Email Verification Error Handling: Production-Ready Guide for Developers
Your email verification implementation works great - until it doesn't. Network request times out. API returns an ambiguous "unknown" status for a catch-all domain. Rate limit kicks in during a traffic spike. Suddenly your signup flow is broken and you're blocking legitimate users.
Bad error handling is worse than no verification at all. Block real users because verification failed and you lose conversions. Allow every failure to pass through and you might as well not verify. The goal is graceful degradation - handle errors in ways that protect users while still catching the genuinely invalid emails.
This guide covers every error scenario you'll encounter with email verification APIs, with production-tested handling strategies that keep your application running smoothly even when things go wrong.
Types of Verification Errors You'll Encounter
Email verification failures fall into four categories, each requiring different handling:
| Error Type | Cause | Handling Strategy | User Impact |
|---|---|---|---|
| Network Failures | Timeout, DNS issues, connection refused | Retry with exponential backoff, allow on failure | None - transparent to user |
| API Errors | Rate limits, invalid API key, service unavailable | Queue for later verification, log for monitoring | Allow signup, verify async |
| Ambiguous Results | Catch-all domains, greylisting, temporary issues | Accept but flag for monitoring | None - proceed normally |
| Clear Failures | Invalid syntax, non-existent domain, dead mailbox | Block with helpful error message | Show error, suggest correction |
The key principle: when in doubt, allow the user to proceed. It's better to verify asynchronously after signup than to block a legitimate user because your verification service had a hiccup.
Handling Network Failures
Network errors are the most common failure mode. Your application makes a request to the verification API, but something goes wrong in transit - timeout, DNS resolution failure, connection refused, TLS handshake error. These failures tell you nothing about the email's validity.
Production-Ready Network Error Handling (Python)
import requests
from requests.exceptions import Timeout, ConnectionError, RequestException
import logging
def verify_email_with_fallback(email, api_key, timeout=5):
"""
Verify email with graceful error handling.
Returns tuple: (is_valid, should_block, error_message)
"""
try:
response = requests.get(
f'https://api.bulkemailchecker.com/real-time/',
params={'key': api_key, 'email': email},
timeout=timeout
)
# Check HTTP status
if response.status_code != 200:
logging.warning(f"API returned {response.status_code} for {email}")
return (True, False, None) # Allow on API errors
result = response.json()
# Handle clear failures
if result['status'] == 'failed':
if result['event'] in ['invalid_syntax', 'domain_does_not_exist']:
return (False, True, f"Invalid email: {result['event']}")
# Soft failures - allow but flag
return (True, False, None)
# Passed or unknown - allow
return (True, False, None)
except Timeout:
logging.error(f"Verification timeout for {email}")
# Queue for background verification
queue_background_verification(email)
return (True, False, None)
except (ConnectionError, RequestException) as e:
logging.error(f"Verification network error for {email}: {str(e)}")
# Queue for background verification
queue_background_verification(email)
return (True, False, None)
except Exception as e:
# Unexpected error - log and allow
logging.error(f"Unexpected verification error for {email}: {str(e)}")
return (True, False, None)
def queue_background_verification(email):
"""Queue email for asynchronous verification"""
# Implement with your job queue (Celery, RQ, etc.)
pass
This implementation handles network failures gracefully by allowing users to proceed while queuing verification for later. You never block legitimate users due to infrastructure issues, but you still catch invalid emails once the network stabilizes.
JavaScript Network Error Handling
For client-side verification in signup forms, you need similar error handling with appropriate user feedback:
async function verifyEmailOnSignup(email, apiKey) {
const controller = new AbortController();
const timeoutId = setTimeout(() => controller.abort(), 5000);
try {
const response = await fetch(
`https://api.bulkemailchecker.com/real-time/?key=${apiKey}&email=${encodeURIComponent(email)}`,
{ signal: controller.signal }
);
clearTimeout(timeoutId);
if (!response.ok) {
console.warn(`Verification API error: ${response.status}`);
// Allow signup on API errors
return { valid: true, shouldBlock: false };
}
const result = await response.json();
// Handle clear failures
if (result.status === 'failed') {
if (result.event === 'invalid_syntax') {
return {
valid: false,
shouldBlock: true,
message: 'Please enter a valid email address'
};
}
if (result.event === 'domain_does_not_exist') {
return {
valid: false,
shouldBlock: true,
message: 'This email domain doesn\'t exist'
};
}
}
// Suggest corrections for typos
if (result.emailSuggested && result.emailSuggested !== email) {
return {
valid: true,
shouldBlock: false,
suggestion: result.emailSuggested
};
}
return { valid: true, shouldBlock: false };
} catch (error) {
clearTimeout(timeoutId);
if (error.name === 'AbortError') {
console.warn('Email verification timeout');
} else {
console.error('Email verification error:', error);
}
// Always allow on network errors
return { valid: true, shouldBlock: false };
}
}
The key detail here is the timeout handling using AbortController. If verification takes longer than 5 seconds, we abort the request and allow signup. This prevents slow verification from ruining user experience.
