To technically check the existence of an email address, you generally use two main methods: checking MX records and performing an SMTP handshake. For catch-all domains, there's a different challenge and special handling is needed.
Start by finding if the domain part of the email (after the "@") has mail servers configured via MX records. This is done using DNS queries:
Use a tool like nslookup, dig, or any DNS library to retrieve MX records for the domain.
If no MX records are found, the domain cannot receive mail and any address at this domain will not be valid.
Example (using command line):
text
nslookup -q=mx example.com
A response listing MX records confirms that the domain can receive emails.
Once MX records are confirmed, you can simulate the SMTP protocol to check recipient validity:
Connect to the mail server on port 25.
Initiate an SMTP transaction, stop just before sending any actual message.
Use the sequence: EHLO, MAIL FROM:, then RCPT TO: with the target email.
The response to RCPT TO: indicates if the mailbox exists:
250: Address is accepted (often means it exists)
550: Address does not exist
450/greylisting: Try later, or address is temporarily unavailable
Example interaction:
text
telnet mail.example.com 25 EHLO test.com MAIL FROM:<[email protected]> RCPT TO:<[email protected]> QUIT
Note: Some servers employ greylisting, tarpitting, or accept all addresses (catch-all), which can lead to false positives or delays.
With catch-all domains, the mail server accepts all RCPT TO requests, regardless of whether the mailbox actually exists. This means SMTP handshake alone can't determine if a specific email is valid:
A "catch-all" server always replies with 250 OK, even for fake addresses.
Advanced validation requires behavioral intelligence, sending patterns, or using probabilistic/risk scoring, sometimes combined with historical sending data.
Most simple verifiers will report these as "unknown" or "catch-all"; advanced commercial solutions may provide a risk assessment.
For thorough B2B or SaaS use-cases, combine MX checks, basic SMTP handshake, and catch-all/risk scoring for the best results. Consider privacy, rate limiting, and IP reputation (avoiding mass lookups from the same IP) to prevent server blocks.
For robust, developer-friendly email existence validation with detailed deliverability insights and catch-all detection, see Email Address Validation – SMTPing — a reliable solution for modern SaaS and sales teams.