What is Email Verification?

The services offered by our API are like a digital Swiss Army Knife. They can always help you find a way to solve a problem or implement a solution in your applications. For example, our Email Scoring service performs the Email Verification and Validation. Hence, Email Verification determines whether or not an email address is fully valid and deliverable. Overall the process involves a deep analysis of each email, and this is what the Email Scoring service does.

How Does Email Verification and Validation Work?

In detail, a combination of several validation techniques based on custom-built algorithms scores the legitimacy of an email. After the execution of the process, the addresses have been ranked. Clean and good email addresses will have a neutral or positive score. Suspicious addresses will have a negative score. The more negative the score, more probability of being an invalid address.

Below we’ve described in detail just how our email verification process works:

  • Address: If any of these checks fail, the score of this test is -1.
    1. Address Syntax: This check removes improperly formatted email addresses. It must adhere to IETF standards.
    2. Role-Based Account: Email sends to role-based such as postmaster@, info@, sales@, admin@, etc. can negatively impact the deliverability, and even some ISPs will block you. This process detects and flags such addresses.
  • Domain: Our algorithm tests the domain, the MX domains and NS domains. If any of these checks fail, the score of this test is -1.
    1. Domain blacklisted: The process searches the domain in different blacklists. To be clean, it must not appear in any of them.
    2. MX domain blacklisted: It searches the MX domains in different blacklists too. Clean MX domains must not appear in any of them.
    3. NS domain blacklisted: It searches the NS domains in different blacklists too. Spammers use very well-known suspicious Nameservers, and we also can block them.
  • Free Email Service: Our algorithm can flag as suspicious emails hosted by Free Email Services like (Google, Yahoo, Hotmail/Microsoft…). Since this is a very aggressive option, it can be disabled in the Blacklist section of our dashboard. The score for this test is -1.
  • Disposable Email Address: If the Email address is hosted by Disposable Email Address Providers. Throwaway/disposable email addresses, or “junk collector” email addresses,” are detected and processed appropriately. Bad guys use them to bypass signup forms or login forms which require a valid email address. The score for this test is -1.
  • Blacklisted Email Address: If the Email address belongs to some of our Email Abuse blacklists, then the score for this test is -1.
  • SMTP Verification: Performs deep-level extended SMTP verifications on the email address. The process pings the addresses for mailbox existence without sending an actual email to the inbox. It will also check the validity of the MX records and will test if the server implements a catch-all policy. The score for this test is -1 for any of them.
  • Lookup IP in blacklists of DNSBLs or RBL: A DNS-based blackhole list (DNSBL) or Real-time Blackhole List (RBL) is a list of IP addresses often used for spamming. Our algorithms check the email addresses and IP addresses against known DNSBLs and RBL to trap spam networks. The score for this test is -1 for any of them.

How to get the score of an email

You can start using our API right away. You don’t need to register to use it. So for example, let’s get the score for the email test@mailinator.com. Mailinator.com is a very well known Disposable Email Address provider, so I guess we will get a negative score. To test the Apility.io API we will use the command curl:

$ curl -X GET https://api.apility.net/bademail/test@mailinator.com

the JSON response will be:

{
  "response": {
    "score": -3,
    "ip": {
      "score": 0,
      "blacklist": [],
      "is_quarantined": false,
      "address": "104.25.199.31"
    },
    "address": {
      "score": 0,
      "is_role": false,
      "is_well_formed": true
    },
    "email_address": "test@mailinator.com",
    "disposable": {
      "is_disposable": true,
      "score": -1
    },
    "domain": {
      "score": -1,
      "ns": [
        "betty.ns.cloudflare.com.",
        "james.ns.cloudflare.com."
      ],
      "blacklist": [
        "MARTENSON-DED",
        "DEA",
        "IVOLO-DED"
      ],
      "blacklist_ns": [],
      "blacklist_mx": [],
      "mx": [
        "mail2.mailinator.com",
        "mail.mailinator.com"
      ]
    },
    "source_ip": {
      "score": 0,
      "blacklist": [],
      "is_quarantined": false,
      "address": "127.0.0.1"
    },
    "freemail": {
      "score": 0,
      "is_freemail": false
    },
    "email": {
      "score": -1,
      "blacklist": [
        "STOPFORUMSPAM-180",
        "STOPFORUMSPAM-365"
      ]
    },
    "smtp": {
      "score": 0,
      "exist_mx": true,
      "exist_catchall": false,
      "exist_address": true
    }
  },
  "type": "bademail"
}

