Email Validation: a beginner's guide
Validate email with DNS checks and risk scoring
Email validation: what really happens when you check an address
Email validation is the process of checking, before you actually send a message, whether an email address is likely to be deliverable. The interesting part is that email validation is not a single check — it's a stack of progressively deeper checks, each of which catches a different category of bad address, and each of which has trade-offs. Some validation is purely syntactic ("does this string look like a valid email address?"). Some checks the domain ("does this domain even exist, and does it have MX records?"). Some goes further, attempting to verify with the receiving mail server whether the specific local part exists. Each layer is more expensive, slower, and more invasive than the one before it.
You should care because bad email addresses are the silent killer of sender reputation. Every time you send a message to an address that doesn't exist, the bounce gets recorded by Gmail, Yahoo, and Microsoft as a "bad sender" signal. Send too many bounces in a row and your future email — even to good addresses — starts going to spam. Validating email addresses before you send to them is one of the highest-leverage things any email marketer or SaaS product can do for deliverability, and it is shockingly under-used.
The five layers every email validation actually checks:
Syntax. Does the address conform to the format defined in RFC 5322? This catches typos like missing `@` symbols.
Domain existence. Does the domain actually exist in DNS? `bademail@no-such-domain-12345.com` would fail here.
MX presence. Does the domain have MX records pointing at real mail servers? A domain without MX records cannot receive email.
Disposable detection. Is this a known throwaway email service (Mailinator, Guerrilla Mail, Temp-Mail, etc.)? These are usually fraud-adjacent and worth flagging.
SMTP probe. Connect to the receiving mail server and ask if the specific local part exists, without actually sending a message. This is the most accurate but also the most invasive check, and it gets blocked or rate-limited by some providers.
Three questions an email validation answers:
Is this address worth sending to, or is it almost certainly going to bounce?
Is this signup attempt from a real person or a disposable / throwaway address?
How clean is my mailing list right now — what fraction of it would bounce if I sent today?
The cost of skipping email validation is a slow accumulation of bounces that drag down your sender reputation across all major mailbox providers. The fix is to validate at every entry point: signup forms, list imports, CRM updates. The five layers above are all available as standard features in modern validation tools, and the result is dramatically better deliverability over the long run.
The Email Validation endpoint, in plain language
In one sentence: Validate email with [DNS (Domain Name System)](/guides/dns-lookup) checks and risk scoring
Performs comprehensive DNS-level email validation including the official internet standard syntax verification, MX record (Mail eXchanger record) checks, disposable domain detection (110K+ domains), role address identification, free provider classification, and composite risk scoring. Returns actionable intelligence without SMTP-level verification — avoiding port 25 blocks, greylisting, and rate limiting that plague SMTP probing approaches.
Don't worry if some of the words above are still unfamiliar — there's a plain-language glossary at the bottom of this page, and most of the terms link to their own beginner guides if you want to learn more.
What is actually happening when you call it
Here's what's actually happening behind the scenes when you call this endpoint:
Validates email syntax against the official internet standard, verifies MX record (Mail eXchanger record) existence via Cloudflare DoH (DNS over HTTPS), queries a 110K+ disposable domain database (partitioned by first letter for sub-millisecond lookups), detects 35+ role/generic address prefixes (info@, admin@, noreply@, etc.), identifies 25+ free email providers (Gmail, Yahoo, Outlook, ProtonMail, etc.), checks SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting and Conformance) record presence, evaluates domain age from WHOIS (who is) cache, and calculates a weighted composite risk score (0-100) with categorized risk levels (low/medium/high/critical).
If you're using an AI assistant through MCP, you don't need to understand any of the technical details — the assistant calls the tool and translates the result for you.
Why this specific tool matters
Let's skip the marketing fluff and answer the only question that actually matters: why should you, a real human with a real to-do list, care about the Email Validation tool? Here's the plain-English version, written the way you'd hear it from a friend who happens to do this for a living.
Email validation at the DNS (Domain Name System) level catches invalid, disposable, and high-risk addresses without the deliverability issues of SMTP verification. Essential for protecting signup forms from fake accounts, improving lead quality for sales teams, maintaining sender reputation by reducing bounce rates, and meeting Google/Yahoo/Microsoft bulk sender authentication requirements (2024-2025). Unlike SMTP VRFY (disabled by most servers) or RCPT TO probing (rate-limited and unreliable), DNS-level validation provides consistent, fast results at scale.
