Python Email Verification Script

Email Verification

Please note that as of March 2016 I no longer work for Email Hippo Ltd.

Email verification is no secret. All it requires is a little knowledge of the SMTP protocol and your programming language of choice. To prove just how easy it is, I'm going to walk you through the basics using a simple python script. I'm providing this information as-is and completely for free.

Why am I offering this for free?

You may have noticed that I work for Email Hippo, a company whose main product is email verification. At Email Hippo, we are very open about the email verification process; as I said, it is no secret. What separates Email Hippo from a free service or this script, or in fact many of our competitors, is that we can do this with accuracy and in scale (hence the big old hippo).

Warnings and Disclaimers

Whilst this process will get you up and running, you need to be aware of the following:

  • Do this too much and you will get put on a naughty list (e.g. Spamhaus), especially if you are using a dynamic IP address from your ISP.
  • B2C addresses: this does not work very well against the big boys who have their own procedures and spam rules ( and yahoo).
  • Incorrect results: some mail servers will give you incorrect results, for instance catch-all servers, which will accept all incoming email addresses, often forwarding incoming emails to a central mailbox. Yahoo addresses displays this catch-all behavior.
This script on its own is not enterprise grade email verification; you will not be able to process millions of addresses with it.

Email Verification


Before we start committing network IO, we should first perform a basic check to see if the email is in fact something that resembles an email address. We can use some simple regex to do this.

import re

addressToVerify ='[email protected]' match = re.match('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', addressToVerify)
if match == None: print('Bad Syntax') raise ValueError('Bad Syntax')


Next we need to get the MX record for the target domain, in order to start the email verification process. Note that you are allowed in the RFCs to have a mail server on your A record, but that's outside of the scope of this article and demo script.

import dns.resolver

records = dns.resolver.query('', 'MX') mxRecord = records[0].exchange mxRecord = str(mxRecord)


Now that we have all the preflight information we need, we can now find out if the email address exists.

import socket
import smtplib

# Get local server hostname host = socket.gethostname()
# SMTP lib setup (use debug level for full output) server = smtplib.SMTP() server.set_debuglevel(0)
# SMTP Conversation server.connect(mxRecord) server.helo(host) server.mail('[email protected]') code, message = server.rcpt(str(addressToVerify)) server.quit()
# Assume 250 as Success if code == 250: print('Success') else: print('Bad')

What we are doing here is the first three commands of an SMTP conversation for sending an email, stopping just before we send any data.

The actual SMTP commands issued are: HELO, MAIL FROM and RCPT TO. It is the response to RCPT TO that we are interested in. If the server sends back a 250, then that means we are good to send an email (the email address exists), otherwise the server will return a different status code (usually a 550), meaning the email address does not exist on that server.

And that's email verification!

Email Hippo

Please note that as of March 2016 I no longer work for Email Hippo Ltd.

I previously listed a few warnings about the email verification process and if you start doing email validation in bulk, you will encounter these problems. The reason I am offering this script for free is to not only help you understand the process but also accelerate your learning and most probably the journey to realising that it might not be viable for you to implement your own solution, as the solutions to the aforementioned problems involve a constant learning process and dedicated operational support. In fact many of Email Hippo's affiliates, VARs and customers started in this position and use our products as a result.

Email Hippo has been using the above process with over 6 years of experience, starting in 2009. We know the tricks of the trade and wrote the book on email verification. If you cast your eye back over the list of warnings, we have solved these and many more weird and wonderful roadblocks preventing email deliverability. This is the value of using our service over doing it yourself or even our competitors.

Email Hippo is also one of the few email verification platforms that can verify Yahoo email addresses, with many other services using inaccurate methods or downright guessing. We often get support tickets about this, asking why our service returns different results to all others, with our service reporting Bad and all others as Ok. We really enjoy these and proving our results.

Email Hippo can also detect DEA's, catch-all/accept-all servers, various spamtraps, the list goes on. See our competitor comparison page for a full breakdown.

Apologies to my regular readers for the above bit of marketing, but this is an outcome of talking to fellow techies when asked what it is I do and being met with responses such as 'Oh, I just use free service x' or 'Oh, I just ping the address myself'. Yeah, 'ping'.... So this was an exercise in putting pen to paper and teaching others about email verification and in the process learning ways of explaining it better myself.


You can find the full python script on GitHub. This script uses keyboard input for the email address to verify and has a couple of extras in terms of error handling and debugging.

Please note that this script uses Python 3 and the dnspython3 library.

PHP Email Verification Script

Email Hippo have also published a similar script for PHP. This is also available for free on GitHub, along with this accompanying article.

You can also find out more detail of the SMTP conversation for verifying email addresses in our article 'Detailed Guide On How To Do Mailbox Pinging'.

Scott Brady

Scott Brady

Scott Brady is the Identity & Access Control Lead at Rock Solid Knowledge, focusing on authorization & authentication protocols such as OAuth and OpenID Connect.

Keep Up To Date

Sign up to the mailing list to keep up to date with the latest articles and announcements.