Validate a single email address

Use this endpoint to validate a single email address and assess its deliverability and risk profile.

API at a glance

⚠️

This endpoint is not available by default.

Please get in touch with your CSM or email [email protected] to enable access.

Description: This API checks if an individual email address is valid, risky, disposable, or role-based. It helps you improve deliverability by validating emails before sending campaigns.

Validation logic & best practices

What it checks:

  • Mailbox detection
  • Syntax validation (RFC-compliant)
  • DNS and MX record lookup
  • Domain spell checks
  • ESP-specific formatting (if applicable)

When to use this API:

Use this API to validate email addresses collected directly from:

  • Newsletter signups
  • Account registration forms
  • Checkout or lead capture forms

This helps reduce bounce rates, protect the sender's reputation, and improve deliverability.

Acceptable use:

To ensure compliance, do not use this API to:

  • Validate emails without the user's consent (no opt-in)
  • Verify emails from third-party sources (e.g., purchased or rented lists)
  • Generate, guess, or harvest unknown email addresses

Only use the API with consented, first-party data.

<AuthenticationTestingEmailValidation />

Things to know before you start

  • This endpoint supports only one email address per request.
  • The API returns details such as:
    • Whether the email is valid
    • If it belongs to a disposable or role-based service
    • The risk level associated with the address
  • The maximum request rate may be limited based on account settings.

Request parameters

Check out the request parameters

Email validation parameters

Note: This API supports only one parameter.

ParameterTypeRequiredDescription
emailstring✅ YesThe email address to validate.
Example: [email protected]
(Maximum: 512 characters)

Example requests & responses

Request example
curl --request GET \
     --url 'https://api.getblueshift.com/api/v1/emails/validate?email=janedoe%40acme.com' \
     --header 'accept: application/json' \
     --header 'authorization: Basic YWNlZDZlNGYxMWExYWVhOTZmNTJkNDg4M2ZmMjI4Mjg6'
Response example
{
  "result": {
    "address": "[email protected]",
    "engagement": {
      "engaging": true,
      "is_bot": false
    },
    "is_disposable_address": false,
    "is_role_address": false,
    "reason": [],
    "result": "deliverable",
    "risk": "low"
  }
}
API error responses
Status codeDescriptionExample response
400 Bad RequestMissing or invalid email address.{ "errors": { "email": ["can't be blank or is invalid"] } }
401 UnauthorizedAPI authentication failed due to an invalid or missing API key.{ "message": "Not authorized" }
403 ForbiddenThe API key does not have sufficient permissions.{ "message": "Permission denied" }
404 Not FoundThe requested API endpoint does not exist.{ "message": "Endpoint not found" }
429 Too Many RequestsThe request limit has been exceeded.{ "message": "Rate limit exceeded" }
500 Internal Server ErrorAn unexpected server error occurred.{ "message": "Internal Server Error - Please contact support for more information." }
502 Bad GatewayThe server received an invalid response.{ "message": "Bad Gateway - Please retry the request." }
503 Service UnavailableThe service is temporarily unavailable.{ "message": "Service Unavailable - Try again later." }
504 Gateway TimeoutThe server took too long to respond.{ "message": "Gateway Timeout - Retry with exponential backoff." }

Field reference

Response fields
FieldTypeDescription
addressstringThe email address being verified.
did_you_meanstringSuggestion for typos in the domain (if any).
is_disposable_addressbooleantrue if the domain is disposable.
is_role_addressbooleantrue if the address is role-based (e.g., admin@, sales@).
reasonarrayList of reasons why the address may be invalid or risky.
resultstringOne of: deliverable, undeliverable, do_not_send, catch_all, unknown.
riskstringRisk level: low, medium, high, or unknown.
root_addressstringIf the input is an alias, this shows the root address.
engagement.engagingbooleanIndicates if the user shows engagement signals.
engagement.is_botbooleantrue if the address is likely bot-generated.
Reason codes
ReasonDescription
unknown_providerMX provider is not recognized.
no_mxNo MX records found for the domain.
high_risk_domainDomain is flagged as high risk.
subdomain_mailerDomain is a subdomain and not whitelisted.
immature_domainDomain is recently created.
tld_riskTop-level domain is considered risky.
mailbox_does_not_existMailbox does not exist.
mailbox_is_disposable_addressDisposable email address.
mailbox_is_role_addressRole-based email address.
catch_allDomain accepts all addresses (catch-all).
long_term_disposableLong-term disposable address.
failed custom grammar checkFailed ESP-specific formatting rules.
Result types
ResultDescription
deliverableValid and expected to receive emails.
undeliverableInvalid and likely to bounce.
do_not_sendHigh-risk — avoid sending to this address.
catch_allDomain accepts all addresses; validity can't be confirmed.
unknownValidity cannot be determined. See reason for more info.
Language
Credentials
Basic
base64
:
URL
Click Try It! to start a request and see the response here!