Email Validation in Production: Real-World Lessons from 50K Lists

Published February 18, 2026 · 15 min read

Three years ago I got paged at 2 AM because our email campaign tanked our sender reputation. Hard bounce rate: 19%. Gmail had started routing everything to spam. We'd just blasted 48,000 emails to a list that had been sitting untouched for 14 months.

That incident cost us roughly $40,000 in lost revenue (two weeks of impaired deliverability for all campaigns) and six hours of emergency triage. All of it was preventable with a $12 validation run.

Since then I've validated millions of emails across dozens of systems—SaaS signups, cold outreach tools, e-commerce checkouts, marketing automation platforms. This article is everything I wish I'd known before that night.

1. When Email Validation is Mission-Critical

Not every context needs the same validation intensity. But there are scenarios where skipping validation is genuinely dangerous:

Before Sending to Cold or Stale Lists

This is the scenario that bit me. Any list that hasn't been emailed in more than 90 days needs validation before you touch it. Email addresses decay at roughly 2-3% per month — people leave companies, abandon addresses, let domains lapse.

The math is brutal: a 50,000-contact list untouched for 12 months statistically contains 12,000–18,000 problematic addresses. That's not edge cases — that's your entire B2B segment at a mid-size company.

SaaS Sign-Up Forms

Real-time validation at signup catches:

• Typos: gmial.com, hotmail.con, yaho.com — these alone account for 3-5% of user input errors
• Fake addresses: Users who want your free tier but don't want marketing
• Disposable emails: Temp-mail.org, Guerrilla Mail — problematic for paid plans
• Role addresses: info@, admin@, noreply@ — often not a real person

# Impact of not validating at signup (real data from a B2B SaaS)
Month 1: 1,200 signups, 8.3% fake/disposable = 100 wasted onboarding sequences
Month 6: 7,200 signups total, 8.3% = 600 wasted emails
Avg activation email cost: $0.005 × 600 = $3
BUT: Onboarding sequences (6 emails) × 600 = 3,600 emails = $18
PLUS: Support tickets from "I didn't sign up" abuse = 15-20 tickets/mo
PLUS: Skewed activation metrics from fake accounts

Total monthly waste (conservative): $200-400 + staff time

High-Value Transactional Email

Password resets, order confirmations, payment receipts. A hard bounce here means a real customer loses access to their account or never gets their receipt. The support ticket that follows costs 10–50x what validation would have.

Compliance-Sensitive Industries

GDPR, CCPA, CAN-SPAM. If you're sending to invalid addresses from an opted-in list, you're accumulating "silent bounces" that may indicate the consent record is bad. Some audit frameworks now require demonstrating list hygiene as part of data quality compliance.

2. When NOT to Validate (Seriously)

This section is the one most engineers skip. It's often more important than knowing when to validate.

Don't Validate at Every Login Attempt

Rookie mistake: adding SMTP validation to every authentication flow. This adds 500ms–3s latency and is entirely useless — if the account exists in your database, the email was already validated at signup. You're just burning money and slowing down auth.

Don't Full-Validate on Every API Call

If you have an endpoint that accepts an email address and processes it (CRM updates, profile edits), you don't need full SMTP validation on every hit. Syntax + DNS check is usually sufficient. Save full SMTP verification for signup and bulk operations.

Don't Validate Unsubscribe Requests

If a user is trying to unsubscribe, let them. Period. Adding validation friction here is both bad UX and potentially non-compliant with CAN-SPAM (which requires "simple" unsubscribe mechanisms). Just process the request.

Don't Re-Validate Active Engaged Users

If someone opened your last 5 emails, their address is valid. Re-validating actively engaged segments is pure waste — you have real-world proof of deliverability. Save validation budget for inactive and new addresses.

# Segmentation before validation — saves 60-70% of your validation cost
def needs_validation(contact):
    """Determine if a contact needs re-validation."""

