How Email Validation API Works: A Complete Technical Guide

Email validation is not a single check — it is a pipeline of layered verifications, each catching a different class of bad emails. Understanding every layer helps you pick the right validation depth for your use case.

Layer 1: Syntax Validation

The first gate is a regex-based syntax check. A valid email must have exactly one @ symbol, a local part (before the @), and a domain part (after the @). The local part may contain letters, numbers, and special characters like dots, hyphens, and plus signs. The domain must have at least one dot.

// ValidoAPI response for a syntax failure
{
  "email": "user@@example.com",
  "valid": false,
  "reason": "invalid_syntax",
  "score": 0
}

Layer 2: Domain & MX Record Check

Even if the syntax is valid, the domain may not exist or may not be configured to receive email. A DNS lookup checks whether the domain exists, and an MX record lookup confirms that the domain has configured mail servers. If there are no MX records, no email can ever be delivered there.

Layer 3: Disposable Email Detection

Disposable email providers (DEPs) like Mailinator, Guerrilla Mail, and thousands of others create throw-away addresses that expire within hours. ValidoAPI maintains a database of 10,000+ DEP domains, updated daily, to flag these addresses before they pollute your user base.

Layer 4: SMTP Verification

The deepest and most reliable check: we open a real SMTP conversation with the mail server and ask, "Does this mailbox exist?" without actually sending any email. We connect to the MX server, introduce ourselves with EHLO, then issue a RCPT TO command. A 250 response means the mailbox exists.

SMTP Exchange Example:
→ EHLO validoapi.com
← 250 mx.example.com Hello
→ MAIL FROM: <verify@validoapi.com>
← 250 OK
→ RCPT TO: <target@example.com>
← 250 OK   ← mailbox exists
  (or)
← 550 No such user   ← mailbox does not exist

Layer 5: Role & Catch-All Detection

Role-based addresses like admin@, support@, info@, and noreply@ belong to departments rather than individuals. They often have high unsubscribe rates and spam complaints. Catch-all domains accept every email regardless of whether the mailbox exists, making SMTP checks unreliable for them — ValidoAPI flags these separately so you can make an informed decision.

Putting It All Together

ValidoAPI runs all five layers in parallel and returns a single score between 0 and 100, a boolean valid flag, and a detailed reason code so your application logic can make smart decisions — accept, warn, or reject — based on your risk tolerance.