Blog/guide
⚙️

SMTP Email Verification Explained: What Happens Behind the Scenes

June 29, 2026

SMTP verification is the gold standard for checking if an email address actually exists. Here's exactly what happens during a verification, step by step.

What Is SMTP?

SMTP stands for Simple Mail Transfer Protocol. It's the standard protocol that mail servers use to send email to each other — and it's been the backbone of email delivery since 1982.

When you send an email from Gmail to Outlook, your Gmail server opens an SMTP connection to Outlook's server and delivers the message. The same protocol can be used to check whether a mailbox exists, without actually delivering anything.

The Problem with Other Verification Methods

Before SMTP verification, "email validation" usually just meant checking syntax (user@domain.com format) or doing a DNS lookup to see if the domain had mail records.

These checks tell you:

  • ✅ The email looks like a valid address
  • ✅ The domain can receive email

But neither tells you whether the specific mailbox — user at that domain — actually exists. That's what SMTP verification does.

How SMTP Verification Works

Step 1: MX Record Lookup

Before opening an SMTP connection, we first resolve the domain's MX (Mail Exchange) records to find out which mail servers handle email for that domain.

MX lookup: gmail.com
→ alt1.gmail-smtp-in.l.google.com (priority 5)
→ alt2.gmail-smtp-in.l.google.com (priority 10)
→ ...

Step 2: TCP Connection

We open a TCP connection to port 25 (or 587) of the target mail server. A successful connection means the server is online and reachable.

Step 3: EHLO / HELO Command

We introduce our verification server to the target with a HELO or EHLO command — the SMTP equivalent of a handshake.

→ EHLO verify.themailtrix.com
← 250 smtp.gmail.com at your service

Step 4: MAIL FROM Command

We simulate starting an email delivery from a dummy sender address.

→ MAIL FROM:<verify@themailtrix.com>
← 250 2.1.0 OK

Step 5: RCPT TO Command — The Key Check

This is where verification happens. We send a RCPT TO command with the address we're checking. The server responds by either accepting or rejecting the recipient.

→ RCPT TO:<user@example.com>
← 250 2.1.5 OK   ← Address exists

Or:

→ RCPT TO:<nonexistent@example.com>
← 550 5.1.1 The email account does not exist   ← Address doesn't exist

Step 6: QUIT — No Email Sent

We immediately send QUIT and close the connection. No email was delivered. The server's logs may show the connection attempt, but nothing was sent.

→ QUIT
← 221 Bye

The Catch-All Problem

Some mail servers are configured to accept all RCPT TO commands regardless of whether the address exists. These are called catch-all servers.

→ RCPT TO:<definitely-does-not-exist-12345@example.com>
← 250 2.1.5 OK   ← Catch-all accepted it anyway

A good verifier detects catch-all servers by probing with a deliberately random address. If the server accepts it, the domain is flagged as catch-all and individual addresses can't be confirmed.

The 5-Layer Stack at The Mailtrix

The Mailtrix runs all of this automatically, at scale:

  1. Syntax — format check
  2. DNS — domain existence
  3. MX — mail server lookup
  4. SMTP — mailbox existence check
  5. Disposable — throwaway domain detection

Every address goes through all five layers. Try it free — 100 credits, no card needed.