GETTING STARTED
Quickstart Guide
Get up and running in minutes
Help Center
Browse 400+ in-depth articles
API Documentation
REST API reference for developers
Validate email addresses against RFC 5321 and 5322. Handles international addresses, plus-addressing, role accounts, and disposable detection.
An email address is two parts joined by an `@`: a local-part on the left, a domain on the right. Most people stop there, but the formal grammar in RFC 5322 is more permissive than people expect, and the SMTP envelope grammar in RFC 5321 is stricter. The address you can put in a message header is not always the address you can use in an SMTP `RCPT TO`.
Knowing what the standards actually allow saves time. Half the regex you see in blog posts rejects valid addresses (`'O\'Brien'@example.com` parses fine under 5322). The other half accepts garbage (`foo@@bar` does not). A proper validator follows the grammar instead of guessing.
Defines what an address looks like when it appears in a message header (`From:`, `To:`, `Cc:`). Permissive. Allows quoted strings, comments in parentheses, IP-literal domains in square brackets, and the various atom and dot-atom forms for the local-part.
Examples of legal RFC 5322 addresses that look weird but parse fine:
Defines what an address looks like inside the SMTP transaction. Stricter than 5322. The envelope grammar disallows some of the rarer header forms. In practice, modern mail servers accept addresses that follow either grammar, but the envelope version is what gets evaluated during delivery.
The constraint that bites most often: local-part length capped at 64 octets, total address capped at 254 octets in the SMTP envelope. Anything longer will get rejected at submission time even if it looks valid.
Until 2012, email addresses were ASCII only. RFCs 6530, 6531, and 6532 introduced Email Address Internationalisation (EAI), allowing UTF-8 characters in both the local-part and the domain. Addresses like `测试@例子.中国` and `владимир@пример.рф` became technically legal.
Support is patchy. The sending server, every relay along the path, and the receiving server all have to advertise the SMTPUTF8 extension. Major providers (Gmail, Outlook, Yandex) accept and deliver to internationalised addresses, but adoption among self-hosted mail servers and corporate gateways is still uneven as of 2026.
For domains, the related standard is Internationalised Domain Names (IDN), defined in RFC 5891. An IDN domain like `münchen.de` gets encoded as Punycode (`xn--mnchen-3ya.de`) at the DNS layer. A good validator either accepts both forms or transparently converts between them.
When to allow non-ASCII addresses
If your audience is global and your ESP supports SMTPUTF8, allow them. If you are running an older mail stack or your validation library only knows ASCII, you may need to reject them with a clear message rather than silently failing. Check whether your sending infrastructure advertises the SMTPUTF8 EHLO extension first.
Patterns that come up repeatedly in form data and imported lists:
Most of these get caught by a proper syntax check. For the rest, a domain lookup and MX query confirm the right side of the address actually resolves to a mail server. Our Email Syntax Checker handles bulk validation against RFC 5322; the full verifier adds DNS and SMTP layers.
RFC 2142 defines a set of standard role names that domains operating mail are expected to accept. The canonical list:
| Role | Purpose |
|---|---|
| abuse@ | Spam and abuse reports |
| postmaster@ | Mail server problems |
| hostmaster@ | DNS issues |
| webmaster@ | Website problems |
| security@ | Security incident reports |
| noc@ | Network operations centre |
| info@ | General enquiries |
| sales@ | Sales enquiries |
| support@ | Customer support |
| marketing@ | Marketing department |
| admin@ | Administrative contact |
| noreply@ | Outbound-only, do not reply |
A validator flags role accounts not because they are invalid (they are perfectly valid) but because they behave differently than personal mailboxes. Multiple people read them, ownership rotates, replies often go nowhere, and recipients did not personally sign up so spam-complaint rates run higher.
Context matters. A B2B prospect at `info@` is often the right contact at a small business. A consumer newsletter signup at `noreply@` is almost certainly a tester or bot.
Disposable email services give users a temporary, often anonymous address that exists for minutes or hours before disappearing. The list includes 10minutemail, mailinator, guerrillamail, temp-mail, yopmail, and hundreds of smaller providers. Addresses are syntactically valid, technically deliverable, and almost never read by a real person.
Detection works by maintaining a list of disposable domains and checking the right-hand side of the address against it. Good lists update daily because disposable services constantly rotate domain names to evade blocking. Some validators also detect patterns: throwaway services often use newly-registered domains with no MX history, or domains that share IPs with other disposable services.
Whether to block disposable signups depends on the service. A free trial that gives away product credits should block them. A community forum or blog newsletter usually should not — users have legitimate privacy reasons for using disposable addresses, and blocking them costs sign-ups for marginal abuse reduction.
Plus-addressing (`user+tag@example.com`) is a Gmail convention adopted by most major providers. The `+` and everything after it up to the `@` is ignored for delivery purposes, so `alice+newsletter@gmail.com` arrives in `alice@gmail.com`. People use it to filter, to track which services leaked their address, and to create per-vendor unique signups without registering new mailboxes.
