Email address validation services - how do they commercialize an uncertain service?

There are numerous paid services these days that claim to provide "complete" email validation (check for MX records, check with the SMTP server etc), like this one, this one and this one.

From v开发者_如何学Carious past threads on SO, it's evident that foolproof validation of email addresses is not possible -

• Email SMTP validator
• Determining the health/validity of an email address
• How to check if an email address exists without sending an email?

Any such service is liable to come across the following issues -

• Most mail servers won't respond correctly to the VRFY command for antispam reasons, so it's not possible to use it.
• The services' will have their IP(s) blacklisted if they try to access mail servers over SMTP too many times, which they have to, to provide such a service

My question is, is there any other way that this can be done? How do these services claim reliable validation in light of the above? I know that they are not going to reveal their methodologies, but can anyone on SO shed some more light?

We have recently published an hosted email validation service based on our EmailVerify.NET, an award-winning and well known email validation component for the .NET platform; while I can't answer for every other service you mentioned, I can certainly do it for ours:

• EmailVerify.NET does not employ the VRFY command at all, as it may lead to potential bans from external mail exchangers;
• blacklisting is always possible and Netiquette must always be respected while performing the validation job (although there are no written rules here): our component allows to bind itself to any available IP address and to cycle the originating IP addresses during the validation process, thus increasing the number of validations that can be performed at once while lowering at the same time the possibility of a ban.

My experience also shows that most email validation services out there do not offer the quality one would expect for even syntax validation (there are at least 7 different RFCs to follow, a simple regular expression is not the right choice here); before choosing one, I suggest you to ask for a demo with your own sample data (EmailVerify.NET has an online demo page you can play with, if you wish). Most, for example, do not support quoted words or non-ASCII domains or mailboxes, which are becoming quite common nowadays, or do not filter out disposable (temporary) email addresses.

The Paid Email verification service providers typically check below points to verify an email address.

1. Email Address Syntax Check
2. Domain/MX Records Check
3. Role-Based Account Detection
4. Disposable Email Address (DEA) Detection
5. Honeypot/ Spam Trap Detection
6. Checking DNSBLs and URI DNSBLs for blacklisting

Though all of them does not check everything mentioned above but it is best practice to choose a provider who checks all of the above. You can test service and results of some of the best providers from here.