    # Never re-validate recently active
    if contact.last_opened_at and days_ago(contact.last_opened_at) < 60:
        return False

    # Never re-validate recently clicked
    if contact.last_clicked_at and days_ago(contact.last_clicked_at) < 90:
        return False

    # Validate if never sent to
    if not contact.last_sent_at:
        return True

    # Validate if stale (90+ days with no engagement)
    if days_ago(contact.last_sent_at) > 90:
        return True

    # Validate if previously bounced (re-check)
    if contact.bounce_count > 0:
        return True

    return False

# Result: on a 100K list, typically only 25-40K need validation
# Savings: 60-75% of validation cost

Don't Over-React to "Unknown" Status

Most validators return a bucket of results: valid, invalid, catch-all, unknown. The mistake is rejecting everything that isn't valid. Catch-all and unknown addresses often have 60-80% real deliverability rates. Filtering them aggressively can wipe out a significant chunk of legitimate B2B contacts, since corporate domains frequently use catch-all configurations.

3. Anatomy of Production Validation

Understanding what happens under the hood helps you make better architectural decisions.

The Validation Pipeline

Email Address Input
        │
        ▼
┌─────────────────────┐    Cheapest, fastest
│  1. Syntax Check    │ ── 0ms, no network
│  (regex + parsing)  │    Cost: FREE
└─────────────────────┘
        │ passes
        ▼
┌─────────────────────┐    Fast, low cost
│  2. Domain/DNS Check│ ── 10-50ms, DNS lookup
│  (MX record check)  │    Cost: <$0.00001
└─────────────────────┘
        │ has MX
        ▼
┌─────────────────────┐    Medium speed
│  3. Disposable Check│ ── 0-5ms, local DB
│  (known temp domains)│   Cost: FREE (cached)
└─────────────────────┘
        │ not disposable
        ▼
┌─────────────────────┐    Slowest, most accurate
│  4. SMTP Handshake  │ ── 200ms-3000ms, network
│  (mailbox existence)│    Cost: $0.0003-0.002
└─────────────────────┘
        │
        ▼
┌─────────────────────┐
│  5. Risk Scoring    │ ── ML-based scoring
│  (ML + heuristics)  │    (catch-all, behavior)
└─────────────────────┘
        │
        ▼
   Result: valid / invalid / catch-all / unknown / disposable

The key insight: each layer acts as a gate for the more expensive next layer. On a typical list, syntax filtering eliminates 2-5%, DNS filtering another 3-8%, disposable filtering 1-3%. By the time you hit SMTP, you're only running the expensive check on 85-90% of addresses — which is the real cost optimization.

4. Python: From Naive to Production-Ready

Stage 1: The Naive Approach (Don't Ship This)

import re

# This is everywhere on Stack Overflow. Don't use it in production.
def is_valid_email_naive(email: str) -> bool:
    pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
    return bool(re.match(pattern, email))

# Problems:
# ✗ Doesn't check if domain actually exists
# ✗ Accepts [email protected] as valid
# ✗ Doesn't handle internationalized domains (IDN)
# ✗ No disposable email detection
# ✗ "Valid" syntax ≠ deliverable mailbox

Stage 2: Better — DNS-Aware Validation

import re
import dns.resolver
import dns.exception
from dataclasses import dataclass
from typing import Optional
import socket

DISPOSABLE_DOMAINS = {
    "mailinator.com", "guerrillamail.com", "tempmail.org",
    "throwaway.email", "sharklasers.com", "10minutemail.com",
    "yopmail.com", "trashmail.com", "maildrop.cc",
    # Load from a more complete list in production
}

ROLE_PREFIXES = {
    "admin", "info", "support", "help", "noreply", "no-reply",
    "postmaster", "webmaster", "sales", "contact", "hello"
}

@dataclass
class ValidationResult:
    email: str
    is_valid: bool
    is_disposable: bool
    is_role_address: bool
    has_mx: bool
    error: Optional[str] = None
    risk_score: float = 0.0  # 0.0 = safe, 1.0 = definitely bad

def validate_email(email: str) -> ValidationResult:
    email = email.strip().lower()

