TL;DR
Domain validation checks whether an email domain has working mail servers (MX records), valid sender authentication (SPF/DKIM/DMARC), and isn't a disposable or catch-all domain — without sending a message. Based on Cleanlist's analysis of 2.1M B2B email addresses, domain validation alone catches 8-12% of bad emails that pass simple syntax checks: typo'd domains, expired domains, free-mail providers, disposable mailboxes, and catch-all servers that silently drop mail. It's the cheapest and fastest layer of email verification — and the first one you should implement.
Domain validation (also called domain verification) is the operation of checking whether an email's domain portion can actually receive mail before you send to it. It's distinct from full email verification, which adds an SMTP-level check to confirm the specific mailbox exists. Domain validation is faster, cheaper, and catches the largest single category of bad emails: invalid or unreachable domains.
This guide explains exactly what domain validation does, when to use it, and how it compares to full email verification.
What domain validation actually checks
Domain validation runs a series of DNS queries against the domain portion of an email address. The standard checks:
1. MX record lookup. Does the domain have Mail Exchange records pointing to a real mail server? Without MX records, the domain literally cannot receive email — every message will hard bounce. Roughly 4-6% of B2B email lists contain emails to MX-less domains (typo'd domains, defunct companies, recently expired registrations).
2. A/AAAA record lookup. As a fallback to MX, some domains accept mail at the apex via A or AAAA records. Modern domain validators check both.
3. SPF (Sender Policy Framework) record check. Does the domain publish an SPF record? While SPF affects sender authentication (your outbound mail), checking it on the recipient side flags domains with broken or misconfigured DNS — often a sign the domain is being abandoned.
4. DKIM (DomainKeys Identified Mail) selector check. Validates the domain's mail authentication setup. Like SPF, this is more of a domain-health signal than a strict deliverability check.
5. DMARC policy check. Reads the domain's DMARC policy (none/quarantine/reject). Affects how the domain handles inbound mail and signals operational maturity.
6. Disposable domain detection. Cross-references against curated lists of throwaway/temporary mail providers (Mailinator, Guerrilla Mail, 10MinuteMail, ProtonMail Tempmail, etc.). About 1-3% of B2B-marked emails are actually disposable.
7. Catch-all detection (advanced). Tests whether the domain is configured to accept all email at the SMTP level — even for non-existent mailboxes. About 12-18% of B2B domains are catch-all (especially Microsoft 365 tenants and small business mail servers). Free tools mark these as "valid"; full validators flag them as risky.
Each check takes 50-300 milliseconds. A complete domain validation typically runs in under 1 second.
Why domain validation matters: the 8-12% bounce fix
We ran a benchmark on 2.1 million B2B email addresses processed through Cleanlist between Q1 2024 and Q1 2026. Of the addresses that passed RFC 5322 syntax validation:
- 4-6% failed MX validation (typo'd domains, expired domains, no mail server)
- 1-3% were disposable mail providers marked as B2B but actually consumer/throwaway
- 2-4% were catch-all domains that accept-then-drop mail silently
- 0.5-1% had broken DNS (no SPF/DKIM/DMARC at all — usually defunct)
Total: 8-12% of B2B emails fail domain validation despite passing syntax checks. Before sending to a list, that's 8-12% of expected bounces caught upstream.
The cost of bouncing those emails through a real send is significant:
- ESP fees ($0.01-0.03 per email regardless of bounce)
- Sender reputation damage (bounce rate above 5% triggers ESP penalties)
- Inbox placement degradation (Validity 2025 study: senders above 5% bounce see inbox placement drop from 89% to 62% within 30 days)
Domain validation costs essentially zero (DNS queries are free) and prevents all of this.
Domain validation vs email verification: what's the difference?
These two terms get used interchangeably, which is wrong. Here's the precise distinction:
| Operation | What it checks | Speed | Catches |
|---|---|---|---|
| Syntax validation | Email format follows RFC 5322 | Microseconds | Typos in the local part |
| Domain validation | Domain has working MX records, SPF/DKIM/DMARC, not disposable | Under 1 second | Invalid domains, disposables (~8-12% of bad emails) |
| SMTP verification | Specific mailbox exists on the mail server | 1-5 seconds | Mailboxes that don't exist on otherwise valid domains |
| Catch-all detection | Domain accepts all addresses (silent drop risk) | 1-2 seconds | Catch-all domains (~12-18% of B2B) |
A "full" email verification (the kind you get from Cleanlist, ZeroBounce, NeverBounce) runs all four layers. A "domain-only" check (what most free tools do) runs the first two.
When to use just domain validation: high-volume situations where SMTP checks are too slow or expensive. Form-fill validation in real time, large list pre-screening, automated pipelines.
When to add full email verification: before any production send. The 8-12% domain validation catches plus the additional 5-15% SMTP catches makes the total bounce reduction 13-27% on a typical B2B list.
How to validate a domain (5 ways)
1. Free domain validators online
For one-off checks, free web tools work. Cleanlist, MXToolbox, and DNSChecker all run instant MX/SPF/DMARC queries on a domain. No signup required for individual lookups.
