Email Verification: A Complete Guide for Senders
You upload a list, press send, and watch the bounce numbers climb on the dashboard. By the time the campaign finishes, the damage is already done: hundreds of invalid addresses have told Gmail and Outlook that you do not know what is on your list, your sender reputation has taken a hit, and tomorrow's send will quietly lose ground in the inbox. Nearly every one of those bounces was preventable.
Email verification is the technical check that tells you which addresses on your list actually exist, which ones accept mail, and which ones will send your whole campaign into the spam folder. It runs without ever delivering a message, and it is one of the few things you can do in an afternoon that pays back across every future send.
This guide covers what email verification actually is, how the three-layer check works under the hood, how to read hard and soft bounce codes, what the different address categories mean, how real-time verification differs from bulk list cleaning, how to choose a provider, what the leading UK (United Kingdom) -accessible services cost, and how often to run the process on an active list. It finishes with nine of the questions people ask most often on Google.
What email verification actually is
Email verification is the technical process of confirming that an email address exists, belongs to an active mailbox and will accept mail, all without sending an actual message to it. Some people use the phrase email validation or email address validator to mean the same thing, and an email checker is simply the consumer-facing name for the same underlying tool. The words differ, the job is identical: protect your reputation by removing addresses that cannot or will not receive mail.
You can run email verification in two shapes. A single-address check, the kind you would do at the point of capture on a signup form, verifies one address in a fraction of a second through an API (Application Programming Interface) call. A bulk email verification pass runs over an entire list of ten thousand or a million contacts, usually as an upload to a cleaning service, and returns a cleaned file with every address labelled.
There is one distinction worth drawing before going further, because the two things are often confused. Email verification is not the same as account verification. Account verification is the activation link a new user clicks after signing up to prove they own the address. It is user-facing and happens once. Email verification runs on the sender's side in the background, and it answers a different question: "is this address safe to mail in the first place?"
The reason any of this matters is the way mailbox providers score senders. Gmail, Outlook, Yahoo and Apple Mail all watch your bounce rate as one of the strongest signals that a list is maintained. EmailListVerify's 2025 Global Benchmark found that around one in four addresses on a typical marketing list is invalid, inactive or high-risk. That is not an edge case. That is the default state of a list that has never been cleaned, and every send against it widens the gap between what the dashboard shows and what really reaches a human.
Why unchecked lists quietly kill revenue
The cost of skipping email verification is rarely a single dramatic failure. It is a slow drag on three things at once.
The first drag is on deliverability. When a campaign crosses the informal 5% hard-bounce line, mailbox providers treat it as a signal that the list is unmaintained and start pushing subsequent campaigns towards the promotions tab or the spam folder. Nothing in the dashboard screams that this has happened. Open rates simply soften by 3-5 percentage points, and recovery takes far longer than prevention.
The second drag is financial. Most email platforms price by volume. If you pay £180 a month for a 20,000-contact plan and 22% of those addresses are invalid, you are effectively paying £39 a month to mail people who do not exist. A one-off email verification pass on the same list typically costs £40-80 depending on the provider, which is recovered in a single billing cycle and then continues paying off for the next twelve months.
The third drag is on every metric you read. Open rates, click rates, conversion rates and revenue per recipient all use the sent number as the denominator. When a quarter of that denominator is invalid, every number you report is artificially low, and every decision you make from those numbers is biased. A subject line test that looks inconclusive against a dirty list often looks decisive once the list is clean.
There is also a modest UK data-protection angle. Article 5(1)(d) of the UK GDPR (General Data Protection Regulation) expects personal data to be accurate and, where necessary, kept up to date. An invalid email address held against a contact record is, in practice, inaccurate personal data, and running periodic email verification is one of the cleanest ways to show you act on that duty without turning the email programme into a legal exercise. The opt-in and permission-based email guide covers the wider UK consent rules in detail; verification itself is the technical housekeeping that supports them.
How email verification works
A modern email verification service runs every address through three core checks, plus a handful of risk signals stacked on top. None of these checks involves delivering a real message, which is why email verification is safe to run on lists of any size without triggering the very bounces it is designed to prevent.