A validator should accept plus-addressed forms. Stripping the `+tag` before validation is fine if you want to detect duplicates; rejecting them outright is wrong. Some companies block plus-addressing assuming it is a workaround for one-account-per-user limits. That is a usability problem worth pushing back on.
Plus-addressing is the dominant convention but not the only one. Fastmail and a few other providers support `user-tag@example.com` (hyphen as separator). Microsoft has tested `user+tag@outlook.com` and `user.tag@outlook.com` at various points. If you build alias logic, be aware that the separator depends on the receiving server, not the standard.
Most validators enforce these caps. Forms that accept addresses without length checks will sometimes have UI fields that allow more than the SMTP layer can carry, so the address validates client-side and bounces on send. Set the input maxlength to 254 to avoid surprises.
Format validation is the first layer. To know whether mail will actually reach the address, you need to confirm the domain exists, has MX records, and accepts the specific mailbox over SMTP. Each of those is a separate check with its own latency and reliability profile.
Valid Email Checker runs the full pipeline through the email verifier. For domain-level checks, the MX Record Checker and DNS Lookup tool cover the DNS layer. For the SMTP layer, the verifier opens a real handshake with the recipient mail server and reports back what happened.
For everything else, run the full verification. Syntax is necessary but not sufficient. A perfectly formed address at a non-existent domain still bounces.
Email Checker
Verify any email address before you send. Same engine paying customers use — full SMTP handshake, catch-all detection, disposable flagging.
Open toolEmail Validator
Validate any email address through syntax, DNS, MX, and SMTP checks. See exactly which layer passes or fails.
Open toolEmail Verifier
Same engine paying customers use. 3 free verifications a day.
Open toolEmail Syntax Checker
Catch invalid email syntax with RFC 5322 validation, typo detection, and per-email error reasons. Bulk-paste up to 10,000 addresses.
Open toolEmail Format Checker
Audit an email list against your expected format pattern. Flag who doesn't conform, see the dominant pattern, export the report.
Open toolCommon questions about email address format, RFC compliance, international addresses, and role accounts.
A valid address parses against the grammar in RFC 5322 (for message headers) or RFC 5321 (for SMTP envelopes), has a local-part of 64 characters or fewer, a domain of 255 characters or fewer, and a total length of 254 characters or fewer in the SMTP envelope. Format validity is separate from deliverability — a valid-looking address can still fail at the domain or SMTP layer.
Yes, under RFC 6530-6532. The Email Address Internationalisation (EAI) standards allow UTF-8 in both the local-part and the domain. Whether such addresses get delivered depends on whether the sending and receiving mail servers both support the SMTPUTF8 extension. Gmail, Outlook, and Yandex do; many older or self-hosted mail servers do not.
Plus-addresses are valid under RFC 5322 and supported by Gmail, Outlook, Yahoo, Fastmail, and most other major providers. A validator that rejects them is using an outdated regex. Either fix the validator or remove the input restriction. Blocking plus-addressing breaks legitimate signups.
Syntactically yes, under RFC 5322. It refers to the local machine and is used on internal networks. It is not a valid address for receiving mail from the public internet, since `localhost` is not a globally routable domain. Most public-facing forms should reject single-label domains.
RFC 2142 defines standard role names like abuse@, postmaster@, info@, support@, sales@, and noreply@. These are valid addresses but behave differently from personal mailboxes: multiple people read them, ownership rotates, and spam-complaint rates run higher. Validators flag them so you can decide based on context whether to send.
Under RFC 5322, yes. Quoted local-parts can contain spaces and other characters that would otherwise be illegal. RFC 5321 (SMTP envelope) is stricter and rarely allows them in practice. Most mail servers reject quoted local-parts even though the standard permits them, so quoted addresses are technically valid but unreliable in the real world.
The local-part is capped at 64 octets and the domain at 255 octets per the standards. The total SMTP envelope address is capped at 254 octets. Form inputs should enforce these limits, since addresses longer than 254 octets will bounce at the SMTP layer regardless of format validity.
A disposable address is a temporary mailbox provided by services like 10minutemail, mailinator, guerrillamail, and temp-mail. The addresses are syntactically valid and technically deliverable but exist only briefly. Validators detect them by matching the domain against a regularly-updated list of known disposable providers.
Yes. Syntax and DNS-level checks (domain existence, MX records) require no contact with the recipient at all. SMTP-level checks open a connection to the recipient mail server and ask whether the address would be accepted, then disconnect before any message body is sent. The recipient mailbox sees nothing.
Format validation only confirms the address parses. The mailbox may not exist, the inbox may be full, the user may have been disabled, the recipient server may be greylisting, or the address may sit on a catch-all domain that accepts everything at SMTP and discards mail server-side. Format validity is the first layer of a four-layer check, not the whole answer.
Still have questions?
Contact our support team →Stop guessing. Stop bouncing. Start reaching the people who actually want to hear from you.
200 free credits · No credit card required · Results in minutes
