Email verification: how it works, why it's non-negotiable
Email verification is the technical check that confirms an address can receive mail before you send anything to it. It works by querying the receiving mail server directly — no email is actually sent — and it is non-negotiable because unverified lists bounce, and a rising bounce rate is one of the fastest ways to get every future email you send routed to spam.
What does a verifier actually check?
Four layers, in rising order of depth:
- Syntax. Is the address structurally valid — no stray spaces, a real top-level domain, an @ in the right place. Trivial, but it catches typos.
- Domain and MX records. Does the domain exist, and does it publish mail-exchange records — in other words, is anyone accepting mail there at all. When a company folds or rebrands its domain, this is where the record fails.
- Mailbox check. The verifier opens a conversation with the receiving server and asks, in effect, "would you accept mail for this exact address?" — then hangs up before sending anything. The server's answer classifies the address as valid, invalid or unknown.
- Risk flags. Catch-all domains, role addresses (info@, accounts@), disposable providers, suspected spam traps.
Verification is the final gate in the database build — the last step before anything is loaded into a sending tool. I cover the full sequence in The B2B Database Building Guide: from ICP to verified list.
How does the mailbox check work, step by step?
The mechanism is a partial SMTP handshake. When the verifier connects to the target mail server, it introduces itself and names a recipient, exactly as a real sending server would. When the server responds that the mailbox exists, the address is marked valid. When the server rejects the recipient, it is marked invalid. When the server accepts everything regardless of the address — a catch-all configuration — the verifier cannot tell a real mailbox from a fake one, so the address is marked accept-all. When the server refuses to answer at all (some block verification traffic), the result is unknown. The verifier then disconnects without sending a message, so the recipient never sees a thing.
Why do bounces matter so much?
Because mailbox providers read your bounce rate as a proxy for list quality, and by extension for whether you are a legitimate sender. When a meaningful share of your sends hard-bounce, the pattern-matching is unforgiving: senders who email addresses that do not exist look exactly like senders who scraped or bought a bad list. Providers do not publish exact thresholds, but a hard-bounce rate creeping much above 2% is commonly treated as the danger line. Beyond it, placement degrades for everything you send — including the emails to perfectly valid addresses.
This is why verification is cheap insurance. At a fraction of a penny per check, verifying a 2,000-contact list costs less than a round of coffees, against the downside of torching a warmed sending domain that took weeks to build.
What do you do with catch-all addresses?
You make a policy decision. Catch-all domains accept mail for any address, so verification returns accept-all rather than valid. The options: exclude them entirely (safe, but you can lose 20–30% of some lists — plenty of UK SMEs run catch-all servers); send to them from a separate mailbox so any bounce damage is contained; or use a verifier that scores catch-alls on secondary evidence. We generally send to catch-alls in controlled volume and watch the bounce numbers daily. Where the data came from matters here too — sources vary widely in how much catch-all sludge they carry, something I unpack in Where UK B2B data actually comes from.
How do you make verification a habit rather than a task?
Treat it as a rule, not a decision. The rule in our system: no address gets loaded into a campaign without a verification pass in the last 30 days. Anything older gets re-verified before use, because data decays whether or not you touch it — an enriched record is a snapshot, as I explain in What is B2B data enrichment?. Pre-deciding this once removes the temptation to skip the step when a campaign is running late. It is the same logic I apply to my own workflow in The Personal Operating System: when a check matters and repeats, encode it as a standing rule and stop relitigating it.
Verification will never make a campaign succeed on its own. It quietly prevents the one failure mode that makes everything else irrelevant — which is as close to non-negotiable as anything in outbound gets.
Next step: the Growth System Audit — £450, seven days, credited against any build — maps where your growth system leaks and what to build first.
Total Format builds the systems UK B2B service firms grow on — AI-powered outbound, automation, and reporting — so growth stops depending on the founder's time.
Map your growth system. The £450 audit takes seven days and is credited against any build.
BOOK THE AUDIT