Verify an email in 10 seconds
The fastest way to verify any email address is the Mailsfinder Email Verifier. It runs syntax validation, MX lookup, and a live SMTP handshake in parallel. You paste, click, and read. No sign-up needed for the first verification.
Live Preview
Steps
- 1
Open the verifier
Go to mailsfinder.com/tools/email-verifier in any browser. No account required for your first 100 verifications.
- 2
Paste the email address
Drop the address into the input box exactly as written. The verifier accepts everything from alice@stripe.com to long aliases like first.last+newsletter@company.io.
- 3
Click Verify
The tool checks syntax against RFC 5322, looks up MX records for the domain, and opens an SMTP conversation with the receiving server. Total time: under 2 seconds.
- 4
Read the result
You see one of four statuses. Valid means safe to send. Invalid means do not send. Risky means catch-all or role-based, handle with care. Unknown means the server refused to confirm, retry later.
Why this works
No message is queued, no inbox is touched, and the receiving server treats the SMTP probe as a routine check. You get the same answer a bounce report would give you, in 2 seconds instead of 4 hours.
Reading the four statuses
The verifier returns one of four labels. Each one has a specific next action and you save hours by treating them differently instead of lumping them together as "good" or "bad".
Valid
Mailbox exists and accepts mail. Safe to add to your campaign. Bounce risk under 1 percent.
Invalid
Server returned 550 or the domain has no MX records. Do not send. Remove from list immediately.
Risky
Catch-all domain or role-based address (info@, sales@). Use the AI re-scoring step covered later before sending.
Unknown
Greylisted or rate-limited at the moment. Retry in 24 hours. Most resolve to Valid on the second check.
The free tool covers single addresses. If you find yourself pasting addresses one at a time more than ten times in a row, switch to bulk upload or the API. Both are covered below and both are faster than the manual loop, especially if your list comes from a scraped LinkedIn export, an event registration sheet, or a CRM dump.
How to verify an email without sending it
An SMTP handshake is the trick. Mail servers expose three commands that any verifier can use: HELO, MAIL FROM, and RCPT TO. The verifier opens a TCP connection to port 25, announces itself, declares a sender, then asks the server about the target mailbox. If the server returns 250 OK the mailbox exists. If it returns 550 the mailbox is invalid.
The verifier disconnects before sending DATA, so the actual message never reaches the inbox. The recipient sees nothing. The server logs a brief connection and that is it.
Three things can complicate this. First, some servers return 250 for every address (catch-all). Second, some block SMTP probes from unknown IPs (greylisting). Third, some use tarpitting to slow connections. A good verifier uses rotating IPs, retries, and fallback scoring to handle all three.
Want the long version with code? Read the companion piece on how to verify if an email is valid for a full breakdown of the protocol and the trade-offs between rolling your own check and using a managed verifier.
The three layers a real verifier checks
A consumer tool that only runs a regex check is not really verifying anything. A production-grade verifier runs three layers in order, stops on the first failure, and reports each layer separately so you can debug edge cases.
- L1.
Syntax (RFC 5322). Verifies the structure of the address itself: a local part, an @ sign, a domain with a TLD. Catches typos like "alice@stripe..com" or "alice stripe.com" instantly.
- L2.
DNS and MX lookup. Asks the public DNS for the domain's mail exchange records. No MX record means no mailbox can exist on that domain. Catches dead domains, typos in the TLD ("stripe.con"), and parked domains.
- L3.
SMTP handshake. Opens a connection to the highest priority MX server on port 25, identifies itself with HELO, then asks "is mailbox X here?" via RCPT TO. The 250 or 550 response is the answer.
Layers 1 and 2 are free to run and take milliseconds. Layer 3 is what costs money (server-side IPs, retries, rate limit handling) and is also what catches everything regex misses. Skipping it means flying blind.
Verifying in bulk (CSV upload)
A list of 500 prospects? A scraped LinkedIn export? An old CRM dump? Use bulk verification. The flow is the same regardless of size.
Steps
- 1
Format your CSV
One email per row, header row optional. The Bulk Email Verifier accepts files up to 1 million rows. Strip duplicates first to save credits.
- 2
Open the bulk tool
Go to mailsfinder.com/tools/bulk-email-verifier and drag your CSV into the upload zone.
