2.5B
Email accounts will be invalid or abandoned by 2026
22%
Of email addresses go bad every year through natural decay
2%
Bounce rate threshold — above this your domain gets blacklisted
$38
Average ROI for every $1 spent on email marketing with a clean list

1. Why email validation matters for your business

Imagine spending three hours crafting a perfect email campaign, paying your email service provider to send it, and then watching 18% of your messages bounce back undelivered. That's not a hypothetical — it's what happens when marketers skip email validation.

Email validation is the process of checking whether an email address is correctly formatted, whether the domain actually exists and can receive email, and ideally whether the specific mailbox is active. Done properly, it protects one of your most valuable digital assets: your sender reputation.

Your sender reputation is essentially a trust score that inbox providers like Gmail, Outlook, Yahoo and Apple Mail assign to your sending domain. When your reputation is high, your emails land in the inbox. When it drops — due to bounces, spam complaints or other signals — your emails start landing in the junk folder, or get blocked entirely. Rebuilding a damaged sender reputation can take months.

The three ways bad emails hurt your business

Hard bounces destroy your sender score. When you send to an email address that doesn't exist — like john@company.com when that company has gone out of business — the receiving server sends back a permanent failure code. Every major inbox provider tracks how many of these hard bounces your domain generates. Above 2% and you're in dangerous territory. Above 5% and some providers will start blocking all your mail.

Spam trap hits blacklist you. Spam traps are email addresses that have been set up specifically to catch senders with dirty lists. There are two types: pristine spam traps (addresses that never belonged to a real person — if you're emailing them, you either scraped the address or bought a list) and recycled spam traps (old addresses that were once valid, then abandoned, then repurposed as traps). Hitting even one spam trap in a campaign can get your IP address or domain listed on Spamhaus or other blacklists within hours.

Wasted spend adds up fast. Most email service providers charge by the number of emails sent or by list size. Sending to 10,000 invalid addresses every month isn't just hurting your deliverability — you're paying to send those messages. At $0.001 per email that's $10 wasted per campaign. At scale, with a list of 100,000 addresses that's 22% invalid (industry average decay rate), you're paying for 22,000 pointless sends every time you hit send.

The real cost of not validating

A software company with a list of 50,000 subscribers found that 23% of their addresses had gone bad over 18 months. They were paying their ESP for 50,000 sends but getting delivery to only 38,500. After cleaning the list, their open rate jumped from 18% to 29% — not because more people were interested, but because the emails were actually reaching the right people.

Validation is not a nice-to-have. It's basic list hygiene that every email sender should practice.

2. What actually makes an email address valid?

Most people think of email validation as "does it have an @ symbol and look roughly right?" That's a start, but genuine validation is much more layered. There are four distinct levels at which an email address can be valid or invalid.

Level 1 — Syntax validity

Does the email address follow the correct format as defined by RFC 5321 and RFC 5322 — the internet standards that define how email addresses must be structured? This is the fastest check and can be done entirely in your browser without any network requests. It catches obvious errors like missing @ symbols, spaces in the address, and invalid characters.

Level 2 — Domain validity

Does the domain part of the email address actually exist? And more specifically, does it have MX (Mail Exchange) records configured? An MX record is a DNS record that tells the internet where to deliver email for that domain. A domain without MX records cannot receive email — even if the domain itself exists for a website. For example, sarah@example-company.com might have valid syntax and a working website, but if the domain has no MX records, no email will ever be delivered there.

Level 3 — Mailbox existence

Does the specific mailbox actually exist on that mail server? This is done through SMTP verification — your checking tool connects to the recipient's mail server and asks "does this mailbox exist?" without actually sending a message. The server responds with either a 250 OK (yes, it exists) or a 550 No such user (it doesn't). This is the deepest and most reliable check, but it's also the most complex because some servers use "catch-all" configuration — they accept mail for any address at the domain regardless of whether a mailbox exists.

Level 4 — Engagement validity

Even if an email address exists and accepts mail, is it a real engaged human? This is where checks like disposable email detection, role-based address detection, and spam trap detection come in. An address at mailinator.com is technically valid at all three previous levels — but it's a throwaway inbox that will never result in a real customer relationship.