    # Step 1: Syntax check
    pattern = r'^[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}$'
    if not re.match(pattern, email):
        return ValidationResult(
            email=email, is_valid=False, is_disposable=False,
            is_role_address=False, has_mx=False,
            error="syntax_invalid"
        )

    local_part, domain = email.rsplit('@', 1)

    # Step 2: Disposable check (fast, local)
    is_disposable = domain in DISPOSABLE_DOMAINS

    # Step 3: Role address check
    is_role = local_part.split('+')[0] in ROLE_PREFIXES

    # Step 4: DNS / MX check
    try:
        mx_records = dns.resolver.resolve(domain, 'MX', lifetime=5.0)
        has_mx = len(mx_records) > 0
    except (dns.exception.DNSException, socket.gaierror):
        return ValidationResult(
            email=email, is_valid=False, is_disposable=is_disposable,
            is_role_address=is_role, has_mx=False,
            error="no_mx_records"
        )

    # Risk scoring
    risk = 0.0
    if is_disposable: risk += 0.8
    if is_role:       risk += 0.3

    is_valid = has_mx and not is_disposable and risk < 0.5

    return ValidationResult(
        email=email,
        is_valid=is_valid,
        is_disposable=is_disposable,
        is_role_address=is_role,
        has_mx=has_mx,
        risk_score=risk
    )

# Usage
result = validate_email("[email protected]")
print(f"Valid: {result.is_valid}, Risk: {result.risk_score}")

Stage 3: Production-Ready — Async Bulk Validation

import asyncio
import aiohttp
import csv
import json
from pathlib import Path
from typing import AsyncGenerator, List
import time

# Using Emails Wipes API for SMTP-level validation at scale
EMAILS_WIPES_API_KEY = "your_api_key_here"
EMAILS_WIPES_BATCH_URL = "https://api.emails-wipes.com/v1/validate/batch"

async def validate_batch_async(
    emails: List[str],
    session: aiohttp.ClientSession,
    semaphore: asyncio.Semaphore
) -> List[dict]:
    """Validate a batch of emails with rate limiting."""
    async with semaphore:
        try:
            async with session.post(
                EMAILS_WIPES_BATCH_URL,
                json={"emails": emails},
                headers={
                    "Authorization": f"Bearer {EMAILS_WIPES_API_KEY}",
                    "Content-Type": "application/json"
                },
                timeout=aiohttp.ClientTimeout(total=30)
            ) as response:
                if response.status == 200:
                    data = await response.json()
                    return data.get("results", [])
                elif response.status == 429:
                    # Rate limit hit — exponential backoff
                    retry_after = int(response.headers.get("Retry-After", 60))
                    print(f"Rate limited. Waiting {retry_after}s...")
                    await asyncio.sleep(retry_after)
                    return await validate_batch_async(emails, session, semaphore)
                else:
                    print(f"API error {response.status}: {await response.text()}")
                    return []
        except asyncio.TimeoutError:
            print(f"Timeout validating batch of {len(emails)}")
            return []

async def validate_large_list(
    input_csv: str,
    output_csv: str,
    batch_size: int = 100,
    max_concurrent: int = 5
) -> dict:
    """
    Validate a large email list efficiently.

    batch_size=100: Most APIs support up to 100-200 per batch
    max_concurrent=5: Control parallelism to avoid rate limits
    """
    start_time = time.time()

    # Read emails from CSV
    emails = []
    with open(input_csv, 'r') as f:
        reader = csv.DictReader(f)
        for row in reader:
            email = row.get('email', '').strip()
            if email:
                emails.append(email)

    print(f"Loaded {len(emails):,} emails. Starting validation...")

