Skip to main content
POST
Email Validity

Authentication

Requires an API key in the Authorization header.

Request

email
string
required
The email address to validate. The legacy key e is still accepted.

Example request

Response

Returns the four-status deliverability model plus metadata that explains and enriches the verdict (metadata never changes the public status, except a corroborated catch-all being promoted to valid).
email
string
The email address that was checked (normalized to lowercase).
status
string
The public verdict one of valid, invalid, catch-all, or risky.
reason
string
Machine-readable explanation, e.g. deliverable, syntax, disposable, null_mx, no_mail_route, hard_reject, mailbox_full, unverifiable, greylist_unresolved, ip_blocked, unreachable, catch_all, or catchall_corroborated.
confidence
string
Provider-calibrated confidence in the verdict high, medium, or low (e.g. a bare 250 from Yahoo/O365 is reported as lower confidence).
role
boolean
true when the local part is a role/shared mailbox (e.g. support@, info@). Role accounts still deliver this is a flag only.
did_you_mean
string
A suggested correction when a likely typo is detected (e.g. gmial.com).
domain
string
The domain part of the address.
provider
string
Mailbox provider classification google, microsoft, yahoo, or other.
mx
string[]
The domain’s resolved mail servers (MX hosts) in preference order.
domain_trust
object
The domain’s outbound-security posture (non-voting metadata): grade (A–F), spf, dmarc, dmarc_policy, mta_sts, and tls_rpt, plus the raw DNS records behind them (spf_record, dmarc_record, tls_rpt_record, mta_sts_record) when present.
person_signal
object
OSINT corroboration: count of independent hits and the sources that hit (hibp, gravatar, github, gitlab, pgp). A positive signal on a catch-all domain promotes the status to valid.
smtp
object
Technical probe detail when available: mx_host, code, message, catch_all, and greylisted.
validity
string
deprecated
Legacy mirror of status, retained for backward compatibility.

Example response

The in-app equivalent is POST /api/email/validity (session-authenticated). Both charge like a standard lookup. The MCP validate_email tool returns the same shape and is free.