Updated Jul 12, 2026
TL;DR: Verifying an email address before sending means running four checks: syntax against the RFC format, a DNS MX lookup, an SMTP RCPT TO probe to the live mailbox, and risk flags for disposable, role-based, and catch-all domains. Read each verdict, remove invalids, and hold unknowns. The goal is bounces under 2%.
Every cold email you send to a dead address is a small vote against your sender reputation. Mailbox providers watch your bounce pattern closely, and a list full of typos and abandoned accounts reads exactly like a scraped, low-quality list, which is precisely what filters are built to catch.
The fix isn't complicated, but it has moving parts. Verifying an email address before sending is not one check. It's a short chain of them, each ruling out a different way an address can be bad: malformed text, a domain that can't receive mail, a mailbox that doesn't exist, or an address that's technically deliverable but risky to touch. This guide walks the full chain, step by step, and shows you how to read every verdict it produces.
Key Takeaways
- Verification runs in layers: syntax, then domain/MX, then a live SMTP probe, then risk flags. Each layer is cheaper and faster than the one after it, so order matters.
- The SMTP RCPT TO probe is the only check that asks the real mail server whether a specific mailbox exists. In RFC 5321, a
250reply means accepted and a550means no such user. - Catch-all domains accept every address, so SMTP can't confirm a single mailbox on them. They get their own verdict, not a clean "valid."
- Greylisting and disabled probes produce "unknown" results that aren't failures. Retry them; don't delete them and don't blast them.
- Verification is one step in list hygiene, not the whole job. Pair it with list cleaning and ongoing bounce monitoring.
Why verify email addresses before sending?
Because the cost of a bad address is paid in reputation, not just in one undelivered message.
When you send to an address that no longer exists, the receiving server returns a hard bounce. A few of those are normal. A pattern of them tells Gmail, Outlook, and Yahoo that you're mailing a list you didn't vet, and that signal feeds directly into how aggressively they filter your future sends. Google's own sender guidance tells senders to "automatically unsubscribe recipients who have multiple bounced messages," which only works if you're tracking and acting on bounces in the first place.
There's a second, quieter risk: spam traps. Recycled traps are old addresses that providers reactivate specifically to catch senders mailing stale lists. You can't tell a trap from a real mailbox by looking at it, but verification removes a big share of the dead and malformed addresses that traps tend to hide among. We cover the trap mechanics in depth in our guide to email spam traps.
Most teams target a bounce rate under 2%, and treat anything above that as a reason to pause and clean before sending more. Pre-send verification is how you hold that line. It's also why verification belongs on every deliverability audit and inside the list cleaning checklist you run before a campaign goes live.
How to verify email addresses before sending: the four-step process
The whole email verification process is a funnel. Each stage discards a class of bad addresses, and they're ordered from cheapest to most expensive so you never run an SMTP probe against an address that failed a free syntax check.
Step | What it checks | Cost / speed | Catches |
|---|---|---|---|
1. Syntax | Address matches the valid format | Instant, free | Typos, malformed strings |
2. Domain + MX | Domain exists and can receive mail | Fast DNS lookup | Dead domains, misspelled domains |
3. SMTP probe | The specific mailbox accepts mail | Slower, network round-trip | Nonexistent mailboxes |
4. Risk flags | Disposable, role-based, catch-all | Lookup + logic | Risky-but-deliverable addresses |
Run them in this order on every address. An address has to clear all four to count as safe to send. The sections below break down each step and the exact signals it returns.
Step 1: Validate the syntax
Syntax validation answers the simplest question: is this even shaped like an email address? It's a local check, no network needed, and it knocks out the obvious junk before you spend a single DNS query on it.
A valid address has a local part, an @, and a domain ([email protected]). The internet mail standard, RFC 5321, defines what a legal address looks like, including length limits: the local part is capped at 64 characters and the full path has practical limits the spec spells out. Real-world validators apply a slightly stricter, more pragmatic pattern than the full standard allows, because the standard technically permits oddities (quoted strings, comments) that almost no real mailbox uses.
What syntax checking reliably catches:
- Missing or doubled
@signs (johnexample.com,john@@example.com) - Illegal characters and stray spaces (
john [email protected]) - Empty local parts or domains (
@example.com,john@) - Obvious malformed domains (
john@example, no TLD)
What it can't catch: a perfectly formatted address that doesn't exist. [email protected] passes syntax cleanly. That's the whole reason the next three steps exist. Treat syntax as a filter for garbage, not proof of a real person.
Step 2: Look up the domain and its MX records
Before any mailbox can receive your email, its domain has to advertise where mail should go. That's the job of an MX (Mail Exchange) record in DNS. Step 2 looks it up.