3. The 12 syntax rules every valid email must pass

RFC 5321 defines the official standard for email address formatting. Here are the 12 rules that every valid email address must satisfy:

  1. Not empty — the field must contain at least one character
  2. Exactly one @ symbol — not zero, not two or more
  3. No spaces anywhere — whitespace is never allowed in an email address
  4. Local part exists — there must be at least one character before the @
  5. Local part maximum 64 characters — RFC 5321 sets this hard limit
  6. Valid characters in local part — letters, numbers, and these symbols only: . _ + - %
  7. No consecutive dots in local partjohn..doe@ is invalid
  8. No dot at start or end of local part.john@ and john.@ are invalid
  9. Domain exists after @ — there must be at least one character after the @
  10. Domain contains at least one dotjohn@company without a TLD is invalid
  11. TLD is at least 2 characters — made of letters only, like .com, .in, .org
  12. Total length maximum 254 characters — the complete email cannot exceed this

These rules catch a surprising number of real-world errors — especially typos that users make when entering their email in signup forms under time pressure or on mobile keyboards.

4. Real-world examples — valid vs invalid

Let's look at real email addresses and walk through exactly why each one passes or fails validation. These examples cover the most common patterns you'll encounter in real lists.

Valid email addresses — all pass
✓ john.doe@company.com ✓ sarah+newsletter@gmail.com ✓ user_123@subdomain.company.co.uk ✓ firstname.lastname@enterprise.org ✓ contact@startup.io ✓ name@university.ac.in
Invalid — syntax errors
✗ john doe@company.com — space in local part ✗ @company.com — nothing before @ ✗ john@company — no dot in domain, no TLD ✗ john@@company.com — double @ symbol ✗ john..doe@company.com — consecutive dots ✗ .john@company.com — local part starts with dot ✗ john@company.c — TLD only one character ✗ john@.com — nothing between @ and dot
Common typos — valid syntax but wrong address
⚠ john@gmial.com — typo, probably gmail.com ⚠ sarah@yahooo.com — extra o, probably yahoo.com ⚠ mike@hotmal.com — missing i, probably hotmail.com ⚠ priya@outlok.com — missing o, probably outlook.com ⚠ raj@redifmail.com — single f, probably rediffmail.com

Typos are particularly interesting because they pass syntax validation — they're properly formatted email addresses — but they'll bounce because the domain either doesn't exist or the specific mailbox doesn't. A good validator catches these and suggests the correction, dramatically improving data quality at the point of capture.

5. Beyond syntax — domain and mailbox checks

MX record lookup

After confirming syntax, the next step is checking whether the domain can actually receive email. This is done by querying the domain's DNS records for MX (Mail Exchange) entries.

An MX record tells the internet: "email for this domain should be delivered to this mail server." Every domain that legitimately receives email must have at least one MX record. Without it, any email sent to that domain will bounce with a "No MX records" error.

Common reasons a domain has no MX records:

MX record check examples
✓ gmail.com — MX: gmail-smtp-in.l.google.com (priority 5) ✓ outlook.com — MX: outlook-com.olc.protection.outlook.com ✓ company.com — MX: mail.company.com (priority 10) ✗ abandoned-startup.com — No MX records found ✗ example.xyz — Domain exists but no email configured

SMTP verification

SMTP (Simple Mail Transfer Protocol) verification is the deepest check available. It works by your validation tool opening a connection to the recipient's mail server — exactly as if it were about to send an email — and asking whether the mailbox exists. This happens without sending any actual message.

The SMTP conversation looks like this:

SMTP handshake — mailbox exists
→ EHLO emailsheriff.com ← 250 Hello, nice to meet you → MAIL FROM: <check@emailsheriff.com> ← 250 OK → RCPT TO: <john@company.com> ← 250 OK — mailbox exists, ready to accept → QUIT
SMTP handshake — mailbox does not exist
→ RCPT TO: <johndoe123@company.com> ← 550 5.1.1 No such user here

The limitation of SMTP verification is catch-all domains. Some organisations configure their mail servers to accept email for any address at their domain — even addresses that don't correspond to a real mailbox — to avoid bouncing legitimate mail that might have been addressed incorrectly. In these cases, the SMTP check returns 250 OK for every address at that domain, making it impossible to confirm whether a specific mailbox exists.

6. Disposable and temporary email addresses

Disposable email addresses — also called throwaway emails, temp mail, or burner emails — are addresses created through services like Mailinator, Guerrilla Mail, 10 Minute Mail, and thousands of others. These services provide an inbox that anyone can access without signing up, that automatically deletes messages after a short time, and that requires no password.

