Email risk checker

Check obvious email risk before you trust an address

Paste one address to check syntax, role-account names, common disposable domains, and public mail DNS signals. Use Verifly for mailbox-level verification before importing or sending.

Check one address

This free check covers obvious risk signals. Full Verifly verification checks mailbox-level deliverability, catch-all behavior, and deeper risk signals.

Obvious risk score
--
Not checked

Need mailbox-level verification?

Syntax, disposable, role, and DNS checks are useful first filters. Verifly verifies the actual address before you import leads, accept signups, or send campaigns.

Verify emails with free credits

The risk signals this tool combines

Rather than a single yes/no, this checker layers several independent signals into one view. It runs RFC-aware syntax checks, flags role accounts like info@ and sales@ that reach a group rather than a person, matches the domain against known disposable providers, and inspects public mail DNS: MX, SPF, and DMARC. Each is a piece of evidence about how much you can trust the address.

Together they separate obviously risky addresses from ones worth a full mailbox verification, without spending a verification credit on the clearly bad ones.

How to weigh the signals

Not every flag means "reject." A role address is fine for a support contact but risky for personalized cold outreach. A disposable domain is almost always a hard no. Missing MX means undeliverable. A weak DMARC policy is a signal about the domain's hygiene, not the mailbox itself. The right threshold depends on your use case, so read the signals rather than chasing a single score.

For a per-signal deep dive, jump to the disposable email checker, the syntax validator, or the catch-all checker.

Heuristics are triage, not proof

Everything here is a fast heuristic: it can tell you an address looks risky, but it cannot confirm the mailbox actually exists. An address can clear every risk check and still be a long-dead inbox, and a catch-all domain will accept mail for addresses that were never created.

Use this as triage, then confirm the survivors with real verification. The Verifly API at https://verifly.email/api/v1 probes the mailbox and returns disposable, role, catch-all, and SMTP flags in one call, with 100 free credits to start. The hosted MCP server at verifly.email/mcp exposes the same checks to AI agents.

Frequently asked questions

What is an email risk score based on?

This tool combines several independent signals: RFC syntax validity, whether the address is a role account, whether the domain is a known disposable provider, and public mail DNS including MX, SPF, and DMARC. Each contributes to an overall picture of how much the address can be trusted.

Is a role address like info@ always bad?

No. Role addresses reach a shared inbox rather than one person, which is fine for a support or billing contact but risky for personalized cold outreach where a real individual should receive the message. Whether to keep it depends entirely on how you plan to use it.

Does a low-risk result mean the mailbox exists?

No. Every check here is a heuristic. An address can pass syntax, not be disposable, and sit on a healthy domain while still being a dead inbox. Confirming a mailbox truly exists requires live verification against the mail server.

Why does the domain's DMARC or SPF affect the risk view?

Weak or missing authentication records signal a domain with poor mail hygiene, which correlates with lower-quality or more easily spoofed addresses. It is a signal about the domain, not proof about the individual mailbox, so it is weighed rather than decisive.

How is this different from the individual checker tools?

The dedicated tools each go deep on one signal, such as disposable status or DNS records. This risk checker rolls those signals into a single quick assessment of one address so you can triage before deciding whether a full verification is worth it.

How do I turn this into a confirmed verification?

Send the address to the Verifly API with a vf_ Bearer key: GET /verify?email= probes the mailbox and returns disposable, role, catch-all, and SMTP flags. The same checks are available to AI agents through the hosted MCP server at verifly.email/mcp.

Related tools