The Global Score is -3, as a result of the sum of the scores of Disposable, Domain in blacklists and Email in blacklists. Not a very trustable email…

Now we are going to test a valid email. For example, our email address devops@apility.io:

$ curl -X GET https://api.apility.net/bademail/devops@apility.io

and the response will be:

Resource not found

As a result, if the email has a neutral or positive score and we don’t pass an Accept header to the request it returns a 404 code, which means that the resource cannot be found in abuse check or list.

How to get the score and full details of an email

If you want to have full details of the email address then you have to add the header:

$ curl -H "Accept: application/json" -X GET https://api.apility.net/bademail/devops@apility.io

and the response now is the full JSON object:

{
  "response": {
    "score": 0,
    "ip": {
      "score": 0,
      "blacklist": [],
      "is_quarantined": false,
      "address": "35.189.84.182"
    },
    "address": {
      "score": 0,
      "is_role": false,
      "is_well_formed": true
    },
    "email_address": "devops@apility.io",
    "disposable": {
      "is_disposable": false,
      "score": 0
    },
    "domain": {
      "score": 0,
      "ns": [
        "alex.ns.cloudflare.com.",
        "pam.ns.cloudflare.com."
      ],
      "blacklist": [],
      "blacklist_ns": [],
      "blacklist_mx": [],
      "mx": [
        "aspmx.l.google.com",
        "aspmx2.googlemail.com",
        "aspmx3.googlemail.com",
        "alt1.aspmx.l.google.com",
        "alt2.aspmx.l.google.com"
      ]
    },
    "source_ip": {
      "score": 0,
      "blacklist": [],
      "is_quarantined": false,
      "address": "127.0.0.1"
    },
    "freemail": {
      "score": 0,
      "is_freemail": false
    },
    "email": {
      "score": 0,
      "blacklist": []
    },
    "smtp": {
      "score": 0,
      "exist_mx": true,
      "exist_catchall": false,
      "exist_address": true
    }
  },
  "type": "bademail"
}

In that case, now the score is neutral.

Several Email Verification and Validation processes at once

If you want to purify a list of emails you can save time using the bulk email processing API. You can pass as an argument in the query string a maximum of 10 email addresses per request. For example:

$ curl -H "Accept: application/json" -X GET "https://api.apility.net/bademail_batch/test@moocher.io,test@apility.io,test@mailinator.com"

The response is a JSON object like this:

