What is SMTP Verification?

Definition

SMTP verification, sometimes called an SMTP handshake check, is the process of confirming that an email address is deliverable by querying the recipient's mail server over the Simple Mail Transfer Protocol. SMTP is the protocol that mail servers use to hand messages to one another across the internet. Rather than sending an actual email and waiting to see whether it bounces, an SMTP verification tool begins the conversation a sending server would normally have, asks the receiving server whether it would accept mail for a specific address, reads the answer, and then politely ends the conversation without delivering anything.

This makes SMTP verification the most direct and accurate form of email validation available. A syntax check only confirms an address is shaped correctly, such as having one @ symbol and a valid domain. A DNS and MX lookup only confirms that the domain is configured to receive mail at all. SMTP verification goes one step deeper and consults the live, authoritative server that is responsible for the mailbox in question. Because it asks the source of truth directly, it can catch addresses that look perfectly valid on paper but no longer exist, such as an employee inbox that was closed after the person left a company.

How It Works

An SMTP verification check follows the opening moves of a normal mail delivery, then stops before the message is transferred. The sequence runs roughly as follows.

First, the verifier performs a DNS lookup to find the MX records for the email's domain. MX records list the mail servers responsible for receiving mail on behalf of that domain. The verifier picks the highest priority server and opens a TCP connection to it, usually on port 25.

Once connected, the verifier introduces itself with an EHLO or HELO command, which is the SMTP equivalent of a greeting. It then issues a MAIL FROM command to declare a return address for the hypothetical message. The decisive step comes next: the verifier sends a RCPT TO command containing the exact email address being tested. RCPT TO, short for recipient to, asks the server whether it is willing to accept mail for that recipient.

The server's reply is what the verifier is listening for. A response in the 250 range generally means the mailbox exists and would accept mail. A 550 response means the recipient was rejected, which usually indicates the mailbox does not exist. Temporary 4xx responses, such as greylisting or rate limiting, mean the server is deferring the answer. After reading the response, the verifier sends a QUIT command and closes the connection. No DATA command is ever sent, so no message body is transmitted and nothing lands in the recipient's inbox.

SMTP verification does have honest limits. Some servers are configured to accept every address regardless of whether the mailbox exists, a setup known as a catch-all or accept-all domain. On those domains a 250 response cannot confirm a specific mailbox. Other servers, particularly large enterprise systems, detect the pattern of a verification probe and either block the connection or return a uniform answer for every address. A trustworthy verifier reports these situations transparently rather than presenting a guess as a fact.

Why It Matters for Email Deliverability

Mailbox providers such as Gmail, Outlook, and Yahoo watch how senders behave, and few signals damage a sending reputation faster than a steady stream of messages to addresses that do not exist. When mail is delivered to a dead mailbox, the receiving server returns a hard bounce. A high hard bounce rate tells providers that the sender is working from a stale or poorly sourced list, which is a classic marker of spam operations. As reputation falls, more of the sender's legitimate mail is filtered to spam or rejected outright.

The thresholds are strict. Many deliverability teams treat a total bounce rate above two percent as a warning sign, and as of late 2025 Gmail can begin issuing permanent rejections against senders whose bounce rate climbs past that mark. SMTP verification is the most reliable way to find and remove invalid addresses before a campaign is sent, which is exactly what keeps bounce rates low. It also helps surface spam traps and abandoned addresses that quietly erode engagement metrics. By verifying a list before sending, a sender protects the inbox placement of every message that follows.

How VeriMails Handles It

A live SMTP handshake sits at the core of every VeriMails verification. When you submit an address through the REST API or as part of a bulk CSV upload, VeriMails resolves the domain, locates its MX records, opens an SMTP connection, and performs the RCPT TO exchange described above to determine whether the mailbox is real. That SMTP step is combined with syntax validation, MX and DNS checks, catch-all detection, disposable address detection, and role-based address detection, so a single result reflects every angle of an address rather than just one.

VeriMails performs catch-all detection rather than guessing on accept-all domains, so when a server accepts every recipient you are told the address sits on a catch-all domain instead of receiving a false confirmation. Results are returned as clear deliverability categories for campaign decisions. Verification starts at $0.0019 per email, with 10,000 credits for $19 and subscriptions from $15 per month. Every new account receives 100 free credits with no credit card required, and those credits never expire, so you can test SMTP verification against your own list before committing to a plan.

Frequently Asked Questions