Picture this in real life. Imagine a product engineer. Here's the situation they're walking into: Validate email addresses at registration to reject disposable and invalid emails before creating accounts. Block throwaway addresses from services like Guerrilla Mail, Mailinator, and 110K+ known disposable domains. Without the right tool, that person would be stuck copy-pasting between five browser tabs, reading documentation written for engineers, and crossing their fingers that the answer they cobble together is correct. With the Email Validation tool, the same person gets a clear answer in seconds — no spreadsheets, no guessing, no waiting for someone on the infrastructure team to free up.
Three questions this tool answers in plain English. If any of these have ever crossed your mind, the Email Validation tool is built for you:
Will the emails I send actually reach the inbox, or are they going to spam?
Can someone else send phishing emails pretending to be my domain?
Have I set up the three rulebooks (SPF, DKIM, DMARC) that mailbox providers now require?
You can either click the tool and get the answer yourself, or ask your AI assistant — connected through MCP (Model Context Protocol) — to ask the question for you and translate the answer into something you can paste into Slack.
Who gets the most out of this. Small-business owners worried about deliverability, marketing managers onboarding a new email service, IT admins prepping for a security audit, and brand teams protecting against phishing. If you see yourself in that list, this is one of the EdgeDNS tools you should bookmark today.
What happens if you skip this entirely. Skip it and your real emails risk landing in the spam folder while scammers find it easier to impersonate your brand. That's why running this check — even once a month — is one of the cheapest forms of insurance you can give your domain.
Available on the developer plan. The technical details: `GET /v1/email/validate`.
When would I actually use this?
If you're still on the fence about whether the Email Validation tool belongs in your toolbox, this section is for you. Below you'll meet three real people — a product engineer, a marketing ops, a email marketer, and a security engineer — facing three real situations where this tool turns a stressful afternoon into a five-minute task. Read whichever story sounds closest to your week.
Story 1: Signup Form Validation
Imagine you're a product engineer. Validate email addresses at registration to reject disposable and invalid emails before creating accounts. Block throwaway addresses from services like Guerrilla Mail, Mailinator, and 110K+ known disposable domains.
Why it matters: Reduce fake signups by 60-80% and improve user quality metrics without friction for legitimate users.
Story 2: Lead Quality Scoring
Imagine you're a marketing ops. Score inbound leads based on email risk — flag disposable domains, role addresses (info@, sales@), and free providers to prioritize sales outreach on valid business emails with custom domains.
Why it matters: Focus sales effort on high-quality leads. Business email addresses convert 3-5x higher than free provider addresses.
Story 3: Email List Hygiene
Imagine you're an email marketer. Clean email lists before campaigns to remove disposable, role, and invalid addresses. Identify domains without MX records that will hard-bounce.
Why it matters: Improve deliverability and sender reputation. Keep bounce rates below the 2% threshold that triggers ESP penalties.
Story 4: Fraud Prevention
Imagine you're a security engineer. Score email addresses during account creation or transaction flows. Flag high-risk signals: disposable domains, newly registered domains (<7 days), missing SPF/DMARC, and role addresses.
Why it matters: Reduce account fraud by identifying throwaway and suspicious email patterns before they cause damage.
Common situations across teams. Beyond the three stories above, here are the everyday workplace moments when people across the company reach for the Email Validation tool — or one of the tools right next to it in this category. If any of these are on your calendar this month, that's your sign:
When setting up email on a brand-new domain.
After signing up for a new email-sending service (Mailchimp, SendGrid, HubSpot, etc.).
When a customer reports that your emails are landing in their spam folder.
Before a security audit, a SOC 2 review, or a major marketing campaign.
If you can see yourself in even one of those bullets, the Email Validation tool will pay for itself the first time you use it.
Still not sure? Here's the easiest test in the world. Open Claude, ChatGPT, Gemini, or any other AI assistant connected to the EdgeDNS MCP server and ask, in your own words: "Is the Email Validation tool useful for my job?" The assistant will look at the tool, ask you a couple of follow-up questions about what you're trying to accomplish, and give you a straight answer in plain English. No commitment, no signup forms, no jargon.