Syntax and format check
The first layer looks at the shape of the address. A valid address follows the pattern user@domain.tld. Missing @ symbols, whitespace, forbidden characters, malformed top-level domains and obvious typos fall out here: info@gmal.con, sarah@yaho.co.uk, contact@companycom. A good checker also handles internationalised addresses and Unicode domains, which most homegrown regular expressions quietly fail on.
Syntax checks are fast and cheap and they catch data-entry mistakes. What they cannot do is tell you whether the mailbox behind a well-formed address actually exists. ghost@marks-and-spencer.co.uk passes syntax effortlessly, and it still does not exist.
Domain and MX (Mail Exchange) record check
The second layer asks whether the domain is capable of receiving mail at all. It uses DNS (Domain Name System), the public directory that maps domain names to servers, to look up the MX record. The MX record is the pointer that tells the rest of the internet which server is responsible for accepting mail on that domain. If the MX record is missing, the domain is retired, or the hosting has lapsed, no message you ever send will land.
This is the layer that catches the silent casualties of corporate life: a company that shut down two years ago, a subsidiary that was rebranded, a freelancer who changed domains. The website might still redirect somewhere vaguely plausible, but the mail server is gone and every address tied to that domain is now unreachable. A bulk pass surfaces these in seconds.
SMTP mailbox probe
The third layer is where real email verification differs from simple format validation. It opens a connection directly to the receiving mail server using SMTP (Simple Mail Transfer Protocol), and asks, in effect, "would you accept a message for this address?", then stops before any message is delivered. The server replies with a status code, and the email verification tool reads it.
There is one awkward edge case at this layer. Some mail servers are configured as catch-all: they accept anything sent to their domain regardless of whether the specific mailbox exists, then sort it out internally. An SMTP probe against a catch-all server returns a positive response even for dead addresses. Responsible verifiers flag catch-all addresses as a separate category rather than calling them valid, because sending to them carries real risk while pruning them all also removes legitimate contacts.
A modern email verification service stacks extra checks on top of these three core layers: spam trap detection against proprietary honeypot databases, disposable address filtering (yopmail.com, 10minutemail.com, mailinator.com), role-based flags (info@, sales@, support@), free-provider detection, greylist handling and geographic signals. The more checks an email verifier runs, the more confident and the more nuanced its verdict becomes.
Hard bounces and soft bounces: reading the codes
To make sense of what an email verification pass returns you need the bounce vocabulary. A bounce is an email that could not be delivered. There are two types, and the difference between them is the difference between a permanent removal and a retry. The longer explanation sits in our guide to hard and soft bounces; the short version is below.
Hard bounce codes
A hard bounce is a permanent failure. The mailbox does not exist, the domain does not accept mail, or the server has rejected the address outright. Hard bounces never recover on their own, and the address has to come off the list immediately.
| Code | Meaning | Why it fires |
|---|---|---|
| 550 | Unknown user | Mailbox does not exist or has been deleted |
| 551 | User-defined rejection | Spam, fraud or policy rejection by the server |
| 552 | Mailbox full (permanent) | Mailbox is permanently over quota, account abandoned |
| 553 | Invalid mailbox name | Address format rejected at the server |
| 554 | Domain refuses mail | Whole domain has blocked incoming messages |
The industry-accepted hard-bounce ceiling for a single send is around 5%. Cross that line and mailbox providers start treating the list as unmaintained, which begins the reputation slide that is far harder to stop than it would have been to prevent. This is exactly the number an upfront email verification pass exists to protect.
Soft bounce codes
A soft bounce is a temporary failure. The server was momentarily busy, the mailbox was briefly over quota, the domain was under maintenance. The same address usually accepts mail on a retry once the underlying condition clears.
| Code | Meaning | Why it fires |
|---|---|---|
| 421 | Service unavailable | Server temporarily refusing connections |
| 422 | Mailbox full (temporary) | Recipient quota exceeded, clears on its own |
| 450 | Mailbox unavailable | Mailbox temporarily locked or inaccessible |
| 451 | Local error | Server-side error, try again later |
| 452 | Insufficient storage | Server out of disk space, usually short-term |
A single soft bounce is not a reason to remove a contact. But an address that produces soft bounces on three or four consecutive campaigns has shifted from temporary to durable, and a good sending platform suppresses it automatically after a configured number of attempts. The underlying rule is the same: protect the reputation now, not after the damage shows up.
