1

I'm thinking of making a email validation api that can check if an email address is temporary disposable email, tld domain, from a free email provider, mx detals, delivery availability etc.

Is this even a good API idea?

Comments
  • 1
    Sure! (If its not already out there) but how will you get the data?
  • 2
    No because it will be misused.
  • 3
    Good luck maintaining that.
  • 0
    @electrineer explain some cases.
  • 1
    There aren't any reliable ways to do this.

    The best shot you have at this is to maintain a list of disposable email domains that you'd consider disposable emails. That's the first level of validation.

    The second step would be to send a verification code to that email and validate the code with a rate limiter.
  • 1
    Email validation is like trying to calculate PI.

    You will not be successful, you only get a part right.

    If I understand you right, you try to build sth like that:

    https://sendgrid.com/solutions/...

    I'm gonna be honest.... If you manage to build it without loosing money and sanity, mad respect.

    You walk on a very fine line, as "validation" by e.g. DNS querying, asking MX server about capabilities etc. can always be seen as an intrusion.

    Landing on a block list? You need to pay money. Otherwise ... You might be blocked for ever.

    I'm not saying it's impossible.

    Just... A lot of work, frustrating, possibly anger management needed.

    Email is after all the most broken protocol in existence.

    As an example I always bring up when people try to pass an "regex for email validation i found on shit overflow / ..." in a PR:

    müller@xy.com might be valid - if the server implements the necessary RFCs.

    Yep. Umlauts are possible.

    Same for overly long or extreme short names, TLDs are nowadays impossible to validate, too.

    It's crazy.

    That's just the fun part of how broken Email is.

    As most of the "MX protection" stuff like DKIM is based on DNS, but not as name resolution but rather name resolution with configuration store database via TXT, you get another nice chunk of broken fuckery added to the list.

    DNS can be so much unhappy.

    Especially when dealing with large providers, where a txt record can span > 4 kb ... It can become a challenge to make sure your client doesn't fuck up.

    Not saying it's impossible, not saying it's not easy... Just trying to illustrate the myriad of pandora boxes one is dealing with.
Add Comment