    # Create batches
    batches = [emails[i:i+batch_size] for i in range(0, len(emails), batch_size)]

    all_results = []
    semaphore = asyncio.Semaphore(max_concurrent)

    async with aiohttp.ClientSession() as session:
        tasks = [
            validate_batch_async(batch, session, semaphore)
            for batch in batches
        ]

        # Process with progress tracking
        completed = 0
        for task in asyncio.as_completed(tasks):
            results = await task
            all_results.extend(results)
            completed += 1
            if completed % 10 == 0:
                pct = (completed / len(batches)) * 100
                elapsed = time.time() - start_time
                rate = len(all_results) / elapsed if elapsed > 0 else 0
                print(f"Progress: {pct:.0f}% | Rate: {rate:.0f} emails/sec")

    # Write results
    stats = {"valid": 0, "invalid": 0, "risky": 0, "unknown": 0}

    with open(output_csv, 'w', newline='') as f:
        writer = csv.DictWriter(f, fieldnames=[
            'email', 'status', 'sub_status', 'is_disposable',
            'is_role', 'is_catch_all', 'risk_score', 'domain'
        ])
        writer.writeheader()
        for result in all_results:
            writer.writerow(result)
            stats[result.get('status', 'unknown')] = \
                stats.get(result.get('status', 'unknown'), 0) + 1

    elapsed = time.time() - start_time
    stats['total'] = len(all_results)
    stats['duration_seconds'] = round(elapsed, 1)
    stats['emails_per_second'] = round(len(all_results) / elapsed, 1)

    print(f"\n✅ Validation complete!")
    print(f"   Total: {stats['total']:,}")
    print(f"   Valid: {stats.get('valid', 0):,}")
    print(f"   Invalid: {stats.get('invalid', 0):,}")
    print(f"   Risky: {stats.get('risky', 0):,}")
    print(f"   Duration: {elapsed:.1f}s ({stats['emails_per_second']} emails/sec)")

    return stats

# Run it
if __name__ == "__main__":
    stats = asyncio.run(validate_large_list(
        input_csv="contacts.csv",
        output_csv="contacts_validated.csv",
        batch_size=100,
        max_concurrent=5
    ))
    print(json.dumps(stats, indent=2))

5. Node.js: Async Patterns That Scale

Single-Email Real-Time Validation (Signup Forms)

// emailValidator.js — Drop-in middleware for Express.js
const axios = require('axios');

const EMAILS_WIPES_KEY = process.env.EMAILS_WIPES_API_KEY;
const VALIDATION_TIMEOUT_MS = 3000; // Never block signup for more than 3s

// Simple in-memory cache — use Redis in production
const validationCache = new Map();
const CACHE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours

async function validateEmailRealTime(email) {
  const normalizedEmail = email.toLowerCase().trim();

  // Cache check — avoid re-validating same address
  const cached = validationCache.get(normalizedEmail);
  if (cached && Date.now() - cached.timestamp < CACHE_TTL_MS) {
    return { ...cached.result, cached: true };
  }

  try {
    const response = await axios.post(
      'https://api.emails-wipes.com/v1/validate/single',
      { email: normalizedEmail },
      {
        headers: {
          Authorization: `Bearer ${EMAILS_WIPES_KEY}`,
          'Content-Type': 'application/json'
        },
        timeout: VALIDATION_TIMEOUT_MS
      }
    );

    const result = response.data;

    // Cache successful results
    validationCache.set(normalizedEmail, {
      result,
      timestamp: Date.now()
    });

    return result;
  } catch (error) {
    if (error.code === 'ECONNABORTED') {
      // Timeout — fail open (don't block signup)
      console.warn(`Validation timeout for ${normalizedEmail}. Allowing through.`);
      return { status: 'unknown', error: 'timeout', allow: true };
    }
    // Network error — fail open
    console.error(`Validation error: ${error.message}`);
    return { status: 'unknown', error: error.message, allow: true };
  }
}