Users create disposable addresses for completely understandable reasons — they want to download your lead magnet or try your free trial without committing their real email address. From the user's perspective, it's a privacy protection measure. From your perspective as a sender, it represents a contact who will never become a customer.

Why disposable emails are bad for your business

Known disposable domains — examples
✗ anything@mailinator.com ✗ anything@guerrillamail.com ✗ anything@10minutemail.com ✗ anything@tempmail.com ✗ anything@throwaway.email ✗ anything@yopmail.com ✗ anything@trashmail.com

Good email validators maintain a continuously updated database of known disposable domains — EmailSheriff's list contains over 2,000 such domains. When a new disposable provider appears, it gets added to the list through real-world usage patterns.

7. Role-based emails and why they hurt engagement

Role-based email addresses are those assigned to a function or department rather than an individual person. They follow a consistent pattern: info@, contact@, support@, sales@, admin@, help@, marketing@.

The challenge with role-based addresses is nuanced. Some of them are outright problems. Others are perfectly valid contacts. The key is understanding which category you're dealing with.

Hard fail — never send to these

Certain role-based addresses are inherently undeliverable or will cause immediate problems:

Warning — low engagement likely

These addresses technically work but represent low-engagement contacts:

Unpredictable — use context

Some role-based addresses are legitimate business contacts depending on your use case:

This is why good email validators give you control over how role-based addresses are handled — warn, fail or ignore — rather than applying a one-size-fits-all rule.

8. Spam traps — the hidden list killer

Spam traps are one of the most dangerous elements of a dirty email list, and the least understood. Unlike hard bounces which generate immediate feedback, spam trap hits often produce no visible error at all. Your email appears to send successfully, your ESP reports it as delivered, and meanwhile your sender reputation is quietly being destroyed.

How spam traps work

Anti-spam organisations like Spamhaus, SURBL, and others maintain networks of specially configured email addresses called spam traps. When your sending infrastructure delivers mail to one of these addresses, it's logged as evidence that you're sending to addresses you obtained without explicit permission, or that you're not properly maintaining list hygiene.

Types of spam traps

Pristine spam traps are addresses that have never been used by a real person. They exist only to catch senders who scraped email addresses from websites, purchased lists, or obtained addresses through other illegitimate means. If you email a pristine spam trap, you've proven your list acquisition practices are problematic. Consequences range from blacklisting to having your ESP account terminated.

Recycled spam traps are former legitimate email addresses that were abandoned for a long period (typically 12+ months) and then repurposed as spam traps. This type catches senders who aren't properly removing inactive or bouncing addresses from their lists. If you're still emailing addresses that have been inactive for two years, some of those addresses may now be traps.

Typo spam traps are addresses at common typo domains — for example @gmial.com or @yahooo.com. Anti-spam organisations register these typo domains and configure them as spam traps specifically to catch mailers who aren't validating their address collection for typos. A signup form that accepts name@gmial.com without suggesting a correction will eventually accumulate these addresses.

Warning signs your list contains spam traps

You notice your inbox placement rate dropping across Gmail, Outlook or Yahoo without a corresponding increase in spam complaints or bounces — this is the classic signature of spam trap hits.

Your ESP warns you about unusual bounce patterns or places restrictions on your account. This sometimes happens before formal blacklisting.

Your domain appears on Spamhaus or other blacklist lookup services — run a check at EmailSheriff's blacklist checker (coming soon) or directly at spamhaus.org.

9. How invalid emails damage deliverability — the numbers

Email deliverability is the science of getting your emails into the inbox rather than the spam folder. It's determined by dozens of signals that inbox providers like Gmail and Outlook continuously evaluate. Invalid email addresses affect several of these signals simultaneously.

Bounce rate thresholds that matter

Bounce rate Status What happens
Below 0.5% Excellent No impact. Gmail's postmaster tools show green. Full inbox placement.
0.5% – 2% Acceptable Minor reputation impact. Some providers begin filtering marginally.
2% – 5% Dangerous Noticeable deliverability drop. Gmail may start routing to spam.
5% – 10% Critical Significant spam folder routing. ESP may throttle or warn your account.
Above 10% Emergency ESP may suspend account. Domain blacklisting likely. Full deliverability crisis.

The Google and Yahoo 2024 sender requirements

In February 2024, Google and Yahoo introduced mandatory requirements for bulk email senders (anyone sending more than 5,000 emails per day). These requirements made email hygiene more important than ever:

These requirements mean that list hygiene and email validation are no longer best practices — they're effectively mandatory for anyone sending at scale.