Handling API Error Responses
API errors indicate problems with your request or the verification service itself - rate limits, authentication failures, service unavailability. Unlike network errors which could mean anything, API errors have specific meanings that inform your handling strategy.
Common API Error Scenarios
Rate Limiting (HTTP 429):
You've exceeded your requests-per-hour limit. The BulkEmailChecker API returns the hourly quota remaining in every response via the hourlyQuotaRemaining field. Monitor this and implement client-side rate limiting before you hit the hard limit.
function verifyWithRateLimit($email, $apiKey) {
$url = "https://api.bulkemailchecker.com/real-time/?key={$apiKey}&email=" . urlencode($email);
$response = file_get_contents($url, false, stream_context_create([
'http' => ['timeout' => 5]
]));
if ($response === false) {
error_log("Verification failed for $email");
return ['valid' => true, 'block' => false];
}
$result = json_decode($response, true);
// Check quota
if (isset($result['hourlyQuotaRemaining'])) {
if ($result['hourlyQuotaRemaining'] < 100) {
error_log("WARNING: Only {$result['hourlyQuotaRemaining']} verifications remaining this hour");
}
if ($result['hourlyQuotaRemaining'] < 10) {
// Critical - queue remaining verifications for next hour
queueForLater($email);
return ['valid' => true, 'block' => false];
}
}
// Process verification result
if ($result['status'] == 'failed') {
if (in_array($result['event'], ['invalid_syntax', 'domain_does_not_exist', 'mailbox_does_not_exist'])) {
return [
'valid' => false,
'block' => true,
'message' => "Invalid email address"
];
}
}
return ['valid' => true, 'block' => false];
}
Invalid API Key (HTTP 401): Your API key is missing, incorrect, or expired. This is a configuration error, not a transient issue. Log it immediately and alert your team - all verifications will fail until it's fixed. Meanwhile, allow all signups to proceed.
Service Unavailable (HTTP 503): The verification service is temporarily down. This is rare with reliable providers, but your code should handle it. Queue verifications for retry and allow signups to proceed.
Dealing With Ambiguous Verification Results
Not every verification attempt returns a clear pass/fail. Three scenarios create ambiguity: catch-all domains, greylisting, and temporary mail server issues. Each requires nuanced handling because the email might work or might not.
Catch-All Domains
Some domains accept mail to any address - anythinghere@company.com will be accepted by the mail server. SMTP verification can't determine if the specific mailbox exists. The API returns status: "unknown" with event: "is_catchall".
Your handling strategy depends on context:
- B2C signups: Accept catch-all addresses but monitor engagement. If they never open emails, they're likely invalid.
- B2B signups: Accept them - many companies use catch-all configurations for legitimate reasons.
- Free trials requiring a credit card: Accept them - you have payment info as backup verification.
- Free trials without payment: Consider secondary verification like SMS or requiring a company email domain.
Greylisting
Greylisting is an anti-spam technique where mail servers temporarily reject messages from unknown senders, then accept them on retry. The API returns status: "unknown" with event: "is_greylisting".
Always accept greylisted addresses - they're likely valid, just protected by aggressive spam filtering. Flag them for monitoring but don't block signup.
Temporary Mail Server Issues
Sometimes mail servers are legitimately down or misconfigured. The API returns status: "unknown" with event: "inconclusive". This is different from a hard failure - the email might be perfectly valid but the server isn't responding.
Accept these addresses and queue them for re-verification in 24 hours. If they fail again, you can make a more informed decision.
Smart Retry Strategies
Retries are essential for handling transient failures, but naive retry logic causes more problems than it solves. Don't just retry immediately on every error - you'll hit rate limits, waste API calls, and still fail if the issue persists.
Exponential Backoff With Jitter
The right retry pattern uses exponential backoff with jitter:
import time
import random
from requests.exceptions import RequestException
def verify_with_retry(email, api_key, max_retries=3):
"""
Verify email with exponential backoff retry logic
"""
for attempt in range(max_retries):
try:
response = requests.get(
'https://api.bulkemailchecker.com/real-time/',
params={'key': api_key, 'email': email},
timeout=5
)
if response.status_code == 200:
return response.json()
# Don't retry client errors (400, 401, 403)
if 400 <= response.status_code < 500:
logging.error(f"Client error {response.status_code} - not retrying")
return None
# Retry server errors (500, 503, etc.)
if attempt < max_retries - 1:
# Exponential backoff: 1s, 2s, 4s
backoff = (2 ** attempt) + random.uniform(0, 1)
logging.info(f"Retrying in {backoff:.1f}s after {response.status_code}")
time.sleep(backoff)
except RequestException as e:
if attempt < max_retries - 1:
backoff = (2 ** attempt) + random.uniform(0, 1)
logging.info(f"Retrying in {backoff:.1f}s after {type(e).__name__}")
time.sleep(backoff)
else:
logging.error(f"All retries failed for {email}: {str(e)}")
return None
return None # All retries exhausted
The jitter (random component) prevents thundering herd problems where many clients retry at exactly the same time.