The address types an email verification pass returns
A bulk email verification pass slots every address on your list into one of a handful of categories, and each category calls for a different treatment.
| Type | Meaning | Recommended action |
|---|---|---|
| Valid | Mailbox is live and will accept mail | Safe to send |
| Invalid | Mailbox does not exist or format is broken | Suppress permanently |
| Catch-all | Server accepts everything; real status unknown | Send carefully, monitor bounces |
| Disposable | Throwaway address from a temporary-inbox service | Remove, no long-term value |
| Role-based | Shared inbox (info@, sales@, support@) | Send cautiously, expect low engagement |
| Spam trap | Honeypot address used by providers to catch senders | Remove immediately, one send can damage reputation |
| Free provider | Gmail, Yahoo, Outlook, Hotmail addresses | Valid but watch engagement closely |
| Unknown | Server did not respond or result was inconclusive | Hold back, test in small batches |
The working rule is straightforward. Send to valid. Suppress invalid and spam trap immediately. Treat everything in between as a greyscale where caution replaces confidence.
Spam traps deserve a longer note because they do more damage than their tiny share of the list suggests. There are two kinds.
A pristine trap is an address that has never belonged to a real person. Mailbox providers and anti-spam groups seed these on the open web specifically to catch senders who harvest addresses from scraping or purchase bought lists. Hitting a pristine trap is a near-certain signal that the sender did not collect the address with consent.
A recycled trap is an address that was once a real person's mailbox, was abandoned, and has since been repurposed as a trap. Providers wait months before converting it, which is why recycled traps mostly appear on lists that have not been cleaned in a long time. Hitting a recycled trap is the industry's way of saying the list is decaying and nobody is maintaining it.
Both kinds send the same blunt signal to mailbox providers: this sender is either harvesting data or neglecting their list. Good email verification providers maintain proprietary databases of known traps and flag them on your list before you have a chance to hit one. A single trap hit can land you on a blocklist, and blocklists are substantially harder to get off than to avoid.
Role-based addresses sit in a softer grey zone. info@, sales@ and support@ rarely belong to a single subscriber who consciously opted in, and they usually route to a shared inbox where a marketing message is as likely to be ignored as read. Sending to role-based addresses drags engagement metrics down without the upside of a personal send, which is why most B2B senders suppress them from marketing campaigns while keeping them for transactional messages.
Real-time email verification vs bulk list cleaning
There is a second split that matters as much as the one between valid and invalid: how email verification is applied.
Bulk email verification is a one-off or scheduled pass over an existing list. You export the list as a CSV (Comma-Separated Values) file, upload it to an email verification service, wait between minutes and a few hours depending on list size, and re-import the cleaned version. It is the right tool for legacy databases, freshly imported lists from a CRM (Customer Relationship Management) system, lists that came across from a merger, and any list that has sat untouched long enough for decay to set in.
Real-time email verification runs at the moment an address enters the database. An API call sits behind your signup form, and the moment someone types an address and submits, the form asks the service in the background whether the address is valid. Invalid formats, disposable providers and known-bad domains bounce off the form before they ever reach your ESP (Email Service Provider). The user sees an inline message, corrects the typo and resubmits; everything else proceeds normally.
Real-time email verification is the most effective kind of list hygiene because bad data never becomes part of the list at all. You do not need aggressive periodic cleaning to undo collection failures you could have caught on the way in. It is also the only layer that catches typos while they are still fresh in the user's mind: someone who mistyped grnail.com at 11pm last Thursday will not remember the mistake when you email them three months later.
Most well-run senders use both approaches together. Real-time on the signup form keeps the list clean going forward. A quarterly or half-yearly bulk pass catches what decays after collection: people who change jobs, companies that retire their domains, mailboxes that go permanently over quota. The two layers together cost less than relying on either alone, and they produce a list that stays clean instead of swinging between dirty and cleaned-once.