// Express middleware
function emailValidationMiddleware(options = {}) {
  const {
    blockDisposable = true,
    blockInvalid = true,
    allowUnknown = true,     // fail-open for unknown
    softBlockRoleAddresses = false  // warn but don't block
  } = options;

  return async (req, res, next) => {
    const email = req.body?.email;

    if (!email) {
      return res.status(400).json({ error: 'Email is required' });
    }

    const validation = await validateEmailRealTime(email);

    // Attach to request for use in route handlers
    req.emailValidation = validation;

    // Block invalid emails
    if (blockInvalid && validation.status === 'invalid') {
      return res.status(422).json({
        error: 'invalid_email',
        message: 'This email address appears to be invalid. Please check for typos.',
        details: validation.sub_status
      });
    }

    // Block disposables
    if (blockDisposable && validation.is_disposable) {
      return res.status(422).json({
        error: 'disposable_email',
        message: 'Disposable email addresses are not accepted. Please use your primary email.',
      });
    }

    // Soft-block role addresses
    if (softBlockRoleAddresses && validation.is_role) {
      return res.status(422).json({
        error: 'role_email',
        message: 'Please use a personal email address instead of a shared inbox.',
      });
    }

    next();
  };
}

module.exports = { validateEmailRealTime, emailValidationMiddleware };

// Usage in your Express app:
// const { emailValidationMiddleware } = require('./emailValidator');
// app.post('/signup', emailValidationMiddleware({ blockDisposable: true }), signupHandler);

Bulk Validation with Worker Threads (High-Throughput)

// bulkValidator.js — Process 50K emails efficiently
const { Worker, isMainThread, parentPort, workerData } = require('worker_threads');
const axios = require('axios');
const os = require('os');

// Worker code (runs in each thread)
if (!isMainThread) {
  const { chunk, apiKey } = workerData;

  (async () => {
    const BATCH_SIZE = 100;
    const results = [];

    for (let i = 0; i < chunk.length; i += BATCH_SIZE) {
      const batch = chunk.slice(i, i + BATCH_SIZE);

      try {
        const response = await axios.post(
          'https://api.emails-wipes.com/v1/validate/batch',
          { emails: batch },
          {
            headers: { Authorization: `Bearer ${apiKey}` },
            timeout: 30000
          }
        );
        results.push(...response.data.results);
      } catch (err) {
        // Add error results for this batch
        results.push(...batch.map(email => ({
          email,
          status: 'error',
          error: err.message
        })));
      }

      // Progress report to main thread
      parentPort.postMessage({ type: 'progress', count: batch.length });
    }

    parentPort.postMessage({ type: 'done', results });
  })();
}

// Main thread code
async function validateWithWorkers(emails, apiKey) {
  const numWorkers = Math.min(os.cpus().length, 4); // Cap at 4 workers
  const chunkSize = Math.ceil(emails.length / numWorkers);
  const chunks = [];

  for (let i = 0; i < emails.length; i += chunkSize) {
    chunks.push(emails.slice(i, i + chunkSize));
  }

  console.log(`Processing ${emails.length.toLocaleString()} emails with ${numWorkers} workers...`);

  let processed = 0;
  const allResults = [];

  await Promise.all(chunks.map((chunk, i) => {
    return new Promise((resolve, reject) => {
      const worker = new Worker(__filename, {
        workerData: { chunk, apiKey }
      });

      worker.on('message', (msg) => {
        if (msg.type === 'progress') {
          processed += msg.count;
          const pct = ((processed / emails.length) * 100).toFixed(1);
          process.stdout.write(`\rProgress: ${pct}% (${processed.toLocaleString()}/${emails.length.toLocaleString()})`);
        }
        if (msg.type === 'done') {
          allResults.push(...msg.results);
          resolve();
        }
      });

      worker.on('error', reject);
    });
  }));

  console.log('\nValidation complete!');

  // Summary
  const summary = allResults.reduce((acc, r) => {
    acc[r.status] = (acc[r.status] || 0) + 1;
    return acc;
  }, {});

  console.table(summary);
  return allResults;
}

module.exports = { validateWithWorkers };

