PHP | Developer libraries | Email Verification API | WhoisXML API

Email Verification client library in PHP language Email Verification client library in PHP language

How to Verify an Email Address in PHP

In this article, I’m going to walk you through the very best possible way to verify email addresses and improve user registration procedure for your PHP website.

Email verification is incredibly important. Ensuring the users who sign up for your website have a valid email address is essential for a number of reasons:

  • You can catch typos when users are entering their email address and prompt them to fix them before allowing registration.
  • It lets you stay in touch with your users: you can email them when their credit card expires, when you send them receipts, when you have new features available, etc.
  • It ensures your users can reset their password securely if they ever forget it: without an email address there’s no way to validate someone’s identity apart from manual, human verification.
  • It prevents users from signing up for your website with disposable email addresses, like those from Mailinator. Users who sign up for these services are usually trying to bypass giving you their real email for a specific reason: maybe they want to abuse your freemium features, etc. By ensuring you only allow users with real personal or business email addresses to register, you reduce the risk for abuse of your website.

Where email verification gets complex, however, is deciding how to verify email addresses for YOUR website. Each website has different requirements and depending on what your website does, you may only want to verify a user’s email address in one or two specific ways.

To help solve this problem, we recently released the email-verifier Packagist library.

This PHP library allows you to easily verify email addresses in a number of different ways and provides flexible verification (as you’ll see in a moment).

So, without further ado, let’s take a look at how it works!

Create an Email Verification Account

The first thing you need to do in order to verify email addresses using the email-verifier library is create a free account for the Email Verification API service here: https://emailverification.whoisxmlapi.com/signup

Once you’ve created your free account, you’ll be able to use the API service to verify 1,000 email addresses for free. If you’d like to do more, you can always pay a very small amount.

Install the Package

Now that your account is setup, the next thing you need to do is install the PHP package. From the command line, run the following command:

            
$ composer require whois-api/email-verifier
            
            

This will download and install the latest release of the email-verifier package from Packagist.

Verify an Email Address

Now that you have both an account and the package installed, let’s take a look at some code you can run to verify an email address immediately.

Here’s a small script, verify.php, which will verify an email address by using all possible verification methods:

            
<?php

require_once  __DIR__ . '/vendor/autoload.php';
use WhoisApi\EmailVerifier\Builders\ClientBuilder;
$builder = new ClientBuilder();
$client = $builder->build('Your API key');
try {
    /* Without refreshing */
    echo print_r($client->get('support@whoisxmlapi.com', ['_hardRefresh']), true);
    echo PHP_EOL;
} catch (\Throwable $exception) {
    echo "Error: {$exception->getCode()} {$exception->getMessage()}" . PHP_EOL;
}
            
            

As you can see, there are really only three steps to using the library:

  • Import composer’s autoload file and a client builder from the library.
  • Create a ApiClient object by giving it your API key that you created when you signed up for the API service.
  • Run the GET method, passing in the email address you want to verify, and an array with option which should be disabled. All available options are enabled by default. There is the list of available options: validateDNS, validateSMTP, checkCatchAll, checkFree, checkDisposable, _hardRefresh. Description of these options can be found on our documentation page.

The data printed in the example will look something like this:

            
WhoisApi\EmailVerifier\Models\Response Object
(
    [emailAddress] => support@whoisxmlapi.com
    [formatCheck] => 1
    [smtpCheck] => 1
    [dnsCheck] => 1
    [freeCheck] =>
    [disposableCheck] =>
    [catchAllCheck] => 1
    [mxRecords] => Array
        (
            [0] => ALT1.ASPMX.L.GOOGLE.com
            [1] => ALT2.ASPMX.L.GOOGLE.com
            [2] => ASPMX.L.GOOGLE.com
            [3] => ASPMX2.GOOGLEMAIL.com
            [4] => ASPMX3.GOOGLEMAIL.com
        )
    [audit] =>
    [auditModel:protected] => WhoisApi\EmailVerifier\Models\Audit Object
        (
            [auditCreatedDate] => Carbon\Carbon Object
                (
                    [date] => 2018-09-21 15:52:51.000000
                    [timezone_type] => 3
                    [timezone] => UTC
                )
            [auditUpdatedDate] => Carbon\Carbon Object
                (
                    [date] => 2018-09-21 15:52:51.000000
                    [timezone_type] => 3
                    [timezone] => UTC
                )
        )
)
            
            

disposableCheck and freeCheck have an invisible value false (it is a boolean type).

Each returned object value corresponds to a different type of verification:

  • The catchAllCheck checks whether or not this email address is a “catch-all” address. This refers to a special type of address that can receive email for any number of other addresses. This is common in businesses where if you send an email to test@hi.com and another email to test2@hi.com, with both of those emails going into the same inbox.
  • The disposableCheck checks whether or not the email address is disposable (created via a service like Mailinator). This helps you check for abuse. This value will be false if the email is not disposable, and true otherwise.
  • The dnsCheck checks if the domain in the email address, eg: gmail.com, is a valid domain. This value will be OK if the domain is good.
  • The freeCheck option will check if the email address is from a free email provider like Gmail or not. This value will be 'false' if the email address is not free, and true otherwise.
  • The formatCheck check lets you know if there are any syntax errors in the email address. This is a basic check performed to catch any simple typos or major errors. This value will be false if there are no errors, and true otherwise.
    Behind the scenes, the API service is handling all these types of verification checks for you in a number of interesting ways. I’ll cover this in an article to come.

Customizing Email Verification

As I mentioned before, the code sample above showed you how to validate an email address with all possible methods of verification – but this may not always be what you want to do.

Email verification can be slow. Each type of verification takes a small amount of time (fractions of a second), but when all of the checks are performed, that time can add up.

If your website only needs to verify an email address to ensure it can receive email, for instance, you can set the email-verifier package to only perform that check. The email-verifier library is incredibly flexible: you can enable or disable any types of checking you want.

Here’s how it works:

            
$client->get('support@whoisxmlapi.com',
    [
        '_hardRefresh',
        'validateSMTP',
        ...
    ]
)
            
            

When executing the GET method, you can pass in array of disabled options (as shown above) which directly impact what types of checks are performed. Feel free to use those as needed.

Improving Your User Registration Flow

Now that you’ve seen how you can verify email addresses using the email-verifier library, you’ll likely want to modify your website registration process to make use of this.

The best way to do this is fairly straightforward. When a user fills out your registration form and submits it, you should:

  • Receive the form data on your web server
  • Parse out the user’s registration data, including their email address
  • Immediately verify the user’s email address using the email-verifier library
  • Show an error to the user if their email is invalid, prompting them to retry
  • If everything is good to go, create the user’s new account and log them in

By following these steps, you’ll greatly improve the registration flow of your website by catching user typos and mistakes early on in their registration process before it is too late to correct.

Summary

So to wrap things up: verifying email addresses for your users can be a simple way to improve the user experience for your website.

If you need to verify an email address, the new email-verifier is the perfect tool, as it handles many different types of validation, and is extremely flexible.

If you have any questions, please email us!