Email Validation
Validate email addresses with format checking, domain verification, MX record lookup, and deliverability prediction
Overview
This endpoint provides comprehensive email address validation. It checks email format, domain validity, MX records, and uses pattern analysis to predict deliverability.
The endpoint returns:
- Email format validation (RFC 5322 compliant)
- Domain structure verification
- MX record DNS lookup
- Common email provider recognition (130+ providers)
- Suspicious and disposable email pattern detection
- Deliverability prediction score
Pricing
📊 1 Credit per Request
Each request costs 1 data credit and counts as a billable request.
Endpoint
GET /validate/email?email={email_address}
POST /validate/email
Request Parameters
GET Request
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address to validate (max 320 characters) |
POST Request Body
{
"email": "[email protected]"
}
Response Format
{
"email": "[email protected]",
"prediction": "high",
"details": {
"formatValid": true,
"hasValidDomain": true,
"commonProvider": true,
"suspiciousPattern": false,
"mxRecordsValid": true,
"mxRecords": [
"aspmx.l.google.com",
"alt1.aspmx.l.google.com",
"alt2.aspmx.l.google.com"
]
}
}
Response Fields
| Field | Type | Description |
|---|---|---|
email | string | The email address that was validated |
prediction | string | Deliverability prediction: high, medium, low, or bad |
details.formatValid | boolean | Whether the email format is valid per RFC 5322 |
details.hasValidDomain | boolean | Whether the domain has valid structure |
details.commonProvider | boolean | Whether the domain is a recognized email provider |
details.suspiciousPattern | boolean | Whether the email matches suspicious patterns |
details.mxRecordsValid | boolean | Whether the domain has valid MX records |
details.mxRecords | string[] | List of MX record hostnames for the domain |
Prediction Levels
| Level | Meaning | Criteria |
|---|---|---|
| high | Very likely to exist and work | Valid format, valid domain, has MX records, common provider, no suspicious patterns |
| medium | Likely to work if domain is legitimate | Valid format, valid domain, has MX records, not a common provider, no suspicious patterns |
| low | May not be reliable | Valid format but contains suspicious patterns (test email, temporary/disposable email) |
| bad | Cannot receive email | Invalid format, invalid domain structure, or no MX records |
Example Requests
GET Request
curl -X GET "https://api.boxapi.com/validate/[email protected]" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"
POST Request
curl -X POST "https://api.boxapi.com/validate/email" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"email": "[email protected]"}'
Usage Examples
JavaScript/Node.js
// GET method
const response = await fetch(
'https://api.boxapi.com/validate/[email protected]',
{
method: 'GET',
headers: {
'Authorization': 'Bearer YOUR_API_KEY',
'Content-Type': 'application/json'
}
}
);
const data = await response.json();
console.log(`Email: ${data.email}`);
console.log(`Prediction: ${data.prediction}`);
console.log(`Format valid: ${data.details.formatValid}`);
console.log(`MX records valid: ${data.details.mxRecordsValid}`);
// POST method
const postResponse = await fetch('https://api.boxapi.com/validate/email', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_API_KEY',
'Content-Type': 'application/json'
},
body: JSON.stringify({ email: '[email protected]' })
});
const postData = await postResponse.json();
if (postData.prediction === 'high' || postData.prediction === 'medium') {
console.log('Email is likely valid');
} else {
console.log('Email may not be deliverable');
}
Python
import requests
headers = {
'Authorization': 'Bearer YOUR_API_KEY',
'Content-Type': 'application/json'
}
# GET method
response = requests.get(
'https://api.boxapi.com/validate/[email protected]',
headers=headers
)
data = response.json()
print(f"Email: {data['email']}")
print(f"Prediction: {data['prediction']}")
print(f"Format valid: {data['details']['formatValid']}")
print(f"MX records valid: {data['details']['mxRecordsValid']}")
# POST method
post_response = requests.post(
'https://api.boxapi.com/validate/email',
headers=headers,
json={'email': '[email protected]'}
)
post_data = post_response.json()
if post_data['prediction'] in ('high', 'medium'):
print('Email is likely valid')
else:
print('Email may not be deliverable')
PHP
<?php
$apiKey = 'YOUR_API_KEY';
// GET method
$ch = curl_init('https://api.boxapi.com/validate/[email protected]');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Authorization: Bearer ' . $apiKey,
'Content-Type: application/json'
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$data = json_decode($response, true);
echo "Email: {$data['email']}\n";
echo "Prediction: {$data['prediction']}\n";
echo "Format valid: " . ($data['details']['formatValid'] ? 'true' : 'false') . "\n";
echo "MX records valid: " . ($data['details']['mxRecordsValid'] ? 'true' : 'false') . "\n";
// POST method
$ch = curl_init('https://api.boxapi.com/validate/email');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Authorization: Bearer ' . $apiKey,
'Content-Type: application/json'
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(['email' => '[email protected]']));
$response = curl_exec($ch);
$postData = json_decode($response, true);
if (in_array($postData['prediction'], ['high', 'medium'])) {
echo "Email is likely valid\n";
} else {
echo "Email may not be deliverable\n";
}
?>
Common Providers Recognized
The validation engine recognizes 130+ common email providers, including:
- Google: gmail.com, googlemail.com
- Microsoft: outlook.com, hotmail.com, live.com, msn.com
- Apple: icloud.com, me.com, mac.com
- Yahoo: yahoo.com and regional variants
- Privacy-focused: protonmail.com, tutanota.com
- European: gmx.com, web.de, laposte.net
- And many more regional and global providers
Error Responses
Missing Email Parameter
{
"error": "Email parameter is required"
}
HTTP Status: 400 Bad Request
Email Too Long
{
"error": "Email exceeds maximum length of 320 characters"
}
HTTP Status: 400 Bad Request
Authentication Error
{
"error": "Unauthorized"
}
HTTP Status: 401 Unauthorized
Rate Limit Exceeded
{
"error": "IP blocked",
"statusCode": 429
}
HTTP Status: 429 Too Many Requests
Rate Limits
The following rate limits apply per IP address:
- 10,000 requests per minute for successful responses (2xx status codes)
- 60 requests per minute for client errors (4xx status codes)
- 60 requests per minute for server errors (5xx status codes)
⚠️ If you exceed these limits, your IP will be temporarily blocked and you'll receive a 429 status code.
Important Notes
- Email format validation is RFC 5322 compliant
- MX record lookups are performed via live DNS queries
- The
predictionfield provides a confidence score, not a guarantee of deliverability - Temporary/disposable email services are flagged as suspicious
- Both GET and POST methods are supported with identical response format
Use Cases
The Email Validation API is ideal for:
- 📝 Registration forms preventing invalid email signups
- 📧 Email marketing cleaning mailing lists before sending
- 🔐 Account security verifying email ownership
- 🛒 E-commerce validating customer email at checkout
- 📊 Data quality cleaning and enriching contact databases