Email Verification with Node.js: Complete API Integration Guide
Your Node.js app is accepting email addresses. The question is whether those addresses are real. Syntax validation catches typos, but it won't tell you if the mailbox actually exists, whether it's a throwaway address from a temp mail service, or whether the domain even has working mail servers. For that you need real-time SMTP verification - and this guide shows you exactly how to wire it up.
Every code example below uses the official Bulk Email Checker API with real endpoint URLs, real response fields, and production-ready error handling. You'll walk away with working code for four scenarios: single address verification, batch processing for large lists, Express.js middleware, and async patterns for high-throughput pipelines.
Why SMTP Verification Beats Regex in Node.js
Regex checks email format. That's it. /^[^s@]+@[^s@]+.[^s@]+$/ will pass fake@notreal.xyz every time, because the format is valid even though the mailbox doesn't exist.
SMTP verification actually connects to the mail server for the domain, checks whether it accepts mail, and attempts to confirm the mailbox exists - without sending an actual email. That's the difference between checking if a phone number looks right and actually dialing it.
| Validation Method | What It Checks | Catches Fake Emails | Server Round-Trip |
|---|---|---|---|
| Regex / syntax check | Format only | No | None |
| DNS / MX record check | Domain has mail servers | Partial | DNS only |
| SMTP verification | Mailbox existence | Yes (99.7% accuracy) | Mail server handshake |
Bulk Email Checker's API runs all three layers simultaneously - syntax, DNS/MX, and SMTP - plus 14 additional checks for disposable addresses, catch-all domains, role accounts, gibberish detection, and more. The whole thing takes under a second per address.
Setup: API Key and Dependencies
The Bulk Email Checker API is a plain REST endpoint - no SDK required. Any HTTP client works. For Node.js, axios is the cleanest option, though the native https module or node-fetch work equally well.
Install axios if you don't already have it:
npm install axiosGet your API key from the Bulk Email Checker dashboard after signing up. Store it in an environment variable - never hardcode credentials in source files:
# .env file
BEC_API_KEY=your_api_key_hereThe official API endpoint for real-time pay-as-you-go verification:
https://api.bulkemailchecker.com/real-time/?key={API_KEY}&email={EMAIL}
If you're on an unlimited API plan, swap real-time for unlimited in the endpoint path. Everything else is identical.
Single Email Verification
Start here. This is the pattern for verifying one address - the building block everything else is based on.
// verify-email.js
const axios = require('axios');
const API_KEY = process.env.BEC_API_KEY;
const BASE_URL = 'https://api.bulkemailchecker.com/real-time/';
async function verifyEmail(email) {
const response = await axios.get(BASE_URL, {
params: {
key: API_KEY,
email: email
},
timeout: 10000 // 10 second timeout
});
return response.data;
}
// Basic usage
(async () => {
const result = await verifyEmail('user@example.com');
// Primary status: passed | failed | unknown
if (result.status === 'passed') {
console.log('Valid - safe to add to database');
} else if (result.status === 'failed') {
// Use event field for the specific reason
console.log('Invalid email:', result.event);
// event values: mailbox_does_not_exist, domain_does_not_exist,
// mxserver_does_not_exist, invalid_syntax, etc.
} else {
// unknown - catch-all domain or greylisting
console.log('Uncertain:', result.event);
// event values: is_catchall, is_greylisting, inconclusive
}
})();Reading the Full API Response
The API returns a lot more than just pass/fail. Here's the full response object and when each field matters:
// Full response from Bulk Email Checker API
// (actual live response structure - no invented fields)
{
"status": "passed", // passed | failed | unknown
"event": "mailbox_exists", // detailed sub-status (see below)
"details": "Mailbox verified", // human-readable description
"email": "user@example.com", // the address that was checked
"emailSuggested": "", // typo correction if detected
"mailbox": "user", // local part before the @
"domain": "example.com", // domain part
"isDisposable": false, // temp/throwaway email service
"isFreeService": true, // Gmail, Yahoo, Outlook, etc.
"isRoleAccount": false, // info@, admin@, support@, etc.
