Skip to main content

Overview

The Email Verification API validates email addresses and provides comprehensive risk analysis including:
  • Format validation and syntax checking
  • Domain and MX record verification
  • Disposable email detection
  • Spam trap and honeypot identification
  • Fraud risk scoring
  • Data breach detection
  • Associated accounts information
This endpoint requires an IPQualityScore API key. Set IPQUALITYSCORE_API_KEY in your environment variables.

Endpoint

POST /api/email/verify

Request

Headers

Content-Type: application/json

Body Parameters

email
string
required
Email address to verify. Must be a valid email format.Will be automatically trimmed and converted to lowercase.Example: "[email protected]"

Request Example

curl -X POST http://localhost:3000/api/email/verify \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]"
  }'

Response

success
boolean
Always true for successful verification requests
result
EmailVerificationResult
Comprehensive email verification data

Response Example

{
  "success": true,
  "result": {
    "valid": true,
    "disposable": false,
    "catchAll": false,
    "fraudScore": 12,
    "spamTrapScore": "none",
    "recentAbuse": false,
    "leaked": false,
    "frequentComplainer": false,
    "deliverability": "high",
    "dnsValid": true,
    "mxRecords": true,
    "smtpScore": 3,
    "sanitizedEmail": "[email protected]",
    "honeypot": false,
    "generic": false,
    "common": false,
    "domainAge": {
      "human": "15 years",
      "timestamp": 1234567890,
      "iso": "2009-02-13T23:31:30Z"
    },
    "firstSeen": {
      "human": "2 years ago",
      "timestamp": 1609459200,
      "iso": "2021-01-01T00:00:00Z"
    },
    "userActivity": "high",
    "overallScore": 88,
    "associatedNames": ["John Doe"],
    "associatedPhoneNumbers": [],
    "message": "Success",
    "requestId": "abc123xyz"
  }
}

Error Responses

400
Invalid email address
{
  "success": false,
  "error": "Invalid email address"
}
400
Invalid email format
{
  "success": false,
  "error": "Invalid email format"
}
500
Verification failed
{
  "success": false,
  "error": "Verification failed"
}

Configuration

Set this environment variable to enable email verification: 
# Required: IPQualityScore API key
IPQUALITYSCORE_API_KEY=your_ipqs_api_key
Get an IPQualityScore API key at https://www.ipqualityscore.com/

Source Code Reference

  • API Route: source/app/api/email/verify/route.ts:7
  • Email Verification: source/lib/email/verify.ts
  • Type Definitions: source/lib/email/types.ts

Risk Assessment Guide

Fraud Score Interpretation

Safe to accept
  • High deliverability
  • No abuse history
  • Established domain
  • Valid MX records

Best Practices

Rate Limits: IPQualityScore has API rate limits. Cache results and avoid redundant checks.

Recommendations

  1. Cache results: Store verification results to reduce API calls
  2. Gradual validation: Check format first, then DNS, then full verification
  3. User-friendly errors: Don’t expose technical details to end users
  4. Typo suggestions: Use suggestedDomain to help users fix mistakes
  5. Privacy compliance: Inform users about verification checks

Example Implementation

interface EmailRiskAssessment {
  email: string;
  isValid: boolean;
  riskLevel: 'low' | 'medium' | 'high' | 'critical';
  reasons: string[];
}

async function assessEmail(email: string): Promise<EmailRiskAssessment> {
  const response = await fetch('/api/email/verify', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ email })
  });

  const { result } = await response.json();
  
  // Determine risk level
  let riskLevel: 'low' | 'medium' | 'high' | 'critical';
  if (result.fraudScore < 25) riskLevel = 'low';
  else if (result.fraudScore < 50) riskLevel = 'medium';
  else if (result.fraudScore < 75) riskLevel = 'high';
  else riskLevel = 'critical';
  
  // Build list of risk factors
  const reasons: string[] = [];
  if (result.disposable) reasons.push('Disposable email provider');
  if (result.recentAbuse) reasons.push('Recent abuse reports');
  if (result.leaked) reasons.push('Found in data breaches');
  if (result.honeypot) reasons.push('Honeypot trap detected');
  if (result.spamTrapScore !== 'none') reasons.push('Potential spam trap');
  if (!result.mxRecords) reasons.push('No valid MX records');
  if (result.deliverability === 'undeliverable') reasons.push('Undeliverable');
  
  return {
    email: result.sanitizedEmail,
    isValid: result.valid && riskLevel !== 'critical',
    riskLevel,
    reasons
  };
}

// Usage
const assessment = await assessEmail('[email protected]');

if (assessment.riskLevel === 'critical') {
  console.error('Email rejected:', assessment.reasons);
} else if (assessment.riskLevel === 'high') {
  console.warn('Email flagged:', assessment.reasons);
} else {
  console.log('Email accepted');
}

Build docs developers (and LLMs) love

Get started for freeTalk to us