How to Validate Email Addresses with PHP

Validate email addresses using simple PHP tests to confirm the email address has proper syntax and a valid MX domain record. Push PHP to the limit of it's email validation checks.

For developers and webmasters that operate sites with users, payments, or sign ups ... it's only a matter of time before you find yourself needing to validate email addresses. The PHP language to validate emails is quite simple and can fully process in just a few milliseconds. The examples below verify the email address with PHP and will focus on syntax rather than confirming the email address is alive and able to accept new email with more advanced API services. We'll explain how to perform both simple local checks and advanced third party checks in this article.

PHP Email Validation

The average internet user has 2 or more email addresses. And with thousands of temporary email address services that allow users to create an email account in just 1 click, it's incredibly easy for users to provide a fake email during the sign up process. It's also very common for a typo to occur where good intentioned users provide invalid user data. So how can we solve these issues?

Validate Emails with PHP Coding

// quick syntax check
if (filter_var($email_address, FILTER_VALIDATE_EMAIL) === false || preg_match('/@.+\./', $email_address) === false) {
    // email is not valid syntax
}

This PHP validation check confirms the email address contains proper syntax including an "@" symbol as well as a proper domain extension such as ".com". The PHP "FILTER_VALIDATE_EMAIL" function will automatically perform regex tests, so any additional regex checks are not required. Let's take this a step further by confirming the domain has an MX record allocated to its DNS settings. MX records allow mail addressed to this domain to be routed directly to the corresponding mail server. For example, if an MX record of "mail.example.com" was set as the MX record for the email address, the message would be sent to the IP address or hostname for "mail.example.com". Confirming the MX record is properly defined can reduce fraudulent and invalid emails by over 20%.

Check Email Domain MX Record with PHP

// capture domain extension 
$email_host = strtolower(substr(strrchr($email_address, "@"), 1));
// set host to fully qualified domain
$email_host = idn_to_ascii($email_host.'.');
if (!checkdnsrr($email_host, "MX")) {
		     // email invalid -> domain does not have a valid MX record
}

The PHP email validation tests above are the most advanced filtering tests possible within the PHP language. These checks will provide decent protection and help reduce fake email addresses, yet there will still be large gaps in coverage for fake accounts. For example, "example@gmail.com" would meet all of these requirements since it has the proper email syntax and gmail.com also has MX records set at the DNS level. So how do we fill in these gaps? Using a third party API service for email validation is truly the best way. These services have relationships with popular mail service providers that can quickly determine if a gmail account has an active inbox and can receive new messages. Our API, also returns over 25 data points to provide greater insight into the quality of the email address through various reputation checks.

Implementing email verification via our API service is quite easy and can be added in just a few minutes. The PHP code below will quickly integrate this service into your sites or apps and can supplement any existing business logic you are currently performing for user validation.

PHP Email Validation API Integration Example

    $key = 'YOURAPIKEY';
$email = 'test@example.com';
$timeout = 2; // in seconds
$result = json_decode(file_get_contents(sprintf('https://ipqualityscore.com/api/json/email/%s/%s?timeout=%s', $key, $email, $timeout)), true);
if($result !== null){
if(isset($result['disposable']) && $result['disposable'] == true){
// email address is from a temporary or disposable service
if(isset($result['recent_abuse']) && $result['recent_abuse'] == true){
// email address has recently engaged in abuse across the IPQS network
} elseif(isset($result['valid']) && $result['valid'] == true){
// email address is valid
}
}
Easily Validate Email Address in Real-time

Test IPQS API tools with 5,000 free monthly lookups and evaluate if the service is a good fit for your business. Create a free account to generate an API key and deploy this service directly on your site. IPQS blacklists update every few minutes with new temporary domain services and high risk email addresses recently used for abusive behavior. The API example above will support mail service provider's in any country. It is also possible to upload email address lists instead of using the API service.

API Lookup Access

Easy API Lookups

Threat & Abuse Network

Largest Threat & Abuse Network

Fraud Prevention Detection

Industry Leading Fraud Prevention

Ready to eliminate fraud?

Start fighting fraud in minutes!

Questions? Call us at (800) 713-2618

Schedule a Demo Sign Up »

Get Started with 5,000 Free Lookups Per Month!