The easiest way: just ask your AI assistant
If you've connected the EdgeDNS MCP server to Claude, ChatGPT, Gemini, Cursor, or any other AI assistant, you don't need to write any code. Just ask in plain English:
"Use the Email Validation tool to check example.com and explain anything that looks wrong in plain language."
The AI will figure out which tool to call, fill in the right parameters, run it, and then explain the result back to you. No copy-pasting between tabs. No reading raw JSON. No memorizing endpoint names.
MCP (Model Context Protocol) access is free on every plan, including the free tier. One API key works for both REST and AI — you do not have to choose.
The technical way: call it from code
If you're a developer and want to call the endpoint from a script or your own application, here's the simplest possible example. Replace the placeholder API key with the real one from your dashboard.
# Replace edns_live_YOUR_KEY with your real API key from the dashboard
curl -H "Authorization: Bearer edns_live_YOUR_KEY" \
"https://api.edgedns.dev/v1/email/validate?email=user%40example.com"What you need to provide
There's just one piece of information you need to provide. The table below explains exactly what it is and what a real value looks like.
| Field | Type | Required? | What it means | Example |
|---|---|---|---|---|
string | Yes | The email address to validate | user@example.com |
What you get back
When you call this tool, you'll get back a JSON object with the fields below. If you're talking to it through an AI assistant, the assistant reads these for you and explains them in plain language — you don't need to memorize them.
| Field | Type | What you'll see in it |
|---|---|---|
string | The queried email address | |
is_valid_syntax | boolean | Whether email syntax is valid per the official internet standard |
domain_exists | boolean | Whether the email domain exists (via MX or A record (Address record) fallback per the official internet standard §5.1) |
mx_found | boolean | Whether MX records exist for the domain |
mx_records | array | MX record (Mail eXchanger record) hostnames for the email domain |
is_disposable | boolean | Whether domain is a known disposable email provider (110K+ domain database) |
is_role_address | boolean | Whether local part is a role/generic address (info@, admin@, noreply@, etc.) |
is_free_provider | boolean | Whether domain is a free email provider (Gmail, Yahoo, Outlook, ProtonMail, etc.) |
has_spf | boolean | Whether domain has an SPF (Sender Policy Framework) record (required by Google/Yahoo/Microsoft for bulk senders) |
has_dmarc | boolean | Whether domain has a DMARC (Domain-based Message Authentication, Reporting and Conformance) record (required by Google/Yahoo/Microsoft for bulk senders) |
domain_age_days | number | Domain age in days (from WHOIS (who is) cache). Domains <7 days old are high risk. |
risk_score | number | Risk score 0-100. Higher score = higher risk. |
risk_level | string | Risk level: low (0-20), medium (21-50), high (51-75), critical (76-100). |
Words you might be wondering about
If any words on this page felt like jargon, here's a plain-language version. Click any linked term to read a full beginner-friendly guide.
DNS (Domain Name System) — The internet's address book. When you type a website name, DNS turns it into the actual numeric address computers use to find each other.
MX record (Mail eXchanger record) — A DNS entry that tells the internet which servers handle email for your domain.
SPF (Sender Policy Framework) — A list, published in your DNS, of which servers are allowed to send email pretending to be you. Helps stop spammers from forging your address.
DMARC (Domain-based Message Authentication, Reporting and Conformance) — An email rulebook you publish in your DNS. It tells receiving servers what to do with email that fails SPF or DKIM checks — ignore it, send it to spam, or block it entirely.
DoH (DNS over HTTPS) — A modern way of sending DNS queries that hides them inside encrypted HTTPS traffic, so people on the same network can't see which websites you're looking up.
WHOIS (who is) — A public record that tells you who registered a domain name, when, and through which company. Modern WHOIS is now called RDAP but most people still say 'WHOIS'.
RFC (Request for Comments) — The official internet standards documents. When someone says 'RFC 8484' they mean a specific numbered standards document — in that case, the one defining DNS over HTTPS.
Need Programmatic Access?
Automate domain intelligence with 100+ API endpoints and a free MCP server for AI integration.