10. Real business scenarios with examples

Let's look at how email validation plays out in specific real-world business situations.

Scenario A — SaaS product signup form

A B2B SaaS company captures email addresses through their free trial signup page. Without validation at the point of capture, they accumulate:

Impact without validation: 31% bounce rate on their first drip campaign. ESP throttles their account. Three months of recovery work rebuilding sender reputation.

With validation at signup: Typos are corrected in real-time. Disposable addresses are rejected with a friendly message asking for a business email. Bounce rate on campaigns stays below 0.3%.

Scenario B — E-commerce post-purchase emails

An online retailer sends order confirmations, shipping updates and review requests to every customer email. Their list has grown to 180,000 addresses over 4 years without any validation or cleaning.

Using our email inspector tool to analyse their list, they discovered:

After cleaning: 11% reduction in list size, 34% improvement in open rates, bounce rate dropped from 4.2% to 0.6%, and their sender reputation score on Gmail Postmaster Tools moved from "low" to "high" within 6 weeks.

Scenario C — Lead generation campaign

A marketing agency ran a paid social media campaign offering a free industry report. The landing page collected 4,800 email addresses over two weeks. When they went to nurture these leads:

The insight: Only 3,566 of the 4,800 addresses were genuinely contactable. The agency had been reporting "4,800 leads" to their client when the actual figure was 74% of that. Proper reporting and validation changed how they evaluated campaign ROI entirely.

Scenario D — Newsletter list building

A content creator built a newsletter audience of 12,000 subscribers over two years. Natural list decay — job changes, abandoned email accounts, expired domains — means their effective deliverable list was likely significantly smaller.

After running the list through validation:

Removing invalid addresses and re-engaging the correctable typos resulted in their open rate increasing from 22% to 31% — purely because the denominator shrank while engaged readers remained.

11. How to check email validity — your options

You have several options for checking email validity depending on your use case, technical capability and budget.

Option 1 — Use a free online tool

For checking individual addresses or small lists, a free online validator is the fastest option. EmailSheriff's Email Inspector runs five checks simultaneously — syntax validation, disposable detection, typo suggestions, role-based flagging and free provider detection — and gives every address a health score out of 100. You can check a single email, paste a list, or upload a CSV file. It's free with no signup required.

Option 2 — Real-time validation at the point of capture

For signup forms, checkout pages and any other place you collect email addresses, real-time validation is the gold standard. As the user types their email, an API call checks validity and either confirms it's good or surfaces an error message immediately. This approach catches typos while the user is still on the page and can easily correct them.

Implementation typically requires a validation API and a small JavaScript snippet added to your form. Most major email validation services offer APIs with free tiers sufficient for small to medium traffic volumes.

Option 3 — Bulk list cleaning

For existing lists, a bulk validation service is the most efficient approach. You upload a CSV file, the service processes every address against multiple checks (syntax, MX, SMTP, disposable detection, spam trap screening), and returns a clean file with each address scored and categorised. This is the approach used by professional email marketers before major campaigns.

Option 4 — ESP-level validation

Many email service providers now offer built-in list validation tools. Mailchimp, Klaviyo, Brevo and others have cleaning features that flag problematic addresses before sending. While these are less comprehensive than dedicated validation services, they're convenient for teams already using those platforms.

Option 5 — Build it yourself

For developers building applications that collect email addresses, implementing your own validation is straightforward for syntax checks — a well-crafted regular expression handles most cases. For deeper checks like MX lookup and SMTP verification, you'll need either a third-party API or your own server-side implementation. Libraries exist for most programming languages that handle the SMTP handshake verification automatically.

Try EmailSheriff free — right now

Check any email address in seconds. Syntax, disposable domains, typos, role-based detection — five checks, instant health score, no signup required.

Inspect an email →

12. Best practices for keeping your list clean

Email list hygiene is not a one-time event — it's an ongoing practice. Here's the framework professional email marketers use to maintain deliverable, engaged lists.

Validate at the point of capture

The cheapest and most effective time to validate an email address is the moment a user enters it. Catching a typo when the user is still on your signup page costs nothing. Chasing them down three months later to update their address costs time, money and goodwill. Implement real-time syntax checking as a minimum, and consider disposable detection if you want to ensure you're only collecting genuinely interested contacts.

