CheckEmail.dev - Email Validation API

Overview

CheckEmail.dev is an email validation API service that helps developers verify email addresses before they enter their systems. The service performs comprehensive checks including syntax validation, DNS/MX record verification, disposable email detection, alias identification, and role-based address classification.

The API is designed to help businesses prevent fake signups, reduce trial abuse, and maintain clean user databases by catching invalid or problematic email addresses early in the registration process.

Key Features

• Syntax Validation: Verifies that email addresses follow proper RFC format standards.
• Domain Verification: Checks if the email domain exists and has valid DNS records.
• MX Record Validation: Confirms that the domain has mail exchange servers configured.
• Disposable Email Detection: Identifies emails from temporary or burner email services (72,000+ domains tracked).
• Alias Detection: Recognizes email aliases (e.g., user+tag@gmail.com) and can resolve them to canonical addresses.
• Role-Based Classification: Flags generic addresses like admin@, support@, or info@ which are often not personal accounts.
• Provider Identification: Identifies the email service provider (Gmail, Microsoft 365, Google Workspace, etc.).

API Response Structure

The API returns a structured JSON response with the following components:

• validations: Object containing boolean results for syntax, domain_exists, mx_records, and is_disposable checks.
• confidence: Object containing confidence_score (0-100), status (LIKELY, DISPOSABLE, INVALID_*, etc.), is_role_based, alias_status, and canonical_email.
• provider: Object with provider name information (e.g., "Gmail", "Microsoft 365").
• meta: Object containing latency_ms, source, and request_id.

Best Practices for Preventing Fake Signups

1. Use Multiple Validation Signals

Don't rely solely on a single metric like the confidence score. Instead, evaluate the complete API response holistically. Check multiple factors:

• Verify that validations.domain_exists is true
• Ensure validations.mx_records is true
• Check that validations.is_disposable is false
• Review the confidence.status field (LIKELY indicates high confidence)
• Consider confidence.is_role_based - role-based emails may indicate business accounts rather than personal signups

2. Block Disposable Emails

Always reject emails where confidence.status === 'DISPOSABLE' or validations.is_disposable === true. These temporary email services are commonly used for fake signups and trial abuse.

3. Handle Alias Detection for Trial Abuse Prevention

When confidence.alias_status === 'ALIAS_CONFIRMED', the API provides a confidence.canonical_email field. Use this to prevent users from creating multiple accounts using the same base email address with different aliases (e.g., user+1@gmail.com, user+2@gmail.com). Store and check against the canonical email address in your database.

4. Consider Role-Based Addresses

Emails where confidence.is_role_based === true (like admin@, support@, info@) are often generic business addresses. Depending on your use case, you may want to allow these for business accounts but require additional verification for personal accounts.

5. Implement Multi-Factor Validation

Combine CheckEmail.dev validation with other signals:

• Require email verification (send a confirmation email)
• Monitor for suspicious patterns (multiple signups from same IP, rapid registrations)
• Use CAPTCHA or bot detection for high-risk scenarios
• Implement rate limiting on registration endpoints

Understanding Confidence Scores

The confidence score (0-100) is calculated based on multiple validation factors. However, it should be used as one signal among many, not as the sole decision-making factor. A high confidence score (80+) combined with all validation checks passing and a LIKELY status provides strong evidence of a valid email. Lower scores or specific validation failures should trigger additional scrutiny or rejection.

Important: Always evaluate the complete API response structure rather than making decisions based solely on the confidence score. The combination of validation results, status indicators, and classification data provides a more reliable assessment than any single metric.

Example Integration Patterns

Pattern 1: Strict Validation for Free Trials

if (response.validations.is_disposable) {
    reject("Disposable emails not allowed");
}
if (response.confidence.status !== 'LIKELY') {
    reject("Email validation failed");
}
if (response.confidence.alias_status === 'ALIAS_CONFIRMED') {
    // Check if canonical_email already exists in database
    if (userExists(response.confidence.canonical_email)) {
        reject("Account already exists");
    }
}
// Proceed with registration

Pattern 2: Moderate Validation for General Signups

if (response.validations.is_disposable || 
    !response.validations.domain_exists ||
    !response.validations.mx_records) {
    reject("Invalid email address");
}
// Allow registration but flag for manual review if:
// - confidence.confidence_score < 70
// - confidence.is_role_based === true

Status Values

• LIKELY: Email has passed all critical checks and is likely deliverable.
• DISPOSABLE: Email is from a known temporary/burner email provider.
• INVALID_FORMAT: Email syntax is incorrect.
• INVALID_DOMAIN: The domain does not exist.
• NO_MX_RECORDS: Domain has no mail exchange servers configured.
• ERROR: Validation service encountered an error.

Rate Limits and Usage

CheckEmail.dev offers free dashboard validation (subject to fair usage limits) and credit-based API access. Rate limits vary by plan, with free plans having lower limits and paid plans offering higher throughput (20-50 requests per second depending on plan).

Privacy Considerations

By default, CheckEmail.dev stores validation logs for analytics and history. However, users can enable "Zero Retention" mode in their account settings, which processes validations in-memory and immediately discards email addresses without storing them in logs.

Use Cases

• User Registration: Validate emails during signup to prevent fake accounts.
• Trial Abuse Prevention: Detect and block users attempting to create multiple trial accounts using email aliases.
• Lead Qualification: Filter out disposable emails from lead generation forms.
• Database Cleaning: Validate existing email lists to identify invalid or problematic addresses.
• Fraud Prevention: Combine email validation with other signals to detect suspicious registration patterns.

API Endpoint

Base URL: https://api.checkemail.dev
Single Validation: GET /validate?email={email}
Authentication: API key passed via x-api-key header