About the Email Validator
The Email Validator runs six checks against any email address and returns a verdict — Valid, Risky, or Invalid — plus a fix-list of what's wrong. It's designed for form validation, marketing-list hygiene, and quick "is this fake?" checks. Everything runs on our server (needed for DNS), but nothing is stored.
The six checks
✍️ 1. Syntax
RFC 5322 format via PHP's FILTER_VALIDATE_EMAIL, plus local-part length (max 64 chars per RFC 5321), no consecutive dots, and hostname validity for the domain part.
📬 2. MX records
The most important check. If the domain has no MX records, mail cannot be delivered to it — full stop. Some legacy domains rely on an A-record fallback (RFC 5321 §5.1), so the tool checks that too. No MX + no A = fail.
🌐 3. A records
Fallback delivery target if the domain has no MX. Also serves as a "domain resolves at all" sanity check.
🗑️ 4. Disposable / temp-mail
~70 known providers checked (Mailinator, 10minutemail, Guerrilla, Yopmail, Trashmail, Maildrop, Nada, and dozens more). Disposable = the user doesn't want to be contacted long-term.
👥 5. Role account
Detects generic-inbox local parts: info@, admin@, sales@, support@, no-reply@, and 30+ others. Role accounts are fine for support forms but bad for marketing lists (they usually go to a group, and group members mark bulk mail as spam more often).
🏢 6. Free provider
Identifies Gmail / Outlook / Yahoo / iCloud / Proton / Zoho / Yandex / Fastmail / Tutanota. Informational, not a fail — most people have a free email — but if you're doing B2B lead qualification, "custom domain" is a positive signal.
Why no SMTP probing?
Some validators try to open an SMTP connection to the MX server, HELO, and send RCPT TO to see if the address is accepted. This tool does not do that, for several reasons:
- Mail providers detect and blacklist probing IPs — one wrong move and your server gets blocked from every AWS / Google / Microsoft mailbox for hours.
- Catch-all domains give false positives — many domains accept RCPT TO for any address and only bounce later.
- It's considered rude — you're asking someone else's mail server to do work for you without sending mail.
- Modern providers reject probes — Gmail, Outlook, and Yahoo return "250 OK" to every RCPT TO to defeat harvesting, then silently drop mail to nonexistent addresses.
Syntax + DNS + classification catches ~95% of bad addresses at zero cost and without side effects. For the last 5%, the only reliable answer is "send a confirmation email and see if the user clicks."
The three verdicts
- ✅ Valid — syntax OK, domain has MX records, not disposable. Safe to accept.
- ⚠️ Risky — technically deliverable but with warnings — role account, free provider, or A-record fallback with no MX. Accept for contact forms, review before adding to marketing lists.
- ❌ Invalid — bad syntax, disposable, or no way to deliver mail. Reject.
Privacy & rate limits
Rate-limited to 60 addresses per minute per IP. DNS queries hit our server's resolver. Nothing is stored.