Run a full validation before every major campaign

Before sending any campaign to more than 10,000 people, run your list through a validation service. The 22% annual decay rate means that a list you cleaned 12 months ago may already have tens of thousands of bad addresses. This is especially important if your list includes older addresses or if you've run paid acquisition campaigns where address quality varies significantly.

Process bounces immediately

Every email service provider gives you access to bounce reports. Hard bounces — permanent failures like "no such user" — should be removed from your list immediately after the first bounce. There is no legitimate reason to attempt a second send to a hard-bounced address. Many ESPs do this automatically, but verify your platform's settings to ensure it's configured correctly.

Implement a re-engagement campaign and sunset policy

Subscribers who haven't opened or clicked anything in 6-12 months represent a risk. Some are genuinely disengaged. Others have switched email providers and may have abandoned addresses that could become spam traps. Run a targeted re-engagement campaign — "We miss you, here's something valuable, click here to stay subscribed" — and remove everyone who doesn't respond. This feels counterintuitive (you're deliberately shrinking your list) but it consistently improves deliverability and engagement rates.

Use double opt-in for new signups

Double opt-in — sending a confirmation email that requires the user to click a link before being added to your list — is the single most effective defence against bad addresses. Typos can't confirm. Disposable addresses expire before the user clicks. Bots don't click. Double opt-in typically reduces list growth rate by 20-30%, but the addresses you do capture are almost always valid, engaged contacts. For lists where quality matters more than volume, double opt-in is strongly recommended.

Monitor your sender reputation continuously

Google's Postmaster Tools (free) and Microsoft's SNDS (Smart Network Data Services, also free) give you real-time visibility into how the two biggest inbox providers view your sending domain. Track your spam rate, domain reputation and IP reputation weekly. Any degradation is an early warning sign to investigate and clean your list before the problem becomes severe.

13. Frequently asked questions

Can an email address be valid but still not receive mail?

Yes, in several ways. The domain might have expired. The mailbox might be over its storage quota. The server might be temporarily down. The domain might have MX records pointing to a server that's misconfigured. Syntax and even MX validity don't guarantee deliverability — they just eliminate the most common failure modes.

What's the difference between email validation and email verification?

The terms are often used interchangeably, but there's a technical distinction. Validation typically refers to format and syntax checking — does the address look correct? Verification typically refers to deeper checks — does the domain exist, does the mailbox exist, is the address safe to send to? In practice, most email validation services perform both, and the distinction is mainly academic.

Is it legal to validate email addresses?

Yes. Checking whether an email address is correctly formatted or whether a domain exists involves no personal data processing in a meaningful sense. Running an SMTP check is equivalent to knocking on a door to see if anyone's home — no message is sent, no data is collected from the recipient. GDPR and other privacy regulations apply to how you use and store the email address, not to the act of checking its validity.

How often should I clean my email list?

For active senders (weekly or more frequent campaigns), run a light validation check monthly. For monthly senders, clean the list quarterly. For infrequent senders, clean the list before every major send. The 22% annual decay rate means that even a list you cleaned six months ago could have 10% bad addresses by now.

What is a catch-all domain and why is it a problem?

A catch-all domain is configured to accept email sent to any address at that domain, regardless of whether a specific mailbox exists. For example, if company.com is catch-all, then anyname@company.com, fake123@company.com and zzz@company.com will all appear to accept mail during SMTP verification — but many of those addresses will just silently drop the messages. Email validation tools flag catch-all domains as "risky" rather than valid or invalid, because it's genuinely impossible to confirm mailbox existence.

What bounce rate is acceptable for email marketing?

Industry standard guidance is to keep hard bounces below 2% and ideally below 0.5%. Google and Yahoo's 2024 requirements effectively push best practice to below 0.3% for bulk senders. If your bounce rate consistently exceeds 2%, prioritise list cleaning before your next campaign — your deliverability will already be degraded.

Does email validation guarantee my emails will reach the inbox?

No. Email validation removes known bad addresses and reduces hard bounces — which is one major factor in deliverability. But inbox placement also depends on sender reputation, content quality, authentication records (SPF, DKIM, DMARC), sending frequency, engagement rates, and the recipient's spam filter preferences. Validation is necessary but not sufficient on its own for inbox placement.

Start validating your email list today

EmailSheriff is free. No signup, no credit card, no limits on individual checks. Upload your CSV and get a complete health score for every address in seconds.

Try the Email Inspector →

Found this useful? Share it with someone who sends email for their business.

Share on X Share on LinkedIn