- 3
Map the email column
If your CSV has multiple columns, pick the one that holds the addresses. The tool ignores all other columns and preserves them in the export.
- 4
Start the job
Mailsfinder processes the list in parallel batches. Expect 1,000 emails in 2 to 5 minutes, 10,000 in 15 to 30 minutes, 100,000 in roughly 2 hours.
- 5
Download the result
Export a CSV with the original columns plus status, score, and reason code. Filter Valid only before importing into your sending platform.
1,000 emails
2-5 min
10,000 emails
15-30 min
100,000 emails
2 hours
For lists above 1 million rows, split into chunks or use the verification API endpoint with a job queue. The API supports both single and batch modes, and the queue endpoint streams results back via webhook so you do not need to poll.
Before you upload: clean the list
Two minutes of CSV hygiene saves credits and improves accuracy. Run these four steps before you drag the file into any bulk verifier:
- 1.
Deduplicate on the email column. A surprising number of scraped lists carry the same address 3 to 5 times.
- 2.
Trim whitespace and lowercase the addresses. "Alice@Stripe.com " and "alice@stripe.com" verify the same way, but some platforms treat them as separate rows.
- 3.
Remove obviously broken rows: empty cells, rows with two @ signs, rows containing commas inside the address.
- 4.
Save as UTF-8 CSV. Excel sometimes writes Windows-1252, which trips up servers that expect international domains.
Bulk verification is also where most teams discover the difference between a list with 5,000 contacts and a list with 5,000 sendable contacts. Expect 10 to 25 percent of any scraped list to come back Invalid, and another 5 to 15 percent to come back Risky. The remaining 60 to 85 percent is your real pipeline.
Verifying via Google Workspace (Mail app)
Gmail does not expose a Verify button. But you can use the bounce response from a low-risk test send to confirm whether a mailbox exists. This is manual, slow, and risky at scale, so use it only for one or two addresses when you have no other option.
Steps
- 1
Compose a short message
Open Gmail, click Compose, address it to the target email. Subject line: a neutral phrase like "Quick question." Body: one sentence ("Following up.").
- 2
Send and wait
Hit Send. A hard bounce arrives within 30 to 90 seconds. A soft bounce or no response can take up to 72 hours.
- 3
Read the bounce
Look for the error code in the bounce email. "550 5.1.1 The email account that you tried to reach does not exist" confirms the mailbox is invalid. A delivery means the mailbox accepted the message (which is not the same as a human reading it).
Why this is risky at scale
Every bounce hurts your sender reputation. A few bounces per month is fine. A few hundred will drop your inbox placement across all future campaigns. Use a verifier above 10 manual checks per week.
Verifying via Outlook
Outlook offers a slightly cleaner path because of the auto-complete checker in the To field. When you type an address in the new Outlook (Microsoft 365), the client queries the directory if both accounts are on the same tenant. For external addresses, the same bounce trick used with Gmail applies.
Steps
- 1
Internal addresses: use Check Names
In the desktop Outlook client, paste the address into the To field and press Ctrl+K (Cmd+K on Mac). If the directory finds the name, it auto-completes. If not, the address is not on your tenant.
- 2
External addresses: send and read the bounce
For anything outside your tenant, send a short low-risk message and read the bounce response. Outlook shows the NDR (non-delivery report) inline with the original message.
- 3
Decode the NDR
"5.1.10 RESOLVER.ADR.RecipientNotFound" confirms the mailbox does not exist. "5.4.1 Relay Access Denied" usually means a misconfigured forwarding rule, not an invalid address.
Same warning as Gmail: this scales to maybe 5 manual checks per week before sender reputation starts drifting.
Verifying programmatically (API + cURL)
For product flows (signup forms, CRM webhooks, in-app verification), the Mailsfinder API gives you a single endpoint that returns JSON in under 300 ms.
The cURL call
# Verify a single email address curl -X POST https://api.mailsfinder.com/v1/verify \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"email": "alice@stripe.com"}'
The response
{
"email": "alice@stripe.com",
"status": "valid",
"score": 98,
"checks": {
"syntax": "pass",
"mx_record": "pass",
"smtp": "250_ok",
"catch_all": false,
"disposable": false,
"role_based": false
},
"reason": "mailbox_exists"
}
Use the status field for branching logic. valid means safe to enroll, invalid means block the submission, risky means accept with a soft flag, unknown means retry async.