One UX (User Experience) point matters on the real-time side. A verifier that blocks too aggressively, for example by rejecting every catch-all domain it sees, will also reject legitimate signups and annoy real customers. The right configuration rejects obvious syntax errors and known disposable providers at the form, and lets the grey zones pass through for the bulk pass to review later with more context.
How to choose an email verification service
Every email verification service you will read about in a Google search for email checker, email verifier, email list cleaning or email validator does roughly the same thing underneath: syntax, DNS, MX, SMTP, trap database, disposable list. The differences that actually matter for email verification accuracy are elsewhere.
What a good provider actually does
A proper email verification service should clear the following bar before you send it a list.
- Accuracy published with confidence. Serious providers state accuracy rates backed by a public methodology, usually in the 95-99% range for valid/invalid calls. Anything under 95%, or any provider that will not describe how they test, should raise an eyebrow.
- Distinct catch-all handling. The tool should separate catch-all results from valid rather than lumping them in. If catch-all is not a distinct label in the output, the service is hiding risk from you.
- Known spam-trap database. Trap detection is what keeps you off the worst blocklists, and it only works if the provider has been running trap collection for years. Ask how long the database has existed and how often it is refreshed.
- API plus bulk interface. You want the same service doing real-time checks on the signup form and running monthly bulk passes on the master list. Stitching two providers together creates gaps.
- UK data residency or clear DPA (Data Processing Agreement). If you hold UK-resident personal data, the provider should either host in the UK or the EU (European Union), or provide a standard Data Processing Agreement naming the transfer mechanism. The opt-in and permission-based email guide covers why this matters on the consent side.
- Integrations with your stack. Native connectors into Mailchimp, HubSpot, Klaviyo, Shopify and the common CRMs remove a step. Look for the ones you actually use.
- No list-resale, ever. This is non-negotiable. If the provider's terms of service do not explicitly state that your uploaded addresses will not be used for any purpose beyond verification, find another provider.
UK pricing: what email verification costs in practice
Email verification is priced by the address, and nearly every serious provider publishes a pay-as-you-go tariff alongside subscription bundles. The table below gives an indicative range across the category as of early 2026, converted from the provider's headline pricing. The exact rate depends on volume tier, contract length and whether you take a bundle; treat these as orientation, not quotes.
| Volume | Indicative pay-as-you-go (£ per pass) | Indicative cost per address |
|---|---|---|
| 1,000 addresses | £6 - £16 | £0.006 - £0.016 |
| 10,000 addresses | £40 - £100 | £0.004 - £0.010 |
| 50,000 addresses | £140 - £350 | £0.003 - £0.007 |
| 250,000 addresses | £500 - £1,400 | £0.002 - £0.006 |
| 1,000,000 addresses | £1,500 - £4,000 | £0.0015 - £0.004 |
Per-address cost falls as volume rises, which rewards an annual cleaning cadence over a stop-start approach. Bundles and subscription plans are usually 30-50% cheaper per address than pay-as-you-go if you can predict monthly volume.
Two things to watch on pricing. Credits that expire: some providers quietly expire unused credits after 30 or 90 days, which turns a "pay-as-you-go" plan into a monthly subscription in disguise. Free-tier accuracy: many providers offer a free tier of 100-500 checks per month but downgrade the accuracy on the free tier. If you are testing a provider, run a paid pass on a small sample before trusting the free one with a production list.
Free vs paid: when each one makes sense
Not every sender needs a paid pass. The rough dividing line looks like this.
A free tier is enough if you verify single addresses ad hoc, your list is under 2,000 contacts, you collected all of it yourself in the last year, and you only need one pass a quarter. At that scale, the free tiers from ZeroBounce, Hunter, Kickbox and Emailable cover you comfortably, and any single-address email checker free tool gives you a reasonable answer for individual lookups.
A paid pass is worth it the moment any of the following is true. The list is over 5,000 contacts. The list has been sitting untouched for more than six months. You imported contacts from a CRM or a merger. You bought or rented any part of the list (in which case you also need to rethink permission before you send at all). You are recovering from a deliverability incident and want the highest accuracy available. You want API access for real-time checks on a signup form. In any of these cases the per-address cost is a fraction of the revenue at stake on the next campaign.
