This article is most relevant for Career Services users who need to import and send Handshake invitations to employers. We frequently receive questions around how email addresses are verified or handled if invalid. This article provides more background into our process.
The main takeaway is that neither Handshake, nor anyone else, can catch all invalid email addresses. Most of the addresses that slip through are manually-entered or are an invalid inbox (the part before the "@") at a valid domain. If you're interested in more details on why we or anyone cannot catch all invalid email addresses, please view the following information below.
As part of our effort to reduce the amount of inaccurate data in our system, we attempt to verify the validity of email addresses that are supplied to us. However, this isn't foolproof, and there are a number of ways it fails. Additionally, our verification is not applied the same way everywhere. We use the following three methods:
- Briteverify - Only used when importing contacts
- Built-in validation - All emails saved in our app
- Pre-send filter - All emails when sent out
Unfortunately, it is impossible to tell for certain that an email address is valid. This is due to how email, as a technology, was designed and built.
Limitations of All Email Validators
All email validators will have certain limitations, due do how the email standard is laid out in RFC 822; the published standard for the format of email addresses.
Could the Email Address Possibly Exist?
This is a surprisingly hard question. To illustrate; some of these are valid email addresses, and some are not:
Perhaps surprisingly, examples two and six are the only invalid ones. The rest are perfectly acceptable. Many webmail providers, such as Gmail (or the related G Suite for Education), will often reject examples four and five as well.
Email address format validation is often inaccurate because writing software to verify all possible email addresses can be very error-prone. Instead, most providers either take a too-strict approach, which rejects some valid addresses, or a lenient approach, which will accept some invalid addresses.
Does the Mail Server Exist?
Just like websites can be down, so can mail servers. Just because you can't contact it once doesn't mean it's invalid. Similarly, just because you could contact it once, doesn't mean it will still exist tomorrow.
Does the Mailbox Exist?
This question is impossible to answer for anyone outside of the organization that controls the mail server. This is for two reasons:
- There is no public directory of email addresses
- There is no way to ask a mail server if an address exists
The reason behind both of these is spam. If either of these were possible, it would be easy for spammers to harvest email addresses and send more targeted campaigns.
In the first case, spammers would download the whole directory and use it as a mailing list. In the second instance, they'd ask the target mail server about all possible email addresses, using a series of requests; "Does
firstname.lastname@example.org exist? ... Does b
@example.com exist? ... etc."
Was the Email Marked as Spam?
No email server will tell you this, for similar reasons to the above; spammers would know their tactics have been discovered, and they'd be able to change them in order to bypass spam filters more regularly.
Limitations of Specific Email Validators
In addition to the limitations laid out above, different validation tools will have their own nuances.
Briteverify can (mostly) consistently validate the following:
- Address is properly-formatted
Example: See "Could The Email Address Possibly Exist?" above.
- Domain is valid
joinhandshake.comis valid, but
-adomain.comwill never be valid.
- Known email provider restrictions
Example: Gmail does not allow single-letter mailboxes, so
email@example.com never be valid.
However, it incorrectly responds that emails are valid in the following cases:
- Domain is valid, but has no listed email server.
firstname.lastname@example.org marked as valid, but
googleusercontent.comhas no listed email server.
- Mailbox does not exist.
email@example.com marked as valid, but does not exist.
Where Briteverify is Used
We only use Briteverify for contact import jobs through the importer. We can't use Briteverify everywhere because we are limited on the number of emails we can check per day.
The software we use to run our services has some basic email address validation built in. We use this when we store email addresses, regardless of whether they came in through the importer, web interface, or elsewhere.
This validation is fairly basic. It uses simple checks to approximately gauge if an email address is valid. Due to its construction, it will mark some valid addresses as invalid and vice-versa. It will, for example, correctly determine that
how_is_this_an_email???\/\/\/\/.com is invalid, but incorrectly mark
firstname.lastname@example.org (a common typo) valid.
This is only used immediately before actually trying to send an email. It prevents email send attempts if the top-level domain (e.g.
.edu) is invalid.
This catches email addresses like
email@example.com before they are sent. It would also (correctly) allow valid-but-unusual top-level domains, such as in
firstname.lastname@example.org, if you're more of a dog-person).
However, this is all it does, since it is intended to be used in combination with Briteverify and the built-in validation. If used alone, it would consider
how_is_this_an_email???\/\/\/\/.com to be ok.