Go beyond syntax checks. Verify SMTP reachability, detect disposable and role accounts, score confidence, and surface risk flags — all in one API call. Built for marketing, SaaS, and fraud prevention teams.
20
Free requests
<1s
Response time
99.9%
Uptime SLA
Live Validation Demo — try it now
CAPABILITIES
Every validation returns a confidence score (0–100) and quality rating — Excellent, High, Medium, Low, or Poor — so you can act on deliverability risk, not just pass/fail.
Goes beyond MX record checks. Connects to the mail server and confirms the mailbox exists without sending an email. Catches dead inboxes that syntax checks miss.
Identifies temporary email addresses from services like Mailinator, Guerrilla Mail, and thousands of other throwaway providers — protecting your list from fake sign-ups.
Flags generic addresses like info@, support@, admin@, and noreply@ — addresses that rarely reach a decision-maker and inflate your contact list without adding value.
Returns structured risk_flags such as catch_all_unknown, disposable_domain, and role_account, giving your application precise signals to handle edge cases programmatically.
Detects free email providers (Gmail, Yahoo, Hotmail) and returns compliance metadata for GDPR and marketing consent workflows. Helps B2B teams filter out consumer addresses.
USE CASES
From marketing list hygiene to fraud prevention — here is how teams use the Email Validation API today.
A single invalid or disposable email in your list damages your sender reputation and can land you in spam. Validate at point of collection and before every bulk send.
Reduce bounce rates and protect sender reputation automatically
Filter out disposable sign-ups at form submission — not weeks later
Flag role addresses (info@, marketing@) that inflate open rate metrics
Get a confidence score on every email before committing credits
Basic syntax checks let disposable and catch-all emails through. Our API verifies the mailbox exists via SMTP and flags risk at the source — before your domain reputation suffers.
HOW TO START
Sign up with an email and password. No credit card. Your API key is created instantly with 1,000 free credits — enough for 500 email validations.
Free Sign UpSend a GET request to email.apitier.com/v1/validate with your API key and email address. Receive a confidence score, quality rating, and risk flags in under 1 second.
Purchase credit packs. No monthly subscription. No minimum commitment. Scale from hundreds to millions of validations.
View PricingINTEGRATION
A single GET request. Works in any language. No SDK required.
curl -X GET \
"https://email.apitier.com/v1/validate?x-api-key=YOUR_API_KEY&email=john.doe@example.com"
# Response
{
"isValid": true,
"email": "john.doe@example.com",
"quality_rating": "high",
"confidence_score": 85,
"smtp_validation": { "value": true, "checked": true },
"mx_validation": { "value": true },
"disposable_validation": { "value": true },
"role_account_validation": { "value": false },
"risk_flags": [],
"verification_depth": "smtp",
"compliance": { "is_free_provider": false }
}FAQ
What does the Email Validation API actually check?
The API performs multiple layers of verification in a single call: syntax validation, MX record lookup, live SMTP connection to confirm the mailbox exists, disposable domain detection, role account identification, and free email provider detection. It returns a confidence score (0–100), quality rating, and structured risk_flags so your application can act on specific issues rather than just a binary pass/fail.
What is the confidence score and how should I use it?
The confidence score (0–100) reflects the overall deliverability likelihood of the email address. A score above 70 with SMTP confirmation means the inbox is very likely reachable. Scores below 50 indicate catch-all domains, SMTP failures, or other unresolved signals. We recommend gating sign-ups or list additions at a threshold that fits your risk tolerance — for example, only auto-accepting scores above 70 and sending a manual review notification for scores between 40–70.
What is a role account and why does it matter?
Role accounts are generic email addresses not tied to an individual — such as info@, support@, admin@, sales@, or noreply@. These addresses are often monitored by teams, routed to ticketing systems, or checked infrequently. For marketing and sales outreach, role accounts reduce deliverability and engagement rates. The role_account_validation field flags these explicitly so you can route them to a human review queue rather than automated campaigns.
How does disposable email detection work?
The API checks the email domain against a continuously updated database of known disposable and temporary email service providers — including Mailinator, Guerrilla Mail, Temp-Mail, and thousands of others. The disposable_validation.value field returns true when the domain is NOT disposable (safe) and false when it IS a disposable domain. This inverted logic is intentional — a true value always means the validation passed.
What are risk_flags and what values can they contain?
risk_flags is an array of named signals in the API response that your application can check programmatically. Common values include: role_account (address is a generic role inbox), catch_all_unknown (the mail server accepts all addresses — deliverability unconfirmed), and disposable_domain (the domain is a known throwaway service). An empty array means no specific risks were detected beyond the overall confidence score.
Does SMTP verification send an actual email?
No. SMTP verification works by initiating a connection to the mail server and checking whether the mailbox is accepted at the protocol level — without delivering a message. This is sometimes called a "dry run" SMTP check. It confirms that the inbox exists and can receive email without triggering any spam filters or sending a real message.
What happens with catch-all domains?
Some mail servers are configured to accept all inbound email regardless of whether the specific mailbox exists — these are called catch-all domains. When this is detected, smtp_validation.checked may be false and catch_all_unknown will appear in risk_flags. The confidence score will reflect this uncertainty. Catch-all addresses are not confirmed deliverable, but they are also not confirmed undeliverable — treat them as medium risk.
How many credits does each email validation cost?
Each successful email validation deducts 2 credits from your shared credit balance. Credits are only charged on a successful 200 response. Invalid requests (400), unauthorised (401/403), and rate limit responses (429) are never charged. The free plan includes 1,000 credits per month — enough for 500 email validations at no cost.
Can I use the API for bulk email list validation?
Yes. You can call the API sequentially for any list size. Each call validates one email address. For high-volume batch processing, use our Professional or Business plan which supports 500 requests per second rate limits. The structured JSON response makes it straightforward to build a batch processor that collects results and flags addresses below your confidence threshold.
Is the API GDPR compliant?
Yes. The Email Validation API processes only the email address you submit and returns validation metadata. No email addresses are stored beyond the processing window. The compliance field in the response provides context on free provider detection relevant to B2B marketing consent workflows. All data is processed in EU infrastructure.