"isGibberish": false, // random character patterns
"isOffensive": false, // inappropriate content in address
"isComplainer": false, // known spam complaint history
"creditsRemaining": 9950, // credits left on your account
"execution": "0.312", // API response time in seconds
"mxEnrichment": {
"mxIp": "142.250.102.27",
"mxHostname": "alt4.gmail-smtp-in.l.google.com",
"mxCity": "Mountain View",
"mxCountry": "United States",
"mxIsp": "Google LLC"
}
}
// Event values when status === "passed":
// mailbox_exists
// Event values when status === "failed":
// mailbox_does_not_exist, mailbox_full, invalid_syntax,
// domain_does_not_exist, mxserver_does_not_exist,
// blacklisted_external, blacklisted_failed, blacklisted_domain
// Event values when status === "unknown":
// is_catchall, is_greylisting, inconclusiveisDisposable and isRoleAccount independently of status. A disposable address can return status: "passed" because the mailbox technically exists - but it'll go dead within hours. Block disposable addresses at signup, and flag role accounts for separate handling.
Here's a complete decision function that handles all the flags together:
// emailDecision.js - Translate API response to a clear action
function getEmailDecision(result) {
// Hard block - never accept these
if (result.isDisposable) {
return { action: 'block', reason: 'Disposable email address' };
}
if (result.status === 'failed') {
return { action: 'block', reason: result.event };
}
// Accept with a flag for monitoring
if (result.isRoleAccount) {
return { action: 'accept_flagged', reason: 'Role account - low engagement expected' };
}
if (result.status === 'unknown' && result.event === 'is_catchall') {
return { action: 'accept_flagged', reason: 'Catch-all domain - unconfirmed' };
}
// Typo correction detected - suggest fix to user
if (result.emailSuggested && result.emailSuggested !== result.email) {
return {
action: 'suggest_correction',
suggested: result.emailSuggested,
reason: 'Possible typo detected'
};
}
// Fully verified and clean
if (result.status === 'passed') {
return { action: 'accept', reason: 'Verified' };
}
// Anything else - accept but monitor
return { action: 'accept_flagged', reason: result.event };
}
// Usage example
const result = await verifyEmail('user@example.com');
const decision = getEmailDecision(result);
if (decision.action === 'block') {
res.status(400).json({ error: decision.reason });
} else if (decision.action === 'suggest_correction') {
res.status(200).json({ suggestion: decision.suggested });
} else {
// accept or accept_flagged - proceed with signup
await createUser(email, { flagged: decision.action === 'accept_flagged' });
}Express.js Middleware Integration
The cleanest approach for signup forms is middleware. Verify the email before it reaches your route handler, and if it fails, the request never gets to your database logic.
// middleware/verifyEmailMiddleware.js
const axios = require('axios');
const API_KEY = process.env.BEC_API_KEY;
const BASE_URL = 'https://api.bulkemailchecker.com/real-time/';
async function verifyEmailMiddleware(req, res, next) {
const email = req.body.email;
// Skip if no email in body
if (!email) {
return res.status(400).json({ error: 'Email address is required' });
}
try {
const response = await axios.get(BASE_URL, {
params: { key: API_KEY, email },
timeout: 8000
});
const result = response.data;
// Hard block: disposable addresses
if (result.isDisposable) {
return res.status(422).json({
error: 'Please use a permanent email address. Temporary emails are not accepted.'
});
}
// Hard block: definitively invalid
if (result.status === 'failed') {
return res.status(422).json({
error: 'This email address appears to be invalid. Please double-check and try again.'
});
}
// Typo detected - send correction suggestion
if (result.emailSuggested && result.emailSuggested !== email) {
return res.status(200).json({
suggestion: result.emailSuggested,
message: 'Did you mean ' + result.emailSuggested + '?'
});
}
// Attach verification result to request for the route handler
req.emailVerification = result;
// Pass through to next middleware / route handler
next();
} catch (err) {
// If verification API is down, fail open (don't block signups)
console.error('Email verification error:', err.message);
next(); // proceed without verification
}
}
module.exports = verifyEmailMiddleware;
// app.js - Use the middleware on your signup route
const express = require('express');
const verifyEmailMiddleware = require('./middleware/verifyEmailMiddleware');
const app = express();
app.use(express.json());
app.post('/signup', verifyEmailMiddleware, async (req, res) => {
const { email, name } = req.body;
const verification = req.emailVerification; // available if middleware passed
// Flag role accounts in your database for later review
const isRoleAccount = verification?.isRoleAccount || false;
// Create user with verification metadata
await db.users.create({
email,
name,
emailVerified: verification?.status === 'passed',
emailFlags: isRoleAccount ? ['role_account'] : []
});
res.json({ success: true });
});
app.listen(3000, () => console.log('Server running on port 3000'));next() instead of returning an error. Blocking all signups because the verification endpoint timed out is worse than accepting a few bad addresses. Log the error, alert your team, and investigate when volume is low.
