MailScout Features — 10 Email Verification Capabilities Explained
A complete breakdown of what MailScout checks for every email address
MailScout combines ten specialized verification engines into a single, unified pipeline. Each engine targets a different aspect of email authenticity — from basic syntax rules to server-level behavior analysis. Below is a detailed explanation of every feature.
Every verification starts with RFC 5322 compliance checking. We validate character sets, @ placement, domain format, and catch common typos like .con instead of .com. This filters out malformed addresses before any network requests are made, saving time and bandwidth.
We query the domain's Mail Exchange (MX) records to confirm a mail server actually exists. If no MX records are found, we check A/AAAA fallback records. We also detect null MX configurations (RFC 7505) where a domain explicitly declares it does not accept email.
Our engine connects to the mail server via TCP ports 25, 587, or 465, negotiates STARTTLS when available, and performs a full SMTP handshake using VRFY and RCPT TO commands. The server response — 250 (accept), 550 (reject), 421 (unavailable) — determines if the mailbox exists, all without sending an actual email.
A catch-all domain accepts mail for any address, making it impossible to confirm individual mailbox validity. We detect this by sending probe emails to randomly generated addresses on the same domain. If the server accepts all probes, we flag the domain as catch-all with a confidence score.
We parse the domain's DNS TXT records for SPF, DMARC, and DKIM configurations. These three protocols tell receiving servers how to authenticate emails from this domain. Missing or misconfigured records are a major deliverability risk — we surface exactly what's wrong so you can fix it.
We query major Real-time Blackhole Lists including Spamhaus, Barracuda, and SURBL to check if the domain or its IP is flagged for spam, malware, phishing, or abusive behavior. A positive RBL hit is a strong negative signal that can severely damage sender reputation.
We compute the MD5 hash of the email address and query Gravatar's API to check if a profile image is associated with it. While not a hard validity signal, a Gravatar match strongly suggests the address has been used by a real person to create an online account.
We identify the email's country of origin through ccTLD analysis and ESP provider detection (Gmail, Outlook, Yahoo, etc.). We also estimate domain age through WHOIS data. This enrichment adds context to the verification result — a 10-year-old Gmail address carries different risk than a 3-day-old custom domain.
Our SQLite database tracks millions of domain records with 7-day result caching. Verified domains are stored with separated email/domain fields for structural privacy. The database supports high-concurrency reads via WAL mode, and our disposable domain list (2.4M+ entries) is continuously updated.
Our trust score algorithm combines all nine verification signals into a 0-100 rating using a veto-plus-bonus model. SMTP result carries the highest weight, followed by security configuration, domain age, blacklist status, and email pattern analysis. The model automatically adjusts weights based on historical accuracy data.
You don't need to understand all ten features to use MailScout. Just enter an email and click Verify — we run the full pipeline automatically and present the results in plain language. For developers, each feature's raw data is available via the API.