1. You can connect to the server, and issue a VRFY command. This command is designed for this, but only a small number of servers actually implement it. The user is present if the server replies with a 2.0.0 DSN.
VRFY
2. You can send out a RCPT, and see if the email address is accepted.
MAIL FROM:<>
RCPT TO:
You will receive a 5.1.1 DSN if the user is non-existent. However, the mere fact that the email is not returned does not imply that the user is real. To prevent user enumeration, some servers will silently reject requests like this. Other servers must accept the message because they are unable to verify the user.
Greylisting is another anti-spam tactic that causes the server to initially reject the address in the hopes that a genuine SMTP server will attempt a re-delivery at a later time. Attempts to validate the address will be ruined by this.
The ideal method for validating an address is to first use a basic regex to filter addresses that are plainly incorrect, and then send a real email with a link back to your system to verify that the email was received. Additionally, it guarantees that the user submitted their true email address and not just an accidental misspelling that belonged to someone else.
Learn more about how to Common Reasons Why Emails Bounce.