Batch Verification with Rate Limiting
Verifying an uploaded CSV list or cleaning a legacy database requires a different pattern. You can't fire 50,000 parallel requests - you'll hit rate limits and overwhelm the network. Process in controlled batches with delays between them.
// batchVerify.js - Process a large email list in controlled batches
const axios = require('axios');
const fs = require('fs');
const API_KEY = process.env.BEC_API_KEY;
const BASE_URL = 'https://api.bulkemailchecker.com/real-time/';
const BATCH_SIZE = 10; // emails per batch
const DELAY_MS = 1000; // 1 second between batches
// Helper: pause execution
const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));
// Verify a single email with retry logic
async function verifySingle(email, retries = 2) {
for (let attempt = 0; attempt <= retries; attempt++) {
try {
const response = await axios.get(BASE_URL, {
params: { key: API_KEY, email },
timeout: 10000
});
return response.data;
} catch (err) {
if (attempt === retries) {
// Final attempt failed - return an error result
return { email, status: 'error', event: err.message };
}
// Wait before retrying
await sleep(2000 * (attempt + 1));
}
}
}
// Process full list with batching
async function verifyList(emails) {
const results = [];
const total = emails.length;
console.log(`Starting verification of ${total} addresses...`);
for (let i = 0; i < total; i += BATCH_SIZE) {
const batch = emails.slice(i, i + BATCH_SIZE);
const batchNumber = Math.floor(i / BATCH_SIZE) + 1;
const totalBatches = Math.ceil(total / BATCH_SIZE);
console.log(`Processing batch ${batchNumber}/${totalBatches} (${batch.length} emails)`);
// Process batch in parallel
const batchResults = await Promise.all(
batch.map(email => verifySingle(email))
);
results.push(...batchResults);
// Pause between batches (skip after last batch)
if (i + BATCH_SIZE < total) {
await sleep(DELAY_MS);
}
}
return results;
}
// Separate results into categories
function categorizeResults(results) {
return {
valid: results.filter(r => r.status === 'passed' && !r.isDisposable),
invalid: results.filter(r => r.status === 'failed'),
risky: results.filter(r => r.status === 'unknown' || r.isDisposable || r.isRoleAccount),
errors: results.filter(r => r.status === 'error')
};
}
// Main execution
(async () => {
// Load emails from a flat text file (one per line) or swap with CSV parsing
const emails = fs.readFileSync('emails.txt', 'utf8')
.split('\n')
.map(e => e.trim())
.filter(e => e.length > 0);
const results = await verifyList(emails);
const categories = categorizeResults(results);
console.log('\nResults summary:');
console.log(' Valid: ', categories.valid.length);
console.log(' Invalid:', categories.invalid.length);
console.log(' Risky: ', categories.risky.length);
console.log(' Errors: ', categories.errors.length);
// Save valid list
const validEmails = categories.valid.map(r => r.email).join('\n');
fs.writeFileSync('emails_clean.txt', validEmails);
console.log('\nClean list saved to emails_clean.txt');
})();Async Patterns for High-Throughput Use
If you're verifying addresses as part of a data pipeline - ingesting leads from a CRM sync or processing a webhook stream - you want concurrency without hammering the API. A queue-based approach gives you controlled parallelism.
// asyncQueue.js - Concurrent verification with a concurrency limit
const axios = require('axios');
const API_KEY = process.env.BEC_API_KEY;
const BASE_URL = 'https://api.bulkemailchecker.com/real-time/';
const CONCURRENCY = 5; // max parallel requests at once
async function verifyEmail(email) {
const { data } = await axios.get(BASE_URL, {
params: { key: API_KEY, email },
timeout: 10000
});
return data;
}
// Simple concurrency limiter using a pool of promises
async function verifyWithConcurrencyLimit(emails, concurrency = CONCURRENCY) {
const results = new Array(emails.length);
const queue = [...emails.entries()]; // [[index, email], ...]
async function worker() {
while (queue.length > 0) {
const [index, email] = queue.shift();
try {
results[index] = await verifyEmail(email);
} catch (err) {
results[index] = { email, status: 'error', event: err.message };
}
}
}
// Start N workers in parallel
await Promise.all(
Array.from({ length: concurrency }, () => worker())
);
return results;
}
// Usage
const emails = [
'alice@example.com',
'bob@test.org',
'charlie@company.io',
// ... up to thousands of addresses
];
const results = await verifyWithConcurrencyLimit(emails, 5);
console.log(`Verified ${results.length} addresses`);
console.log(`Valid: ${results.filter(r => r.status === 'passed').length}`);Production Error Handling
A verification API call can fail for several reasons: network timeout, rate limit hit, temporary server issue, or an invalid API key. Handle each case explicitly so your application degrades gracefully rather than crashing or blocking users.
