahoo. Hotmail. And all their regional variants. The automatic layer uses MX fingerprinting — it checks where the domain's mail actually routes. Any company using Google Workspace or Microsoft 365 gets caught here too even if their domain is not on any list. Because the mail routes through Google or Microsoft infrastructure and that fingerprint gives it away.</p> <p><strong>Risky TLD detection</strong></p> <p>53 hardcoded TLDs that are known for high abuse rates. .xyz, .tk, .cf, .top, .icu and more. Plus a live community list fetched at startup that keeps it current.</p> <p><strong>Typo correction</strong></p> <p>53 known common typos in a dictionary. Gmial. Yahooo. Hotmial. Outloo. And a Levenshtein fuzzy matching layer underneath that catches anything new. If someone types a domain that looks almost like a real one but is not quite right, the API suggests the correction automatically.</p> <h2> What Every Response Looks Like </h2> <p>No matter which fields you request, every response always comes back with these:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user@gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VALID"</span><span class="p">,</span><span class="w"> </span><span class="nl">"reason"</span><span class="p">:</span><span class="w"> </span><span class="s2">"All checks passed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"score_label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Excellent"</span><span class="p">,</span><span class="w"> </span><span class="nl">"latency_ms"</span><span class="p">:</span><span class="w"> </span><span class="mi">312</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The result is one of four things:</p> <ul> <li> <code>VALID</code> — looks good, safe to use</li> <li> <code>RISKY</code> — something is off but not definitively bad. Role-based address, risky TLD, sub-address, catch-all server</li> <li> <code>REJECT</code> — do not use this. Disposable domain, spam trap, invalid syntax, no mail infrastructure</li> <li> <code>UNKNOWN</code> — SMTP probe was inconclusive. Server blocked it or greylisted it</li> </ul> <p>The score starts at 100 and goes down based only on the checks that actually ran. So if you only asked for disposable and role, the score only reflects those two. Nothing you did not ask for will affect it.</p> <h2> A Few Real Scenarios </h2> <p><strong>You are building a signup form</strong></p> <p>You do not need SMTP. You do not need auth. You need to block the obvious junk fast.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">fields</span><span class="p">=</span><span class="s">mx,disposable,role,spamtrap</span> </code></pre> </div> <p>About 200ms. Blocks throwaway emails, role addresses, spam traps, and domains with no mail server. That alone will stop the vast majority of fake signups.</p> <p><strong>You have a list of 50,000 emails and need to clean it</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">fields</span><span class="p">=</span><span class="s">disposable</span> </code></pre> </div> <p>Under 10ms per email. Pure memory lookup. You can process that entire list in seconds.</p> <p><strong>You just got a high value lead and want to be sure</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(no fields param — all 11 checks run) </code></pre> </div> <p>Everything runs. Live SMTP included. You will know within 1 to 3 seconds whether that mailbox actually exists.</p> <p><strong>You want to show typo suggestions as someone types</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight properties"><code><span class="py">fields</span><span class="p">=</span><span class="s">syntax,typo&amp;quick=true</span> </code></pre> </div> <p>Under 50ms. If they type gmial.com it suggests gmail.com before they even finish the word.</p> <h2> Bulk Validation </h2> <p>You can also send multiple emails in one call.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">POST</span><span class="w"> </span><span class="err">/v</span><span class="mi">1</span><span class="err">/validate/bulk</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"emails"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"user@gmail.com"</span><span class="p">,</span><span class="w"> </span><span class="s2">"test@mailinator.com"</span><span class="p">,</span><span class="w"> </span><span class="s2">"admin@company.com"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"fields"</span><span class="p">:</span><span class="w"> </span><span class="s2">"disposable,role"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The response order always matches the input order. Every result has its own verdict, score, and latency. The fields parameter applies to the whole batch so you are not running checks you do not need on any of them.</p> <h2> Being Honest About What It Cannot Do </h2> <p>Perhaps no email validation API is perfect and this one is no different.</p> <p>Gmail, Yahoo, Outlook, and most major providers block SMTP probing. So smtp_skipped=true on those domains is the correct response, not a failure. The API detects this automatically and skips SMTP rather than timing out or giving you a wrong answer.</p> <p>Catch-all servers accept every email address regardless of whether the mailbox exists. There is no way around that. If a server accepts everything, individual mailbox verification is impossible for anyone.</p> <p>Some valid emails will score lower than expected. Temporary DNS issues, server timeouts, conservative configurations. It happens. Always give your users a way to verify manually if they think their address is being wrongly flagged.</p> <p>And a brand new throwaway domain registered today might slip through until the community blocklist catches up with it. The window is small but it exists.</p> <p>None of these are unique to this API. They are just the honest reality of email validation.</p> <h2> Why Selective Execution Changes Everything </h2> <p>Most email validation APIs were built around the idea of running everything and returning everything. That made sense when validation was a background job nobody was waiting on.</p> <p>It makes no sense when you are running it in real time on a signup form.</p> <p>The selective execution approach flips that completely. You decide what matters for your use case. The API runs only that. The response only contains what you asked for. No nulls. No wasted time. No paying in latency for checks you did not need.</p> <h2> Try It Free </h2> <p>Free tier is available on RapidAPI. 200 requests per month. No credit card needed. Enough to properly test it against your own use case before deciding if it is right for you.</p> <p><a href="https://rapidapi.com/ShahilShaikh/api/email-validator83" rel="noopener noreferrer"><strong>Try Email Validator→</strong></a></p> <p>If you do try it I would genuinely appreciate an honest review on the listing. Good or bad. I want to know what is working and what is not. And it helps other developers make a more informed decision.</p> <p>If you have dealt with email validation problems in your own projects — fake signups, dirty lists, deliverability issues — I would love to hear what you ran into in the comments. What broke? What was too slow? What did you wish worked differently?</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fypmfxqxhwx0xwfwbqf8v.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fypmfxqxhwx0xwfwbqf8v.png" alt=" " width="800" height="800"></a></p> webdev api javascript beginners