4 Email Validation and Verification Techniques for App Developers

Today, most businesses rely quite heavily on social media to keep in contact with existing and potential customers. However, from a marketing and customer service perspective, email is still king. The trouble is that email is an aging technology filled with a plethora of security issues. For proof of that, look no further than the companies still puzzling over how to stop spam from inundating their mailboxes. That means software developers still need to integrate email functionality—like user address collection and direct email communications—into customer-facing applications. As they do, they need to find ways to mitigate the array of security issues that come with doing so. That effort typically begins with email validation and verification.

Email validation and verification methods can help developers harden their applications against email abuse attacks. It can also help keep email databases collected via their apps free of bogus information. But there's more than one way to programmatically validate and verify emails these days. Choosing the right one for the job depends on the purpose of the functionality and how accurate you need it to be. To help developers with this critical task, here are five ways to incorporate email validation and verification into your apps in order of their overall accuracy and utility.

1. Simple Regex Validations

The easiest—and least restrictive—type of email validation uses regex to check the format of data entered into an email input field. In short, this means making sure that any data entered into your app's fields at least matches the accepted format of an email address. This is typically done within an application's front end and can achieve the following aims:

• Helping users spot typos when entering their addresses.
• Restricting registrations to specific TLDs.
• To guard against certain kinds of data-entry attacks.

These days, it's hard to find any app that allows email address inputs that don't have some sort of validation functionality. Most rely on simple regex-based checks with varying levels of specificity. Using regex, you can check for everything from the presence of an @ symbol in the proper position to the use of a legitimate TLD in the given address.

2. Prebuilt JavaScript Email Validation Libraries

Another way to include email validation into an app is to use one of many prebuilt JavaScript libraries built for the task. This is a bolt-on approach that should work with almost any kind of application imaginable. It also requires about the same amount of actual coding work as the regex approach mentioned above. And depending on the library used, this approach can also add a variety of other on-demand data validation functionality to an app.

For email-only validation, the email validator is the current go-to JavaScript library. It's simple, fast, and does exactly what its name says it does. For more flexible data validation that can handle email addresses and a variety of other data validation and sanitization tasks, there are validator.js. Then, there's yup, for those in search of a library that can handle building schemas, data parsing, and validation tasks. It's the most robust and flexible library of the bunch.

3. Server Ping Address Validation

Although the validation methods above can make sure data inputs are in the proper email address format, they don't check to see if the entered address is real. For that, an address verification method is necessary. This will let an app know if the entered address exists on the mail server associated with its domain. This is useful for developers looking for ways to keep mailing lists filled with valid addresses.

Fortunately, email servers haven't changed much since the invention of their underlying protocol, SMTP. This means it's trivial to build simple email verification into an app. All it takes is initiating a telnet connection to the subject domain's mail server on port 25. When the server answers, all you need to do then is to send a string of data to verify the address.

First, begin the SMTP conversation by sending the text string EHLO. Then, send the MAIL FROM: command followed by a valid email address in the following format:<test@yourdomain.com>. After the mail server responds, you can verify the address in question by sending the RCPT TO: command, followed by the email address in question, like so:<checkme@theirdomain.com>. If the server responds with an OK, the address exists. Otherwise, it will respond with a 550 error to indicate that the address either doesn't exist or isn't accepting emails.

This method is useful for low-volume email validation. It's also a great way, for example, to check user-supplied email addresses before passing them to a customer service platform or a social media moderation tool. This would cut down on wasted time when an employee attempted to use the address to contact a customer, only to receive a bounce-back up to a day later, letting them know that their message wasn't delivered.

4. API-Based Email Verification

Although the method above is reliable, it can impose a significant performance penalty on an app that needs to verify a high volume of addresses. For example, if the app collects user email addresses to populate a mailing list, which then needs en-masse address verification before use, telnet-based verification isn't practical.

In those kinds of situations, it's better to rely on a third-party email verification system accessed via API. There are a variety of vendors that offer this since email validation is a mission-critical task for today's businesses. The trick is to locate a vendor whose API access prices won't make the app too expensive to deploy. Popular choices include vendors like Clearout, myEmailVerifier, and QuickEmailVerification.

The good news is that API-based verification services are typically aimed at users with high-volume email checking needs. So, they shouldn't represent too much of a cost barrier for a business that requires one. However, as a developer, it's typically a good idea to leave the vendor choice up to the business commissioning the app—since they may need to use the API elsewhere and have other requirements beyond those of the app itself.

The Takeaway

The bottom line is that email, as a communication tool, isn't going away anytime soon. So, developers will continue to need ways to validate and verify emails for the foreseeable future. The techniques detailed above should fit the vast majority of verification and validation needs. Ranging from simple format checks to more complex 3rd-party API integrations, there's a solution for every application. Hopefully, this will save some developers time when they next encounter a situation that requires such functionality.