// productionVerify.js - Robust verification with full error handling
const axios = require('axios');
const API_KEY = process.env.BEC_API_KEY;
const BASE_URL = 'https://api.bulkemailchecker.com/real-time/';
async function verifyEmailProduction(email) {
try {
const response = await axios.get(BASE_URL, {
params: { key: API_KEY, email },
timeout: 8000
});
const result = response.data;
// Alert if credits are running low
if (result.creditsRemaining < 100) {
console.warn(`Low credits warning: ${result.creditsRemaining} remaining`);
}
return result;
} catch (err) {
// Network or timeout error
if (err.code === 'ECONNABORTED' || err.code === 'ETIMEDOUT') {
console.error('Verification timeout - API may be slow');
return { status: 'error', event: 'timeout', email };
}
// HTTP error response
if (err.response) {
const status = err.response.status;
if (status === 401 || status === 403) {
// Invalid API key - this needs immediate attention
console.error('Invalid API key - check BEC_API_KEY environment variable');
throw new Error('API authentication failed');
}
if (status === 429) {
// Rate limit hit - back off and retry
console.warn('Rate limit hit - consider reducing concurrency');
return { status: 'error', event: 'rate_limited', email };
}
if (status >= 500) {
// Server error - fail open, log for monitoring
console.error('API server error:', status);
return { status: 'error', event: 'server_error', email };
}
}
// Unknown error
console.error('Unexpected verification error:', err.message);
return { status: 'error', event: err.message, email };
}
}
module.exports = { verifyEmailProduction };Frequently Asked Questions
Does the Bulk Email Checker API work with Node.js fetch instead of axios?
Yes. The API is a standard REST endpoint that works with any HTTP client. Node.js 18+ includes a native fetch implementation. Just replace the axios call with fetch(url + new URLSearchParams({key: API_KEY, email})) and parse the JSON response with await res.json(). The response structure is identical regardless of HTTP client.
How fast is the API response?
Real-time SMTP verification typically completes in 0.3 to 1.5 seconds per address. The execution field in every API response shows the exact time taken for that specific check. For signup form validation, this speed is imperceptible to users. Set a client-side timeout of 8-10 seconds to handle occasional delays from slow mail servers gracefully.
What should I do with "unknown" status addresses?
Unknown status means the verification couldn't definitively confirm or deny the mailbox. The two most common causes are catch-all domains (the server accepts all addresses regardless of whether the mailbox exists) and greylisting (the server temporarily deferred the verification request). For signup forms, accept unknown addresses but tag them in your database for monitoring. If they bounce on your first real send, suppress them immediately.
Can I verify emails without the axios package?
Yes. The built-in Node.js https module works fine. The endpoint is a simple GET request. You can also use node-fetch, got, or any other HTTP library. The API has no Node.js-specific SDK requirement - it's a universal REST API that returns JSON.
How do I handle the API during high-traffic signups?
For high-traffic scenarios, two approaches work well. First, run verification asynchronously after accepting the signup - store the address, mark it as unverified, send a welcome email, and verify in the background before sending any campaigns. Second, use the concurrency-limited pattern from the async section above to cap parallel API requests at 5-10 simultaneous calls. For very high-volume needs, the unlimited API plan removes per-request costs and supports thread-based scaling.
Conclusion
Email verification in Node.js comes down to one API call and a clean decision function. The core pattern - make the GET request, check result.status, then check the boolean flags for disposable and role accounts - handles 95% of real-world cases.
Add that logic as Express middleware and every new signup gets validated before it touches your database. Add the batch processing pattern and you can clean a legacy list of any size overnight. The error handling patterns ensure that a slow API response never blocks a legitimate signup.
Check your first 10 addresses for free using the free email verification tool, review the full API documentation for additional parameters, and when you're ready to go into production, pay-as-you-go credits mean you only pay for what you actually verify.
Stop Bouncing. Start Converting.
Millions of emails verified daily. Industry-leading SMTP validation engine.