Having spent the best part of a day looking at and testing various email verification APIs, I came across QuickEmailVerification which offers 100 free verifications/day via their API. Signup is quick and free with no card details needed.
Very easy to set up with a standard URLConnection control and a few lines of code…
In the URLConnection-ContentReceived event
'Result is returned as a JSON encoded string
Var result As String = content.DefineEncoding(Encodings.UTF8)
'Header includes remaining credits in this entry
Var remainingCredits as Integer = me.ResponseHeader("X-QEV-Remaining-Credits").ToInteger
var j as new JSONItem(result)
if j.Lookup("result","oops") = "valid" Then
'All good - take appropriate action
'NOTE: possible evil domains such as ggmail.com will return a 'valid' response
ElseIf j.Lookup("result","oops") = "unknown" Then
'Address unknown
ElseIf j.Lookup("result","oops") = "invalid" Then
'Address invalid
End
In the FocusLost event of the email address control
'Event FocusLost
'QUICKEMAILVERIFICATION.COM 100 FREE/DAY
var your api as String
var QuickValAPI as String = your_api
var QuickValURL as String = "https://api.quickemailverification.com/v1/verify?email="
Var textParams As String = QuickValURL + me.Text + "&apikey=" + QuickValAPI
QuickValSocket.Send("GET", textParams)
I’ve only set this up for basic validation here, but the full response received is very comprehensive.
The best way to do this is to use RegEx to verify the format of the input, then send a verification email. Have email_verified and email_verification_code columns in your database. On signup, send a verification link via email where one of the URL parameters is something like this:
https://mydomain.com/verifyEmail?code=823174u
When they click the link, they’re taken to your web application and, in the HandleURL event, you look for a user with that code who is unverified and update their row in the database.
Typically, you’ll want to provide a mechanism of re-sending. Sometimes this is on the same page with a timer that prevents re-sending more than once per minute, but you should also provide a method to retry if they attempt to login and are not verified.
This keeps it entirely in-house so that you’re not exposing your users’ email addresses to potential spammers (and maybe violating laws?) and gives you a process that you know results in working email addresses. I know that I typically use email addresses for services that include something specific to that service just so I can track (and potentially block after reporting for spam) who’s selling my email address. Something like xojoforum.anthony@domain.com.
TLDR; Like Greg, I recommend that you not use these services, especially if they’re free.
I understand your concerns, but this APPEARS to be a reputable company and claims to be used by blue chip companies in the US and elsewhere. Their ‘paid for’ options for higher volumes seem higher than some others I investigated - not sure what this suggests.
My reason for using this service is to avoid sending emails to invalid addresses and therefore damaging my email reputation, so this rules out Anthony’s solution.
Unfortunately, you can no longer trust any company to do this. This is also one of the reasons why we are tightening data protection regulations in Europe. And the potential for data misuse has only increased with LLMs.
So if you can do without data processing by third parties, you should do so.
A bounce back email isn’t going to negatively impact your reputation. If they didn’t sign up for the service, they delete the email, it never gets verified in your system, and you’re good to go. If they do report your verification email as spam, it takes very many more than one such report to lower the reputation of a sender to the point where you will be blacklisted.
There are other factors you can use to ensure that your system is not being abused, such as implementing rate limiting by IP address. You could even setup alerts in your own system if the number of new users exceeds an expected number per 10/15/60 minutes so that you can disable the verification system until it comes back down to a sane number.
I’m not fussed about users reporting these emails as spam - my issue is with not trapping invalid email addresses entered on the form.
You say there have to be many bounces/spam reports to affect my email reputation, but we have suffered in the past where M/Soft and Yahoo have bounced all emails from our domain for a period of several hours due to just a few reports of this nature.
I’m happy with this solution and hope it may help others who have similar requirements.
