Why Use E-mail Verification?

The history of e-mail dates back to the very early days of the Internet. The basics of the protocol were laid down as early as 1982, in RFC822. And even though this very early specification had been updated by RFC 2822 in 2008, and several updates have appeared since (e.g. 6854 in 2013), the basics of the protocol have not changed much. This is, on one hand, a considerable success of the protocol. It provides a solution to a very natural need of the users of the network: to use the Internet for sending messages like conventional mail. And this good old protocol still meets many of the requirements. In spite of the enormous amount of alternative means of online communication, e-mail has managed to maintain its popularity even today. The reasons for this include the simplicity of the protocol, the fact that it is indeed a standard. It is decentralized in the sense that there is no distinguished provider for which one has to necessarily subscribe to be able to use e-mail. This can indeed be an advantage when compared to e.g. social networks whose providers get hold of our private data when we use them.

On the other hand, however, the e-mail protocol is indeed archaic. Although the general picture of e-mail is that it is somehow a counterpart of conventional mail, in fact, it is not at all encrypted, so it offers a much smaller level of privacy than its paper-based counterpart. Solutions such as PGP have been proposed and implemented to overcome this issue, but they did not really take off. This suggests that most people are satisfied with the moderate level of privacy, they do not insist on putting their messages into digital envelopes. But this is not the only issue: the use of the e-mail protocol has changed a lot in the last few decades. There are many related tasks which can only be coped with additional tools supplementing e-mail either on the side of the servers or the clients, notably e-mail verification. In what follows we describe several situations related to e-mails in which verification is really valuable.

A few decades ago it was absolutely normal that e-mail servers did relay to each other. When the internet was still a virtual space for scientists, computer experts and enthusiasts who respected the “netiquette”, the commonly accepted rules of the early days, it was very simple to set up a mail server on a machine and use it without any risks.

This is absolutely different now. If you have a server on the Internet and you decide to run your own e-mail server to be able to do your correspondence without any third party, you really have to be an expert on this topic. Just installing any of the open-source servers such as Sendmail or Exim and running it with a basic configuration will soon result in the receipt of a vast amount of junk mail, and several other consequences. Your addresses will quickly get into many types of databases for malicious purposes. Without proper supervision, your server will soon become a targeted or even a tool of a large variety of fraudulent activities.

And it is far from being trivial to set up and run a mail server correctly. You can configure a huge variety of conditions influencing the mail traffic, make use of a variety of software to identify unwanted e-mails, etc. Notably, all e-mail servers can make use of custom filters, which may invoke RESTful APIs to decide if a given e-mail address is valid to use in your system. So if you have an access to a good tool in order to verify addresses, you can include it in the operation of your mail service. This will result in a significant improvement of the service.

Assume now that your task is to share really important information with a set of recipients via e-mail. You may consider this as an old-fashioned approach, but as we have already mentioned, sometimes it is still the best possible option. (By no means do we encourage you, of course, to send spam e-mails, unwanted messages or to organize your phishing campaign. If you wanted to do something like this, we warn you that it is not very nice. However, sending bulk emails can be ethical and can have real importance in many cases.)

So you did your best to collect the e-mail addresses of those whom you want to share the important information with. But how do you decide that the addresses are really still in use, and there is nothing nasty around them? You do not have to find your own ways to do it: using a reliable e-mail verification API it can be easily accomplished.

A similar issue appears when processing information including e-mail addresses. Assume that you are running some really smart business on your web page which is available for your clients after registration. Obviously, you’d prefer having real clients using well-established e-mail addresses as contact information. (You can find interesting facts about the relevance of e-mail checking in fraud prevention of e-commerce systems in another blog.) To implement the processing of registration data, the proper verification of the e-mails is a must. A RESTful API for the purpose largely simplifies this job.

Let us turn our attention to the relation of e-mails to cybersecurity. Again, in spite of being an old-fashioned way of using the Internet, e-mails still play a central or even dominant role in many kinds of cyber attacks. Most importantly, phishing, a form of social engineering in which sensitive information is expected by the attacker in reply to plausibly formulated messages, is still based on good old e-mails in many cases. According to the 2018 IBM X-Force Threat Intelligence Index, there are millions of phishing e-mails sent daily on the Internet. And the order of magnitude of the number e-mails containing malicious attachments, spam, etc. is also not smaller. Of course, not all of these emails can be identified by simply checking the involved e-mail address. But doing a proper check of the involved e-mails can be a step made against these threats.

WhoisXML API, Inc., has recently introduced its e-mail verification service. The RESTful API performs a comprehensive verification of e-mail addresses in real-time, in a very convenient manner. You can find more details of this API in this blog. If you are interested, why don’t you visit the API webpage and try it for free?