I've talked about email address validation for a long time now. Specifically, the pitfalls-- why it doesn't really do what you think it does; why it gets you blocked as a spammer by ISPs. Since 2007 (actually, longer), I've been warning people that the most common email validation methodology involves noisy SMTP transactions that land you on an ISP's "bad guy" radar. It started with SMTP VRFY, which just about every ISP now disables outright. To get around that, validation services (and spammers) moved to "faking it" via a series of SMTP commands. They walk through a sequence of MAIL FROM and RCPT TO commands (identifying who you might be trying to send a message to) without issuing a corresponding DATA command (meaning you never actually transmit a message to send). If the RCPT TO command fails, then it's a bad address. The recipient, the person you're trying to validate, never receives the message and never is the wiser. All good, right?
Wrong. When you do this, ISPs notice. You're a blazing red alarm that you might be a spammer, potentially up to no good. ISPs have long ago decided that this is spammer behavior, and they'll block you. I know from experience that Hotmail, in particular, considers this akin to a dictionary attack -- which may or may not be an accurate term for it, but that is what Hotmail has decided, so it's something you've got to deal with.
But let's set aside the technical and policy limitations that prevent this from being a success. Let's pretend everybody allowed this. When you perform this address validation, when it doesn't get blocked, what are you actually validating?
- A verification service isn't going to know if an address is a spamtrap. It'll say that a spamtrap is a valid address, in that it accepts mail.
- A verification service isn't going to know if the recipient is the right recipient. It's not like a double opt-in (aka confirmed opt-in) process. It does no verification of consent.
- And some verification services provide false positive responses (as Laura Atkins was able to demonstrate)
Where's the value here? I'm not seeing it.