Best for: spot-checking a single domain or troubleshooting a deliverability issue.
2. CLI tools (dig, nslookup, host)
For developers, the command line is fastest:
# Check MX records
dig +short MX example.com
# Check SPF
dig +short TXT example.com | grep "v=spf1"
# Check DMARC
dig +short TXT _dmarc.example.comBest for: scripting one-time checks or building custom validation logic.
3. DNS query libraries (programmatic)
For applications, use a DNS resolver library:
- Node.js:
node:dnsbuilt-in - Python:
dnspython - Go:
net.LookupMX
Best for: building real-time domain validation into your forms or CRM.
4. Bulk domain validators (CSV upload)
For lists, use a bulk tool. Cleanlist's bulk verifier processes 10,000 domains in under 30 seconds and returns MX status, SPF/DKIM/DMARC presence, disposable detection, and catch-all flag for each.
Best for: pre-send list cleaning at scale.
5. API-based validation (real-time)
For ongoing pipelines, an API. Cleanlist's /verify-domain endpoint returns full validation in under 500ms per domain — fast enough to validate every form submission in real time.
Best for: production systems that need every form-fill or import validated.
Top 6 domain validation tools compared
| Tool | Free tier | Bulk | API | Catch-all detection | Pricing |
|---|---|---|---|---|---|
| Cleanlist | 30 credits/mo | Yes | Yes | Yes | $29/mo |
| ZeroBounce | 100 once | Yes | Yes | Yes | $16/mo |
| NeverBounce | None | Yes | Yes | Yes | $10/mo |
| Hunter.io | 25/mo | Yes | Yes | Limited | $34/user/mo |
| MXToolbox | Unlimited single | Pro tier | Yes | No | $129/mo for monitoring |
| EmailListVerify | 100 once | Yes | Yes | Yes | $14/mo |
For ad-hoc spot-checks, MXToolbox is fine and free. For bulk pre-send cleaning, Cleanlist or ZeroBounce. For real-time API validation in production pipelines, Cleanlist or NeverBounce.
Domain validation FAQ
Is domain validation the same as email verification?
No. Domain validation checks the domain portion only — does the domain have MX records, valid DNS, and isn't disposable. Email verification adds an SMTP-level check to confirm the specific mailbox exists. Domain validation is the first 8-12% of bounces you can prevent. Full email verification adds another 5-15% on top. Use both for production sends.
Can domain validation catch catch-all domains?
Advanced domain validators do test for catch-all behavior by attempting an SMTP RCPT TO with a randomized non-existent mailbox at the domain. If the server accepts it, the domain is catch-all. Free tools typically skip this check. Cleanlist, ZeroBounce, and NeverBounce all include it.
How fast is domain validation?
Sub-second per domain. A bulk validator processing 10,000 domains typically completes in 20-40 seconds. Real-time API validation runs in 200-500ms per domain — fast enough for form-fill use.
What's the difference between SPF, DKIM, and DMARC?
These are sender authentication standards, all based on DNS records:
- SPF lists which servers can send mail "from" the domain
- DKIM cryptographically signs outbound messages so receivers can verify authenticity
- DMARC tells receivers what to do when SPF or DKIM fails (none/quarantine/reject)
For domain validation purposes, you check whether these records exist (signal of domain health), not whether they pass — passing only matters for outbound mail.
Should I validate domains before storing them in my CRM?
Yes — at form submission, at CSV import, and on any external data sync. Domain validation at the point of entry prevents bad data from ever entering your system. It costs ~1ms per check via DNS and saves hours of cleanup later.
What's the difference between domain validation and DNS validation?
They're basically the same thing in the email-verification context. Some tools market "DNS validation" to emphasize the underlying mechanism (DNS queries against the domain's records). Functionally, both terms describe the same operation.
Does domain validation work for personal email providers (Gmail, Outlook)?
Yes — Gmail.com, Outlook.com, Yahoo.com, etc. all have valid MX records and SPF/DKIM/DMARC, so they'll pass domain validation. The "personal vs business email" distinction is separate from validity. Some validators flag personal-domain emails as "consumer" but still mark them valid.
How often does domain validation produce false positives?
Roughly 1-2% in our testing. False positives happen when a domain has working DNS but is recently expired or transitioning ownership. To reduce false positives, combine domain validation with SMTP verification — the SMTP check catches domains that pass DNS but have non-functional mail servers.
Bottom line: validate domains before you ever send
Domain validation is the cheapest, fastest, highest-ROI layer of email hygiene. It catches 8-12% of bad emails before they damage your sender reputation, costs essentially nothing, and runs in under a second per domain.
Implement it at three points:
- Form submission — validate every email at the point of entry
- CSV import — pre-screen any list before it touches your CRM
- Pre-send — final check before any campaign launches
Start with Cleanlist's free domain validator (30 credits/mo, no signup) for ad-hoc checks. Move to API integration once domain validation is part of your pipeline.