A domain with no MX record can't receive email, full stop. So the verifier queries DNS for the domain's MX records and reads the result. If MX records exist, the domain has a mail server responsible for it and the address moves to the SMTP probe. If there are no MX records (and no usable A-record fallback), the address is undeliverable and you can mark it invalid without going further.
This step quietly catches two common failure modes:
- Dead domains. A company folded, let the domain lapse, and DNS no longer points anywhere. The address was real once. It isn't now.
- Misspelled domains.
[email protected]and[email protected]pass syntax but resolve to either nothing or a typo-squatting domain that isn't the prospect's real provider.
MX lookup is fast and cheap, which is why it runs before the SMTP probe. There's no reason to open a connection to a mail server that doesn't exist. One nuance worth knowing: a domain returning valid MX records proves the domain can receive mail, not that your specific recipient has a mailbox there. Step 3 settles that.
Step 3: Run the SMTP verification check
This is the step that actually asks the recipient's mail server whether the mailbox exists. The SMTP verification check is the most accurate single signal you can get without sending a real message, because it talks to the live, authoritative server.
Here's the mechanics. The verifier connects to the mail server it found in Step 2, then walks through the opening moves of a normal SMTP conversation defined in RFC 5321: it identifies itself with EHLO (or HELO), declares a sender with MAIL FROM, and then issues RCPT TO with the address you're testing. The RCPT TO command names a single recipient, and the server replies with a numeric status code for that recipient. Then the verifier disconnects before any DATA is sent, so no email is ever delivered. It's a knock on the door, not a visit.
The server's reply code is the answer. These are the ones that matter, straight from the RFC's reply-code list:
Reply code | Meaning (RFC 5321) | How to read it |
|---|---|---|
| Requested mail action okay, completed | Mailbox accepted (valid, unless the domain is catch-all) |
| User not local, will forward / cannot verify but will accept | Ambiguous; treat as unknown, not confirmed |
| Service not available, closing channel | Server throttling or greylisting; unknown, retry |
| Temporary failure (mailbox busy, local error, low storage) | Unknown, retry later |
| Requested action not taken: mailbox unavailable | Invalid (no such user); remove |
| User not local / mailbox name not allowed | Invalid or blocked; remove |
A 250 against a real address is the green light. A 550 is the clearest "this mailbox does not exist" you'll ever get. The 4xx family is the tricky middle: those are temporary, not permanent, and a verifier that treats a 450 or 421 as "invalid" will throw away good addresses. More on that failure mode below.
One more wrinkle that trips up DIY verification: the old VRFY command. SMTP technically has a command built for exactly this, but RFC 5321 lets server operators disable it for security, and most do, because attackers used it to enumerate valid usernames. A server with VRFY turned off returns a 252 rather than a real answer. That's why serious verification leans on RCPT TO, not VRFY. The RFC itself notes that RCPT can often obtain the same address-validity information VRFY would have.
Step 4: Flag risky addresses
An address can be perfectly deliverable and still be a bad idea to email. Step 4 is about risk, not existence, and it sorts the survivors of Step 3 into "safe" and "handle with care."
Catch-all (accept-all) domains. Some domains are configured so the mail server returns 250 for every address, real or not. Mailbox-level verification is impossible on these by SMTP alone, because the server says yes to everything. The standard detection trick: right after the 250 on your real address, the verifier issues a second RCPT TO for a random, high-entropy string that can't possibly be a real mailbox, like [email protected]. If that also returns 250, the domain accepts anything, and your real address gets flagged accept-all rather than valid. These need their own handling strategy, which we cover in the catch-all email guide.
Role-based addresses. Mailboxes like info@, sales@, support@, and admin@ are shared functional inboxes, not a single person. RFC 2142 actually standardizes many of these names, and info is often wired to an autoresponder rather than a human. They're real and deliverable, but they draw more spam complaints and rarely reach a decision-maker. Most senders segment them out of cold outreach.
Disposable / temporary domains. Some addresses use throwaway domains designed to self-destruct after a short window. They verify fine today and vanish tomorrow. If someone handed you a disposable address, they didn't want your email. Flag and suppress.
Risk flagging doesn't always mean delete. It means you decide deliberately: suppress role accounts from cold sequences, hold catch-alls for a more cautious approach, drop disposables entirely. The point is that a clean 250 is necessary but not sufficient.
How to read each verdict and validate email deliverability before sending
Stack all four steps together and every address lands in one of five buckets. To validate email deliverability before sending, you act on the bucket, not on a gut feeling. Here's the full verdict map and what to do with each.
