What We Do

Here is a step-by-step explanation of what happens when you verify an email address through Verifox:

1. Syntax check: We validate that the address conforms to RFC 5321/5322 formatting (local part, @, domain).
2. Domain DNS lookup: We query the domain's DNS records to find its MX (Mail eXchange) records — the servers that accept email for that domain.
3. SMTP connection: We open a TCP connection to the mail server on port 25 (or 587/465 as fallback).
4. SMTP HELO/EHLO: We send a standard greeting to identify ourselves.
5. MAIL FROM: We send a probe "from" address to initiate a test delivery session.
6. RCPT TO: We send the target email address as the intended recipient. The mail server responds with a status code indicating whether the mailbox is valid, invalid, or unknown.
7. Disconnect: We immediately disconnect — no data, no message body, nothing is delivered. The server has simply told us whether it would accept a message for that address.

The entire process typically takes under 3 seconds per address and leaves no trace on the recipient's inbox.

Based on the SMTP response and additional signals, we classify each address into one of the following categories:

• Valid: The mail server confirmed it will accept email for this address. Covered by our Zero Bounce Guarantee.
• Invalid: The mail server rejected the address as non-existent (SMTP 550/551 response). Do not send to these addresses.
• Catch-all / Accept-all: The domain's mail server accepts email for any address, making it impossible to verify individual mailbox existence. We flag these but cannot guarantee deliverability.
• Disposable: The address belongs to a temporary/disposable email service. Identified via our FoxGuard domain blocklist, which is updated daily.
• Role-based: The address is associated with a function rather than a person (e.g., info@, support@, noreply@). These have higher unsubscribe rates and lower engagement.
• Risky: The address shows signals that suggest it may be problematic — for example, it belongs to a known spam trap or high-bounce domain. Use with caution.
• Unknown: We could not conclusively determine deliverability, typically because the mail server timed out, was unavailable, or is configured to return ambiguous responses to SMTP probes.

Our Email Finder helps you discover professional email addresses for individuals at specific companies. It works by:

• Identifying the most likely email format used by a company (e.g., firstname.lastname@company.com) based on licensed B2B data and publicly observable patterns
• Generating candidate addresses based on the person's name and the company domain
• Running each candidate through our SMTP verification engine to find the valid address

Important limitations: Email Finder is designed exclusively for B2B outreach — finding professional email addresses for business communication with working professionals. It is not designed for, and its use for, finding personal or consumer email addresses is prohibited by our Terms of Service.

Beyond individual email verification, Verifox provides intelligence at the domain level:

Domain Intelligence

For any domain you query, we report: MX record configuration, SPF record presence and syntax validity, DKIM key availability, DMARC policy (none/quarantine/reject), BIMI record presence, and overall domain health score. This helps you understand the email infrastructure of domains you want to send to or domains you are onboarding as customers.

DMARC Monitoring

If you add your sending domains to Verifox for DMARC monitoring, we process the DMARC aggregate (rua) and forensic (ruf) reports sent to us by major mail receivers (Google, Microsoft, Yahoo, etc.). These reports tell you which sources are sending email using your domain, which are authenticated, and which may be phishing or spoofing attacks. We parse these XML reports and present the data in a human-readable dashboard.

FoxGuard is Verifox's fraud and abuse detection layer, integrated across our verification pipeline. It checks each address against signals including:

• Known disposable and temporary email domain blocklists (updated daily)
• Spam trap address patterns and known spam trap domains
• High-bounce domains with historically poor deliverability rates
• Role-based address patterns
• Domain age and registration history anomalies

FoxGuard is also available as a standalone API for real-time validation at sign-up forms — allowing you to block disposable and fraudulent email addresses before they enter your database.

For transparency, we want to be explicit about the things we do not do:

• We do not send email on your behalf or to the addresses you submit for verification. Our SMTP connections always disconnect before sending a message body.
• We do not sell your email lists or the addresses you submit to third parties.
• We do not use your email lists to build marketing databases or enrich other customers' data.
• We do not train AI or machine learning models on personal data from your submissions without explicit agreement.
• We do not access consumer email data — our platform is built for B2B use cases and the Email Finder is restricted to professional/business email addresses.