6. Performance Optimization at Scale

When you're dealing with lists of 50K+ addresses, performance decisions have real cost implications. Here's what actually moves the needle:

Cache Aggressively

Email addresses don't change minute-to-minute. A cached validation result is valid for 24–72 hours for most use cases. If you're re-validating the same addresses repeatedly (e.g., in a CI/CD pipeline or nightly hygiene job), a simple Redis cache can eliminate 40–70% of API calls.

import redis
import json
import hashlib
from datetime import timedelta

r = redis.Redis(host='localhost', port=6379, decode_responses=True)

def get_cached_validation(email: str) -> dict | None:
    key = f"email_validation:{hashlib.md5(email.lower().encode()).hexdigest()}"
    cached = r.get(key)
    return json.loads(cached) if cached else None

def cache_validation_result(email: str, result: dict, ttl_hours: int = 48):
    key = f"email_validation:{hashlib.md5(email.lower().encode()).hexdigest()}"
    r.setex(key, timedelta(hours=ttl_hours), json.dumps(result))

# Real-world cache hit rates by list type:
# Fresh signup list: 5-15% cache hits (mostly new addresses)
# CRM re-validation: 60-80% cache hits (mostly seen before)
# Combined inbound traffic: 40-60% cache hits

Pre-Filter Before Sending to API

Running the free layers first means you're only paying for SMTP checks on the 85-90% that passes everything else. On 50,000 emails, that's potentially 5,000–7,500 fewer API calls — saving $1.50–$15 per batch run.

Batch Size Sweet Spot

Most APIs have a sweet spot between latency and throughput. Too small (5-10 per batch) and you're spending most of your time on HTTP overhead. Too large (1000+) and timeouts become a problem. Through trial and error across multiple providers:

• Real-time validation: 1 email (single endpoint, <500ms target)
• Interactive batch: 10–50 emails (1–5s acceptable)
• Bulk overnight: 100–200 emails per batch, 3–5 concurrent
• Maximum throughput: 200 per batch, 10 concurrent = ~2,000 emails/min

Handle Errors Gracefully

class ValidationError(Exception):
    pass

def validate_with_fallback(email: str) -> dict:
    """
    Multi-layer fallback strategy:
    1. Try primary API (Emails Wipes)
    2. Fall back to DNS-only validation
    3. Fall back to syntax-only
    4. Always return something useful
    """

    # Attempt 1: Full SMTP via API
    try:
        return call_validation_api(email, timeout=3.0)
    except TimeoutError:
        pass  # Fall through to next method
    except RateLimitError:
        pass  # Fall through
    except Exception as e:
        print(f"API error: {e}")

    # Attempt 2: DNS-only (free, local)
    try:
        return validate_dns_only(email)
    except Exception:
        pass

    # Attempt 3: Syntax only (never fails)
    return {
        "email": email,
        "status": "syntax_only",
        "is_valid": bool(SYNTAX_REGEX.match(email)),
        "fallback": True
    }

7. Cost Analysis: What You Actually Pay

Let's be concrete. I've seen teams spend 5–10x more than necessary on validation by making poor architectural choices.

API Pricing Reality Check

The ROI Calculation That Matters

# Cost of NOT validating (based on our 2 AM incident)

# Setup
list_size = 50_000
invalid_rate = 0.19           # 19% invalid after 14 months dormant
cost_per_campaign = 500       # ESP cost for 50K emails
avg_campaign_revenue = 8_000  # Revenue attributed to each send

# Without validation
hard_bounces = list_size * invalid_rate                # 9,500 hard bounces
bounce_rate = invalid_rate                             # 19%
reputation_recovery_weeks = 6                          # Industry avg
campaigns_blocked = reputation_recovery_weeks / 2     # Send every 2 weeks = 3 campaigns
revenue_lost = campaigns_blocked * avg_campaign_revenue  # $24,000

# With validation (Emails Wipes pricing)
validation_cost = list_size * 0.0003                   # $15
emails_removed = list_size * invalid_rate              # 9,500 emails removed
esp_savings = (emails_removed / list_size) * cost_per_campaign  # $95 saved on ESP
net_validation_cost = validation_cost - esp_savings    # -$80 (saves money!)

