Signup email validation
Validate signup emails before bad accounts enter your app
Bad signup emails create support, fraud, and data-quality problems. Add Verifly to your signup flow to check mailbox validity, disposable domains, and risky addresses before accounts are created.
const verify = await fetch(`https://verifly.email/api/v1/verify?email=${email}`, {
headers: { Authorization: `Bearer ${process.env.VERIFLY_API_KEY}` }
})
const data = await verify.json()
if (data.result === 'undeliverable' || data.disposable) throw new Error('Use a valid email')Real-time SMTP mailbox checks
Single, batch, and async bulk verification
Disposable, role account, and catch-all detection
Pay-as-you-go credits with no subscription lock-in
Search fit
Built for signup email validation searches
Use Verifly when you need a simple API, predictable pricing, and clean JSON results before emails hit your product, CRM, or campaign tool.
A fake signup email costs you three times
When someone signs up with a dead or throwaway address, you pay for it more than once. First, the confirmation email hard-bounces, nudging your sending reputation down. Second, that account clogs your database and your metrics with a user who will never activate. Third, if it was a disposable address used to farm a free trial, you are giving away product to someone with no intention of converting. Format validation — the regex your form already runs — catches none of this.
Real-time signup validation means checking the mailbox at the moment of submission, not in a nightly cleanup. Verifly runs a live SMTP check inline and returns deliverable / undeliverable / risky plus a disposable flag fast enough to sit in the signup request. You reject the bad ones before the account row is created, so the problems above never start.
The policy is yours to tune: a strict SaaS trial might block undeliverable, disposable, and risky; a low-friction newsletter might block only undeliverable and let the rest through. Either way the decision happens in one call, before the user exists in your system.
Add a real-time gate to your signup handler
- Get a key at verifly.email/api/v1/autonomous/register (100 free credits, no card) and store it server-side.
- In your signup handler — before creating the user — call GET /verify with the submitted address.
- Reject undeliverable addresses outright and disposable ones if you are protecting a paid trial.
- Decide your stance on risky / catch-all: block for a strict product, allow for a low-friction list.
- Only create the account when the verdict passes your policy, and surface a clear "please use a valid email" message otherwise.
async function validateSignup(email) {
const res = await fetch(
`https://verifly.email/api/v1/verify?email=${encodeURIComponent(email)}`,
{ headers: { Authorization: `Bearer ${process.env.VERIFLY_API_KEY}` } }
)
const { result, disposable } = await res.json()
// strict policy for a paid trial
if (result === 'undeliverable' || disposable) {
return { ok: false, reason: 'Please use a valid, non-disposable email' }
}
return { ok: true, result }
}
// call validateSignup(email) BEFORE inserting the userFAQ
Frequently asked questions
Isn't a regex or format check enough for signups?
No. A regex confirms the address is shaped like an email; it cannot tell you the mailbox exists or is disposable. A live SMTP check catches dead and throwaway addresses that pass format validation.
Is real-time verification fast enough for a signup form?
Yes. A single GET /verify returns quickly enough to run inline in the signup request, so you can block bad addresses before the account is created rather than in a later cleanup.
Should I block risky and catch-all addresses at signup?
It depends on friction tolerance. A strict paid product can block undeliverable, disposable, and risky; a low-friction newsletter might block only undeliverable to avoid rejecting real users on catch-all domains.
Does this stop free-trial abuse?
It helps. The disposable flag identifies temporary-inbox domains commonly used to farm trials, so blocking disposable at signup removes a large share of throwaway accounts.
Where should the API key live?
Server-side only — in an environment variable read by your signup handler, never in client code, so it cannot be extracted from the browser.
What does per-signup validation cost?
One credit per address, pay-as-you-go from $2 down to $0.60 per 1,000, with credits that never expire — inexpensive enough to check every signup.