{
  "response": [
    {
      "scoring": {
        "address": {
          "is_well_formed": true,
          "is_role": false,
          "score": 0
        },
        "freemail": {
          "is_freemail": false,
          "score": 0
        },
        "domain": {
          "ns": [
            "alex.ns.cloudflare.com.",
            "pam.ns.cloudflare.com."
          ],
          "blacklist_mx": [],
          "blacklist_ns": [],
          "blacklist": [],
          "score": 0,
          "mx": [
            "aspmx.l.google.com",
            "aspmx2.googlemail.com",
            "aspmx3.googlemail.com",
            "alt1.aspmx.l.google.com",
            "alt2.aspmx.l.google.com"
          ]
        },
        "ip": {
          "blacklist": [],
          "is_quarantined": false,
          "score": 0,
          "address": "104.31.77.225"
        },
        "disposable": {
          "score": 0,
          "is_disposable": false
        },
        "email": {
          "blacklist": [],
          "score": 0
        },
        "smtp": {
          "exist_address": false,
          "exist_mx": true,
          "exist_catchall": false,
          "score": 0
        },
        "score": 0,
        "source_ip": {
          "blacklist": [],
          "is_quarantined": false,
          "score": 0,
          "address": "2.137.249.73"
        }
      },
      "email": "test@apility.io"
    },
    {
      "scoring": {
        "address": {
          "is_well_formed": true,
          "is_role": false,
          "score": 0
        },
        "freemail": {
          "is_freemail": false,
          "score": 0
        },
        "domain": {
          "ns": [
            "alex.ns.cloudflare.com.",
            "pam.ns.cloudflare.com."
          ],
          "blacklist_mx": [],
          "blacklist_ns": [],
          "blacklist": [],
          "score": 0,
          "mx": [
            "aspmx.l.google.com",
            "alt2.aspmx.l.google.com",
            "alt4.aspmx.l.google.com",
            "alt1.aspmx.l.google.com",
            "alt3.aspmx.l.google.com"
          ]
        },
        "ip": {
          "blacklist": [],
          "is_quarantined": false,
          "score": 0,
          "address": "104.18.44.187"
        },
        "disposable": {
          "score": 0,
          "is_disposable": false
        },
        "email": {
          "blacklist": [],
          "score": 0
        },
        "smtp": {
          "exist_address": false,
          "exist_mx": true,
          "exist_catchall": false,
          "score": 0
        },
        "score": 0,
        "source_ip": {
          "blacklist": [],
          "is_quarantined": false,
          "score": 0,
          "address": "2.137.249.73"
        }
      },
      "email": "test@moocher.io"
    },
    {
      "scoring": {
        "address": {
          "is_well_formed": true,
          "is_role": false,
          "score": 0
        },
        "freemail": {
          "is_freemail": false,
          "score": 0
        },
        "domain": {
          "ns": [
            "betty.ns.cloudflare.com.",
            "james.ns.cloudflare.com."
          ],
          "blacklist_mx": [],
          "blacklist_ns": [],
          "blacklist": [
            "DEA",
            "MARTENSON-DED",
            "IVOLO-DED"
          ],
          "score": -1,
          "mx": [
            "mail2.mailinator.com",
            "mail.mailinator.com"
          ]
        },
        "ip": {
          "blacklist": [],
          "is_quarantined": false,
          "score": 0,
          "address": "104.25.198.31"
        },
        "disposable": {
          "score": -1,
          "is_disposable": true
        },
        "email": {
          "blacklist": [
            "STOPFORUMSPAM-180",
            "STOPFORUMSPAM-365"
          ],
          "score": -1
        },
        "smtp": {
          "exist_address": false,
          "exist_mx": true,
          "exist_catchall": false,
          "score": 0
        },
        "score": -3,
        "source_ip": {
          "blacklist": [],
          "is_quarantined": false,
          "score": 0,
          "address": "2.137.249.73"
        }
      },
      "email": "test@mailinator.com"
    }
  ]
}

As a result, the response object contains a list with all the information with the score for each email address. You can now filter out what email addresses has a neutral or positive score and throw away the email addresses with negative scores.

Account Quotas and rate limits

If you try to use the email API services without an API Key, you will run out of quota very quickly and the rate-limit process will not allow you to send more than one request per minute. Thus If you want to increase your quota and rate-limit, you can get a free API Key if you register in Apility.io.The 30 days trial will let you play with the API enough time to become an experienced user. After the 30 days trial period, you can upgrade to a paid plan or stay with the free plan forever.

Once you have your API Key, you can use adding the query string parameter token, or adding the header parameter X-Auth-Token. For example:

$ curl -H "Accept: application/json" -H "X-Auth-Token: UUID" -X GET https://api.apility.net/bademail/test@mailinator.com 

or

$ curl -H "Accept: application/json" -X GET https://api.apility.net/bademail/test@mailinator.com?token=UUID

You can find your own API Key in the Overview Page of the Dashboard.

Choose what blacklists to use with the algorithms

One of the most powerful features of Apility.io is how we crawl the net looking for all the public and private blacklists of IP addresses, Domains, and Email addresses. Sometimes these lists can make legit Email addresses look suspicious. In that case, to help you avoid this inconvenience, you can choose what lists should be used with the scoring algorithms. Again, you have to log into the Dashboard and go to Blacklists to enable and disable the lists individually.

Apility.io choose ethereum blacklists from the dashboard
Choose Ethereum Blacklists from the dashboard

Email Scoring request activity dashboard

If you are a registered user then you have access to historical data of your requests, You can easily analyze all the scoring information visually:

Email Verification and Validation Service