# ROI
roi = (revenue_lost - net_validation_cost) / abs(net_validation_cost)
print(f"Validation cost: ${net_validation_cost:.2f}")
print(f"Revenue protected: ${revenue_lost:,.2f}")
print(f"ROI: {roi:.0f}x")

# Output:
# Validation cost: -$80.00  (negative = you actually save on ESP costs)
# Revenue protected: $24,000.00
# ROI: 300x

When to Use Subscription vs. Pay-Per-Use

• Pay-per-use: Best for <10K validations/month, or highly irregular usage (quarterly list hygiene)
• Subscription: Best for 25K+ validations/month, SaaS signups with predictable volume, or real-time validation on every signup
• Break-even point: Typically around 15,000–20,000 validations/month

8. How We Use Emails Wipes in Production

We evaluated several validation services before settling on Emails Wipes. The differentiator wasn't just accuracy (though the 99.3% deliverability rate is competitive) — it was the API design.

What Made the Integration Easy

The API returns consistent, actionable response structures. Every result has a status (valid/invalid/risky/unknown), a sub_status that explains why (mailbox_not_found, catch_all, disposable, etc.), and a numeric risk_score. This lets you build tiered logic instead of binary allow/reject:

async function categorizeForCampaign(validationResult) {
  const { status, sub_status, risk_score, is_catch_all } = validationResult;

  // Tier 1: Definitely send
  if (status === 'valid' && risk_score < 0.2) {
    return 'send';
  }

  // Tier 2: Send with caution (monitor bounces)
  if (status === 'valid' && risk_score < 0.5) {
    return 'send_monitor';
  }

  // Tier 3: Catch-all — send to B2B, skip for cold outreach
  if (is_catch_all && context === 'b2b_newsletter') {
    return 'send';
  }
  if (is_catch_all && context === 'cold_outreach') {
    return 'skip';  // Too risky for cold
  }

  // Tier 4: Risky — move to re-engagement workflow
  if (status === 'risky') {
    return 'reengagement_flow';
  }

  // Tier 5: Invalid — suppress permanently
  if (status === 'invalid') {
    return 'suppress';
  }

  return 'manual_review';
}

Real Numbers from Our Integration

After integrating Emails Wipes into our signup flow and adding quarterly bulk validation for our CRM:

• Signup bounce rate: 4.2% → 0.3% (real-time validation at signup)
• Campaign hard bounce rate: Down from 2.1% to 0.4% average
• ESP costs: Reduced by 11% (fewer invalid addresses in paid sending volume)
• Gmail inbox placement: 73% → 89% (improved sender reputation)
• Support tickets ("I didn't sign up"): Down 67% (fewer fake accounts)

The API latency is consistently under 450ms for single-email checks (p99), which is fast enough for inline signup validation without noticeably impacting UX.

For bulk validation, we use the batch API with 100-email batches and 5 concurrent workers, hitting roughly 1,800–2,000 emails/minute. A 50K list finishes in 25–30 minutes — which fits neatly into our nightly hygiene job window.

9. Production Checklist

Everything covered in this article, condensed into an actionable checklist:

The 2 AM Rule

Here's the mental model I use now: if an email campaign is valuable enough that a failure would wake me up at 2 AM, the list needs to be validated. Full stop. The math always works out — the cost of a bounced reputation is measured in weeks and tens of thousands of dollars. The cost of validation is measured in cents per thousand.

The only list that doesn't need validation is one you've emailed in the last 30 days and where you're watching your bounce rates in real-time. Everything else is a bet on luck.

Don't bet on luck.