I've recently developed a simple email validation API as a side project and it got me thinking about the various approaches to validating emails. Some of the checks I've seen include verifying MX records, detecting disposable domains, checking for the existence of an SMTP mailbox, and flagging role-based addresses like admin@ or support@. I'm curious for those of you who work on signup systems or SaaS applications – what specific validations do you implement? Currently, my API checks for syntax, domain existence, and disposable domain detection, but I'm contemplating how far I should go with validation without compromising the speed of requests.
5 Answers
Where can I find a good list of disposable domains?
I faced a similar dilemma while designing a signup process. Initially, I thought a regex check was sufficient but there’s a real difference between valid formatting and actual deliverability. We keep it simple with syntax validation, an MX lookup, and blocking obvious disposable domains. This covers most issues without causing noticeable delays. SMTP checks can be unreliable since providers can throttle or fake the responses, so we mainly rely on the confirmation email for real validation. We just flag role-based emails instead of outright blocking them to accommodate legitimate users.
Thanks for sharing! I'm in the same boat with my API right now, and have implemented similar checks while keeping latency under 400 ms. I’m hesitant about SMTP verification due to its inconsistencies.
Why not just send an email and wait for users to click the magic link? If they don’t respond within 15 minutes, then that email isn't valid.
Start off with straightforward checks that catch the major issues: ensure the syntax follows RFC 5322 standards, check the domain's MX records with a DNS lookup, and maintain a list of disposable domains. It's also wise to filter out role-based addresses during signup as these rarely come from real users, which can affect deliverability. For improved accuracy, consider an asynchronous SMTP check, but make sure to cache those results as it can significantly reduce unnecessary lookups and keep latency low.
Great tip on the asynchronous probe! Just be cautious not to send too many requests at once to avoid getting blocked.
I usually leverage the built-in input type="email" validation and follow up with a confirmation email that has a magic link for users to click. It's the best way to validate someone's email for registration.
Absolutely! Verifying through an email is the only surefire way. And if you do a preliminary check for MX records, that can help reduce bounces.
True, but remember, some email addresses won’t have MX records like catch-all types, so it can be tricky.
You can check out GitHub; they keep a disposable domain list that updates frequently.