Yes, there are APIs that can be queried at some of the larger ISPs to identify if an account name is taken, but this doesn’t mean that there is an associated email address. Yes, senders can do a real time SMTP transaction, but ISPs are quick to block SMTP transactions that quit before DATA.

I decided to check out one service to see how accurate it was. I’m somewhat lucky in that I created a username at Yahoo Groups over a dozen years ago but never activated the associated email address. This means that the account is shown as taken and no one else can register that address at Yahoo. But the address doesn’t accept any mail.

The address verification for Yahoo addresses

There is a service that offers real time verification and allows potential customers to check an address on their website. I plugged my Yahoo address into their text box. They verified it as active and connected to all networks. Just to make sure I checked my existing Yahoo address as well, and that shows the same: connected to active online networks.

I next sent an email to both Yahoo accounts. Yahoo accepted mail to my working account but bounced mail to the Yahoo Groups only account.

Final-Recipient: rfc822; biskybabe@yahoo.com
Original-Recipient: rfc822;biskybabe@yahoo.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; mta5.am0.yahoodns.net
Diagnostic-Code: smtp; 554 delivery error: dd This user doesn't
   have a yahoo.com account (biskybabe@yahoo.com) [-5] -
   mta1289.mail.ac4.yahoo.com

This tells me that for Yahoo addresses, Briteverify is using some sort of API call to identify whether or not an account name is taken. But just because an account name is taken doesn’t specifically mean that an account is a valid email address. It’s probably better than no verification, but usage of all real time verification isn’t going to help in all cases.

What about email accounts that don’t provide an API or a way to check the validity of an account? In that case it appears that they are using an aborted SMTP transaction. we tested

Jan 24 15:20:00 misc postfix/smtpd[28917]: connect from
   smtpout9.briteverify.com[107.20.232.98]
Jan 24 15:20:01 misc postfix/smtpd[28917]: NOQUEUE: reject:
   RCPT from smtpout9.briteverify.com[107.20.232.98]: 550 5.1.1
   <mu/er9w9kmbyg+s5uehqdxqe@blighty.com>: Recipient
   address rejected: User unknown in virtual alias table;
   from=<admin@origindata.com>
   to=<mu/er9w9kmbyg+s5uehqdxqe@blighty.com>
   proto=SMTP helo=<emailver.briteleads.com>
Jan 24 15:20:01 misc postfix/smtpd[28917]: lost connection after
   RCPT from smtpout9.briteverify.com[107.20.232.98]
Jan 24 15:20:01 misc postfix/smtpd[28917]: disconnect from
   smtpout9.briteverify.com[107.20.232.98]
Jan 24 15:20:01 misc postfix/smtpd[28915]: connect from
   smtpout7.briteverify.com[184.73.155.120]
Jan 24 15:20:01 misc postfix/smtpd[28915]: NOQUEUE: reject:
   RCPT from smtpout7.briteverify.com[184.73.155.120]: 550 5.1.1
   <aardvark@blighty.com>: Recipient address rejected: User
   unknown in virtual alias table; from=<admin@origindata.com>
   to=<aardvark@blighty.com> proto=SMTP
   helo=<emailver.briteleads.com>
Jan 24 15:20:01 misc postfix/smtpd[28915]: lost connection after
   RCPT from smtpout7.briteverify.com[184.73.155.120]
Jan 24 15:20:01 misc postfix/smtpd[28915]: disconnect from
   smtpout7.briteverify.com[184.73.155.120]

The verification service did correctly identify both addresses as invalid. However, this is exactly the kind of SMTP behaviour that is blocked by many places.

Real time address verification for 100% of addresses is incredibly difficult. As I demonstrated above, their use of testing APIs makes the assumption that everyone with a login at Yahoo (or google or other places) has an email address, but this isn’t necessarily true.

There are other assumptions that realtime address verification makes.

1. No one ever typos the left hand side of their email address into an address of another user at the site. This isn’t true, for instance, I entered a common typo of my email address into the form and the service verified it as accurate. It probably is a valid, deliverable account but that doesn’t mean that it’s a good address.
2. Spamtraps are always undeliverable addresses. This is not true and the above form did verify a spamtrap address that a friendly blocklist admin checked for me.
3. No one typos the right hand side of an address to a valid domain. This is not true. For instance, I know a number of spamtrap domains used by Trend Micro. The form validates addresses there and tells me I’m good to send.

I’m not trying to knock the real time address verification services, I think what they’re attempting to do is good. I think the glossy marketing, though, will lead senders into a false sense of security. Just because a 3rd party service tells you an address is deliverable, doesn’t mean that the address is deliverable or that the address is safe to mail.

I do think potential verification customers deserve to understand how the services work so that they can make good decisions about purchasing those services.

Al links to DJ Waldow’s write up on Shop.org’s recent re-engagement
strategy, and today I see that Janine Popick, CEO of VerticalResponse,
talking about Coach’s turn at culling their list through this process. What’s interesting here is that, according to Janine, Coach didn’t target this reconfirmation email only at recipients who never open or click. She says she does both, regularly, and received this email message anyway. Another friend of mine, who is also a Coach subscriber, reports to me that she receives regular emails from them (most recently as just about
ten days ago), but that she did not receive this reconfirmation email message.

All these things can and do go wrong with double opt-in, but the risks of not using it have simply become too great. For one thing, if a marketer gets blacklisted by, say, Spamhaus, and the mailer is not using double opt-in, the folks at Spamhaus will force the issue.

On the plus side, marketers using double opt-in don’t get blacklisted by Spamhaus because they never hit Spamhaus’s traps—fake e-mail addresses set up to catch spammers.

Also, fake signups are nothing to get worked up about. They are simply a fact of e-mail list building that the marketer must guard against or accept the inevitable consequences. It is solely up to mailers to keep their lists clean, and no one else.

Data verification is a necessary and critical bit of email marketing on today’s internet. For many marketers, the only solution may be to move to double opt-in.