Verdict | What produced it | Action before sending |
|---|---|---|
Valid (deliverable) | MX present, SMTP | Safe to send |
Invalid (undeliverable) | No MX, or | Remove from the list |
Catch-all (accept-all) |
| Hold or send cautiously; see catch-all guide |
Unknown | Greylisting, | Retry; never bulk-send to repeated unknowns |
Risky | Disposable domain, role-based mailbox, or known complainer | Segment out or suppress |
A few rules of thumb that keep you out of trouble:
- Treat "unknown" as a wait, not a verdict. It means the server wouldn't give a straight answer this time. Re-run it later. If it stays unknown after several attempts across hours, exclude it from your first send rather than gamble.
- Never count a catch-all
250as a confirmed mailbox. It tells you the domain is reachable, nothing about the person. - Keep your invalids. Don't just delete them, log them. A suppression list stops the same dead address from sneaking back in on your next import.
If you want the deliverability angle on what these verdicts mean for your numbers, our breakdown of hard bounce vs soft bounce maps the invalid and unknown verdicts to the bounce types you'll see after you send.
Why SMTP verification isn't perfect
Verification gets sold as a yes/no oracle. It isn't. The honest version: it's very good at finding clearly dead addresses and pretty good at confirming clearly live ones, with a gray zone in between that no tool can fully resolve. Knowing the limits keeps you from over-trusting the output.
Greylisting. Many servers deliberately give an unknown sender a temporary 4xx rejection on first contact, expecting a legitimate sender to retry shortly. A naive verifier reads that one-shot temporary failure as "can't confirm" and marks the address unknown, even though the mailbox is fine. Greylisting is common enough that it produces a meaningful share of false-unknown results on cold runs. The fix is patient retrying, not deletion.
Disabled probes and blocks. Some providers, large ones included, throttle or block the connection patterns verifiers use, or return deliberately vague codes. The server isn't lying about the mailbox; it's just refusing to play the guessing game. You get an unknown, and that's the most honest answer available.
Catch-alls, as covered. A whole class of domains where SMTP simply can't see individual mailboxes.
The practical takeaway: chase a clean list, not a perfect one. Verification should sharply cut your invalid-address rate and your bounces, but a residual slice of unknowns is normal and not a sign the tool failed. If you'd like the metric-level view of where bounces sit among the cold email KPIs that matter, that guide puts verification results in the context of your overall numbers.
Where verification fits in your workflow
Verification is one stage, not the strategy. Done right, it sits at two points in your sending flow.
At import. Verify every address the moment it enters your system, whether it came from a CSV, a form, or a discovery tool. MailBeast verifies addresses on import so dead and malformed entries get flagged before they ever reach a campaign. Catching them here is far cheaper than catching them after a send torches your bounce rate. If you're building lists from scratch, our guide to a high-quality B2B lead list covers sourcing addresses that verify cleanly in the first place.
Before each campaign. Lists decay. People change jobs, companies fold, mailboxes get deactivated. An address that verified three months ago may be dead today, so re-verify before a campaign that's been sitting, especially older segments. This is one line item on the broader list cleaning checklist, which also covers suppression, deduplication, and engagement-based pruning.
And verification only reduces bounces. It doesn't fix the other causes, so if your bounce rate is high despite clean verification, work through the tactics in how to reduce email bounce rate and check your numbers against the bounce-rate benchmarks by provider. A verified list that still bounces usually points at an authentication or reputation problem upstream, not a list problem.
Common questions
Does verifying an email send a message to the recipient?
No. A proper SMTP verification check connects to the mail server and stops at the RCPT TO step, reading the server's reply code, then disconnects before any message body (DATA) is transmitted. The recipient sees nothing. It's a protocol-level question to the server, not an email.
Can you verify an email address 100% reliably?
Not always. Clearly invalid addresses (550, no MX) and clearly valid ones (250 with a rejected random test) are reliable. Catch-all domains, greylisting, and provider blocks create an "unknown" middle ground where SMTP can't give a definitive answer. The goal is a low invalid rate and a known unknown rate, not a flawless one.
What's a catch-all email and why can't it be verified?
A catch-all domain is configured to accept mail for any address, so its server returns 250 for every mailbox you test, real or not. That makes per-mailbox SMTP verification impossible: the server says yes to everything. These get flagged accept-all and need a separate strategy, covered in our catch-all guide.
How is verification different from warming up or authenticating?
They solve different problems. Verification cleans who you send to. Authentication (SPF, DKIM, DMARC) proves that you are who you claim to be, and warmup builds the sending reputation that gets you into the inbox. You need all three. Verification alone won't rescue a list sent from an unauthenticated, cold domain. Start with how to avoid spam filters for the bigger picture.
Should I delete addresses that come back "unknown"?
No. Unknown usually means greylisting or a temporary block, not a dead mailbox. Retry across a few hours. If it stays unknown, hold it out of your first send rather than deleting it outright, then revisit later. Deleting unknowns throws away good addresses.