The most expensive email verification decision a sender can make is to use a free tool on a list that needs a paid one, mail the cleaned result anyway, and lose a month of deliverability to the bounces that slipped through. A £60 pass on a 10,000 list pays for itself against a single damaged campaign.
How often you should verify your list
Email addresses decay on their own. People change jobs, companies rebrand, mailboxes close, domains retire. Every list loses contacts over time, and the only real question is how often to act on it.
Before the first send on a dormant list. Non-negotiable. If a list has been sitting untouched for six months or longer, or if it was just imported from a CRM, a third party, or a tool migration, run a bulk email verification pass before anything goes out. Dormant lists routinely hide 15-30% invalid rates, and one badly timed send against that is enough to cause a reputation hit that takes weeks to repair.
Active lists of 50,000 contacts and up. A monthly pass is worth the cost. At this scale, even a small percentage change in decay means hundreds of invalid addresses per month, and the pass itself is trivially cheap next to the cost of a bad send.
Small and mid-sized active lists (under 50,000). A quarterly rhythm is usually enough if you are sending regularly and your signup form already runs real-time verification. If open rates drop unexpectedly between two consecutive campaigns, treat it as an early signal and bring the next cleaning pass forward rather than waiting.
Every send on every list. Read the bounce report after every campaign. A professional sending platform suppresses hard-bouncing addresses automatically and shows you whether the suppression rate is stable or climbing. A climbing suppression rate is the earliest warning sign that the list is decaying faster than your cleaning cadence can handle.
Point of capture, forever. Real-time email verification on the signup form is the most effective control there is. Senders who also run double opt-in find that their bulk cleaning workload drops sharply, because the decay they are cleaning is smaller to begin with.
Periods of sector disruption. Redundancies, mergers and industry-wide shake-ups invalidate corporate addresses in batches. During those periods (and the 2024-2025 wave of UK tech redundancies was a good example), it is worth tightening the cleaning cadence temporarily, especially for B2B lists where a single company change can wipe out dozens of contacts in a day.
Running these cadences is also how you stay on the right side of the UK GDPR accuracy principle, Article 5(1)(d), without making a production of it. If the Information Commissioner's Office or an auditor ever asks how you keep marketing contact data accurate, the answer "we run email verification on new signups at the point of capture and a scheduled bulk pass on the existing list" is short, specific and credible.
How MailGraf handles email verification
Email verification sits at the front of the MailGraf onboarding process. Every new customer list goes through the same email verification steps before the first send, which is the reason new MailGraf customers almost never run into reputation issues in their first quarter.
- Import the list. The list is uploaded in CSV or TXT (plain text) format. MailGraf normalises the data (lowercasing, whitespace trimming, duplicate removal) and prepares it for checking.
- Run a bounce test. A short diagnostic pass runs over the list, usually in five to ten minutes, and returns the percentage of unreachable addresses it found.
- Compare against the threshold. If the invalid rate is below 5%, the list is ready for use without a full pass. If it crosses 5%, a full email verification pass is the correct next step.
- Run the full email verification pass. Every address goes through syntax, DNS, MX, SMTP, spam-trap detection, disposable filtering and role-based flagging. The output is three groups: valid, invalid, and unknown.
- Suppress invalid addresses. Invalid addresses are moved to a suppression list attached to the customer account, which means they cannot be accidentally mailed from any future campaign even if they are re-uploaded later.
On lists that have been sitting untouched for a long time, we regularly see invalid rates in the 20-30% range at first email verification. This is why the onboarding cleaning step is non-negotiable at MailGraf, and it is why customers who start with a clean list see healthier deliverability for a long time afterwards.
Once a customer is actively sending, the platform keeps the list clean on its own. Every campaign report flags hard bounces and moves them to the suppression list automatically, and soft bouncing addresses that keep failing are promoted to the same list after a configured number of attempts. The practical effect is a list that cleans itself with each send, rather than slowly rotting between manual cleanings. It also makes the monthly email verification bill predictable, because cleaning costs scale with decay, not with campaign volume.