Full reference, including batch endpoints and webhook callbacks, lives in the API documentation.
When to call the API in your product
Three product moments give you the most leverage. Wire the API into one or all three depending on the friction tolerance of your funnel:
- login
Signup form. Call
/verifyon blur of the email field. Reject Invalid before account creation. Cuts fake signups by 60 to 80 percent on average. - person_add
CRM webhook. Verify every new lead the moment it lands in your CRM. Tag Risky and Invalid so your sales reps do not waste cycles on dead addresses.
- campaign
Pre-send pass. Run a final verification batch the morning of any large send. Catches the addresses that decayed between your last verification and now.
Rate limits sit at 100 requests per second on the standard plan. For sustained higher volume, switch to the batch endpoint, which accepts up to 1,000 emails per request and returns a job ID for async retrieval.
What to do if email comes back Risky or Catch-all
A Risky result is not a failure. It is the verifier flagging that the receiving server accepts mail for every address, so SMTP cannot confirm the specific mailbox. Common on Google Workspace and Microsoft 365 domains configured with default catch-all rules. Here is the playbook.
Option 1: Send carefully to one segment first
Send to a sample of 50 catch-all addresses from a warmed-up secondary domain. Wait 48 hours. If bounce rate is under 5 percent, the catch-all is real (mailboxes exist) and you can send the full segment.
Option 2: Use AI re-scoring
Mailsfinder runs an AI second pass on catch-all addresses, scoring them 0 to 100 based on pattern matching, social signals, and historical data. Anything above 75 is safe to send. Below 50, drop the address.
Option 3: Cross-reference a second source
If the address appears on a recent LinkedIn profile, a corporate site, or a published author byline, that is strong supporting evidence the mailbox is real. Combine with the AI score for a confident decision.
Frequently asked questions
Can I verify an email without sending one? expand_more
Yes. Modern verifiers run an SMTP handshake that asks the receiving mail server whether the mailbox exists, then disconnects before any real message is queued. The recipient never sees an email and you get a Valid, Invalid, Risky, or Unknown result in under a second. This is the standard approach used by tools like Mailsfinder, ZeroBounce, and NeverBounce.
How accurate is SMTP verification? expand_more
Top tools land between 95 and 99 percent accuracy on real-world lists. Mailsfinder publishes a sub 1 percent bounce rate using dual-layer SMTP verification, and ZeroBounce advertises a 99.6 percent guarantee. Accuracy drops on catch-all domains, where SMTP cannot confirm a specific mailbox, which is why good tools flag those separately.
How long does it take to verify an email? expand_more
A single email takes under 2 seconds through a real-time tool or API. Bulk lists vary by size: 1,000 emails finish in 2 to 5 minutes, 10,000 in 15 to 30 minutes, and 100,000 in roughly 1 to 3 hours depending on the verifier and how many catch-all domains sit on the list.
Is verifying emails legal and GDPR compliant? expand_more
Email verification is legal in the US, UK, EU, and most major markets. SMTP checks do not store message content and do not contact the recipient, which keeps them outside the scope of marketing consent rules. GDPR still applies to how you collected the email and how you store the verification result, so use a verifier with a documented data retention policy and a signed DPA.
What is the best free tool to verify an email address? expand_more
Free options worth a look: Mailsfinder gives 100 free credits daily forever with full SMTP plus catch-all detection, Reoon offers 600 free verifications per month, and ZeroBounce includes 100 free monthly. For one-off lookups any of these are enough. For ongoing work above 1,000 emails per month, a paid tier on the same tools costs $0.0015 to $0.01 per email.
Can Gmail or Google Workspace verify emails for me? expand_more
Gmail itself does not expose a Verify button, but you can use the Mail app to send a low-risk test message and read the bounce response. Hard bounces (550 5.1.1) confirm the mailbox is invalid. This works for one or two addresses but is unsafe at scale because every bounce hurts your sender reputation. Use a verifier for anything beyond a handful of checks.
Can I verify emails in bulk? expand_more
Yes. Upload a CSV with one address per row to the Mailsfinder Bulk Email Verifier and the tool processes the list in parallel, exporting a results file with status, score, and reason codes. For programmatic workflows, the verification API accepts a single email or a batch and returns JSON. Most teams run bulk verification on imported lists and run the API in real time at form submission.