Email Verification API
All APIs
Email Verification API
POSTv1
Authentication
All API requests require an API key to be included in the x-authkey header.
How to get your API Key
- Visit your API Keys page in the dashboard.
- Locate the active subscription for the API product you wish to use.
- Copy the key from the API Key field.
Note: You must have an active subscription to use an API key.
// Example Header
x-authkey: YOUR_API_KEY
Endpoint
POST /email-verificationParameters
| Name | Type | Required |
|---|---|---|
| STRING | Required |
Code Examples
Sample Response
{
"data": {
"tld": "com",
"email": "[email protected]",
"score": 3,
"domain": "test.com",
"username": "develop",
"risky_tld": false,
"disposable": false,
"elapsed_ms": 0,
"free_email": false,
"did_you_mean": "",
"is_spoofable": false,
"role_address": false,
"should_block": false,
"valid_format": true,
"has_a_records": false,
"dmarc_enforced": false,
"domain_popular": false,
"has_mx_records": false,
"domain_age_days": null,
"has_spf_records": false,
"has_txt_records": true,
"dmarc_configured": true,
"suspicious_email": false,
"government_domain": false,
"local_part_length": 7,
"suspicious_domain": false,
"dirty_words_domain": true,
"educational_domain": false,
"suspicious_username": false,
"dirty_words_username": false
},
"status": "success"
}General API Response Keys
Use this table to understand the specific data fields returned in the API response object.
These fields help you classify the user identity and technical validity of the email.
| Key Name | Type | Description |
|---|---|---|
| String | The complete email address you submitted for verification. | |
| username | String | The part of the email before the `@` symbol. |
| domain | String | The part of the email after the `@` symbol. |
| tld | String | The Top-Level Domain extension (e.g., `com`, `org`, `io`). |
| valid_format | Boolean | Returns `true` if the email syntax is correct (has an `@`, no illegal chars). |
| disposable | Boolean | Returns `true` if the domain or its infrastructure (MX/NS) belongs to a burner service. |
| should_block | Boolean | Returns `true` if the score is 4 or higher. Use this for a simple Yes/No blocking decision. |
| free_email | Boolean | Returns `true` if the address is from a public provider (Gmail, Yahoo, Outlook, etc.). |
| role_address | Boolean | Returns `true` if it’s a generic team email (e.g., `admin@`, `support@`) instead of a person. |
| has_mx_records | Boolean | Returns `true` if the domain has a Mail Server. If `false`, the email will bounce. |
| has_a_records | Boolean | Returns `true` if the domain hosts a website (points to an IP address). |
| risky_tld | Boolean | Returns `true` if the extension is high-risk/spammy (e.g., `.tk`, `.ml`, `.ga`). |
| is_spoofable | Boolean | Returns `true` if the domain lacks security (SPF/DMARC), making it easy to fake. |
| suspicious_email | Boolean | Returns `true` if the email looks like a bot OR if the SMTP server explicitly rejected the user. |
| suspicious_username | Boolean | Returns `true` if the username looks machine-generated (e.g., `a1b2c3d4`). |
| did_you_mean | String | Returns a suggestion if a typo is found (e.g., `gmil.com` -> `gmail.com`). Empty otherwise. |
| dirty_words_domain | Boolean | Returns `true` if the domain contains words like 'test', 'fake', 'spam', or 'bot'. |
| dirty_words_username | Boolean | Returns `true` if the username contains words like 'admin', 'test', or offensive terms. |
| government_domain | Boolean | Returns `true` if the domain ends in `.gov` or `.mil`. |
| educational_domain | Boolean | Returns `true` if the domain ends in `.edu` or `.ac.uk`. |
| elapsed_ms | Integer | The time it took to process the request (in milliseconds). |
Score Interpretation (The Verdict)
The API returns a `score`. The `should_block` flag is automatically set to `true` if the score is 4 or higher.
Scores can exceed 10 if multiple risk factors are detected simultaneously.
| Score Range | Risk Level | Meaning | Recommended Action |
|---|---|---|---|
| 0 - 1 | ✅ Safe | Real user, valid domain, good reputation. | Allow Signup |
| 2 - 3 | ⚠️ Caution | Valid, but low quality (e.g., generic `admin@` or risky TLD). | Allow, but verify email (OTP) |
| 4 - 9 | ⛔ High Risk | Likely invalid, non-existent, or bad reputation. | Block / Manual Review |
| 10+ | ❌ Critical | Confirmed Disposable Email or malicious pattern. | Block Immediately |
Score Calculation Logic
This table details how the risk score is calculated. We start at 0 and add penalty points for every risk factor detected.
Note: A score of 4 or higher triggers the blocking recommendation.
| Risk Factor | Points Added | Reasoning |
|---|---|---|
| Disposable Domain | +10 | Domain/MX/NS matches a burner service. Guaranteed block. |
| User Unknown (SMTP) | +5 | The mail server explicitly rejected the username (Hard Bounce). The user does not exist. |
| Suspicious Pattern | +3 | The email looks like it was generated by a script or bot. |
| Invalid Format | +2 | The email syntax is wrong. It cannot be used. |
| No MX Records | +2 | The domain cannot receive mail. The email is effectively dead. |
| Risky TLD | +2 | Domains like `.tk` or `.cn` have higher rates of fraud/spam. |
| Young Domain | +2 | The domain was registered <30 days ago (often used for quick scams). |
| Role Account (Block) | +2 | Addresses like `abuse@` or `spam@` are never real users. |
| Role Account (Warn) | +1 | Addresses like `info@` or `sales@` are valid but have low engagement. |
| Dirty Word Found | +1 | Contains 'test', 'fake', or profanity. Likely junk data. |
| Suspicious Username | +1 | Username is random numbers or too short. |
| No Security (SPF) | +1 | Domain is easy to spoof; suggests poor maintenance. |