Email verification feeds everything else in the programme. A clean list makes segmentation more accurate because the segments match real people. It makes KPI (Key Performance Indicator) reporting honest because open rates and click rates are calculated against addresses that actually receive mail. And it makes the SPF, DKIM and DMARC (Domain-based Message Authentication, Reporting and Conformance) authentication setup pay off, because verified senders with a clean list are exactly the profile mailbox providers reward with inbox placement.
Frequently asked questions
How do you verify an email address?
To verify a single email address, paste it into a free email checker such as Hunter's Email Verifier, ZeroBounce's free verifier or Kickbox. The tool runs a syntax check, a DNS/MX lookup and an SMTP probe against the recipient server, then returns a verdict (usually valid, invalid, catch-all or unknown) in a few seconds. To verify a whole list, upload it to the same provider's bulk interface and download the cleaned file when the pass finishes, typically within minutes to a few hours depending on list size.
Can I verify an email for free?
Yes, for small volumes. Most leading providers offer a free tier of 50-500 checks per month on top of a free trial, which covers individual lookups and the occasional small list. A free tier is fine for a solo operator or an early-stage business. Beyond a few thousand addresses a month, a paid pass becomes the cheaper option, because the reputation cost of a single botched send is higher than the cost of cleaning the list properly.
What is the difference between email validation and email verification?
In everyday language the two terms overlap, but there is a useful distinction. Email validation usually refers to a format or syntax check, often at the point of capture on a signup form: it catches typos but does not know whether the mailbox exists. Email verification goes further, with DNS and MX lookups, an SMTP conversation with the recipient server, and checks against trap and disposable-address databases. Validation catches gmal.con. Verification catches somebody-who-left-two-years-ago@real-company.co.uk.
Is email verification accurate?
Good email verification services are accurate to 95-99% on the valid and invalid categories, which is the accuracy that matters for list hygiene. The residual grey zone is mostly catch-all and unknown addresses, where even the best tool cannot give a binary answer without actually sending mail. Providers that refuse to publish their accuracy methodology should be treated with scepticism.
Is email verification legal under UK GDPR?
Yes, when it is run by a provider acting as a data processor under a standard Data Processing Agreement. Verification supports the UK GDPR accuracy and data-minimisation principles, Article 5(1)(d) and Article 5(1)(c), because it identifies records that are no longer correct and lets you act on them. It does not create new personal data, and it does not require a separate consent from the contact because the processing is compatible with the original marketing purpose.
What is a spam trap and why is it dangerous?
A spam trap is an email address that mailbox providers and anti-spam groups use to catch senders with poor list hygiene. Two kinds exist. Pristine traps never belonged to a real person: they are seeded on the open web to catch harvesters and buyers of lists. Recycled traps were once real addresses that have since been abandoned and repurposed. Hitting either kind is a strong negative signal. A single pristine-trap hit can land you on a blocklist, and blocklists are substantially harder to leave than to avoid.
How often should I clean my email list?
Before the first send on any dormant or imported list, every time. For active lists over 50,000 contacts, monthly. For smaller active lists with real-time verification on the signup form, quarterly is usually enough. After every send, read the bounce report and react early if suppression rates start climbing. The goal is to make verification a cadence, not a panic.
Why does my list have such a high bounce rate?
The common culprits are long dormant periods between campaigns, bought or rented lists, old B2B databases where employees have moved on, and imports from tools that never had list hygiene built in. Employees leave, companies close, addresses go cold. A list that was clean a year ago can easily be 15-25% invalid today if it has not been mailed regularly. Verification before the next send, followed by a steady cleaning cadence, is the way back to a healthy bounce rate.
Does email verification guarantee inbox placement?
No. Verification protects your list from the addresses that would hurt you, which is a necessary condition for inbox placement but not a sufficient one. The other half of the job is authentication (SPF, DKIM and DMARC), clean sending infrastructure, engaged subscribers, relevant content and a healthy sender reputation. Verification removes the worst-case outcomes; the rest of the programme earns the best ones.
If you would like MailGraf to run a verification pass on your list before your next campaign, get in touch and we will take it from there.
Originally published: Apr 12, 2026
Professional email marketing platform.
Don't miss out
Get the latest email marketing tips and exclusive updates.