When Not to Retry
Don't retry these scenarios:
- Client errors (HTTP 400, 401, 403, 404) - these won't succeed on retry
- Clear validation failures - the email is invalid, retrying won't change that
- Rate limit errors - respect the limit and queue for later instead
- Synchronous user flows - don't make users wait through retries; accept and verify async
User-Facing Error Messages
How you communicate errors to users matters as much as how you handle them technically. Generic error messages frustrate users. Overly technical messages confuse them. The right message depends on the error type.
Error Messaging Best Practices
| Error Scenario | Bad Message | Good Message |
|---|---|---|
| Invalid syntax | "Validation failed" | "Please enter a valid email address (example: name@email.com)" |
| Domain typo | "Invalid domain" | "Did you mean sarah@gmail.com?" (with clickable suggestion) |
| Non-existent domain | "Email not found" | "This email domain doesn't exist. Please check for typos." |
| Network timeout | "Verification failed" | (No message - allow signup silently and verify async) |
| Disposable email | "Temporary email detected" | "Please use a permanent email address to receive order updates" |
The pattern: be specific about what's wrong and what the user should do to fix it. Never show technical error details (API errors, HTTP status codes) to users.
Monitoring and Alerting
Your verification error handling is only as good as your visibility into what's failing. Implement monitoring that tracks both technical metrics and business impact.
Metrics to Track
- API success rate: Percentage of verification requests that return valid responses (not network errors)
- Verification results distribution: Ratio of passed/failed/unknown results over time
- Error types: Count of network errors vs API errors vs clear failures
- Response times: Track P50, P95, P99 latencies to catch performance degradation
- Quota usage: Monitor hourly quota consumption to predict when you'll hit limits
- Retry rates: How often are you retrying? High retry rates indicate infrastructure issues
- Blocked signups: How many users are you blocking due to verification failures?
For monitoring, integrate with your existing observability stack. Here's a basic Prometheus metrics implementation:
from prometheus_client import Counter, Histogram
verification_total = Counter(
'email_verification_total',
'Total email verifications attempted',
['result', 'error_type']
)
verification_latency = Histogram(
'email_verification_duration_seconds',
'Email verification request duration'
)
def verify_with_monitoring(email, api_key):
with verification_latency.time():
try:
result = verify_email_with_retry(email, api_key)
if result is None:
verification_total.labels(result='error', error_type='network').inc()
return None
verification_total.labels(
result=result['status'],
error_type='none'
).inc()
return result
except Exception as e:
verification_total.labels(
result='error',
error_type=type(e).__name__
).inc()
raise
Alerts to Set Up
Configure alerts for conditions that require immediate attention:
- API success rate drops below 95%: Something is wrong with verification infrastructure
- Error rate spike: More than 10% of verifications failing indicates API or network issues
- Quota exhaustion imminent: Less than 10% of hourly quota remaining
- P95 latency above 3 seconds: Verification is too slow, hurting user experience
- High unknown rate: More than 30% unknown results suggests catch-all domains or greylisting issues
The unlimited API plan eliminates quota concerns for high-volume applications, but you still need monitoring to catch other failure modes.
Frequently Asked Questions
Should I block signups when email verification fails?
Only for clear, unambiguous failures - invalid syntax, non-existent domains, dead mailboxes. For network errors, API errors, or ambiguous results (catch-all, greylisting), allow the signup and verify asynchronously. Blocking legitimate users hurts conversion more than allowing occasional invalid emails.
How do I handle verification in high-traffic scenarios?
Implement asynchronous verification. Accept the signup immediately, send a job to your background queue for verification, then handle invalid emails after the fact. This approach keeps signup fast while still maintaining list quality. Use the pay-as-you-go pricing to scale verification without quotas.
What timeout should I use for verification requests?
5 seconds is the sweet spot. Under 5 seconds and you'll see too many false timeouts. Over 5 seconds and you're making users wait too long. Implement timeout handling that allows users to proceed if verification takes longer than your threshold.
How do I test error handling without breaking production?
Use feature flags to enable verification only for a percentage of traffic. Start at 10%, monitor error rates, gradually increase to 100%. This lets you catch handling issues before they affect all users. Also test with intentionally invalid data in staging - emails with network-unreachable domains, malformed addresses, etc.
Should I cache verification results?
Yes, with a short TTL (24 hours). If the same email is verified multiple times in a short period - like when someone resubmits a form - you don't need to verify again. Cache both passed and failed results. Just make sure to invalidate the cache if the user corrects their email address.
Stop Bouncing. Start Converting.
Millions of emails verified daily. Industry-leading SMTP validation engine.