How to validate an email address in PHP

As all experienced developers know, it is essential to test and validate the information users can enter into a web form. This is even more important when it comes to email addresses, as when someone asks for information, you have to make sure that their email address is correct so they can receive the answer to their requests.

Unfortunately, correctly verifying an email address is not an easy task.

How to check the format of an email address in PHP

PHP natively provides a series of functions for validating and filtering, most notably the filter_var() function, which can validate email address format.

The filter_var() function accepts 3 parameters:

• The first parameter is the variable to validate.
• The second parameter defines the type of filter to be applied. The function allows you to check the format for IP addresses, domain names, and many others, including email addresses. The documentation provides a list of all usable filters.
• The third parameter allows you to specify options that will determine the filter_var() function's operation. These options depend on the type of filter that is being used.

To use filter_var() to perform email format validation, the second parameter must be set to FILTER_VALIDATE_EMAIL. If you know that the email address to validate contains Unicode characters, you must also specify the FILTER_FLAG_EMAIL_UNICODE option as the third parameter. Here are two examples:

// Example with US characters only
$address = 'john.doe@email.com';
if(filter_var($address, FILTER_VALIDATE_EMAIL)) {
  echo 'Valid!';
} else {
  echo 'Not valid :(';
}

// Example with Unicode characters
$address = 'Потапов@email.com';
if(filter_var($address, FILTER_VALIDATE_EMAIL, FILTER_FLAG_EMAIL_UNICODE)) {
  echo 'Valid!';
} else {
  echo 'Not valid :(';
}

However, a look at the source code of the filter_var() function on GitHub makes it immediately clear that checking the email address format will not work in all cases. Here is the developer's comment:
  This regex does not handle comments and folding whitespace.

Indeed, even if rare, whitespaces are allowed in an email address as long as they are enquoted, and the function could, in this case, like other similar cases, provide a false negative (indicating that the email address is not valid, while it is).

How to verify if an email address exists using PHP

However, validating the address format is not enough. For a form data validation script to be effective, it must check if the email address actually exists.

For example, the email address john.doe@donteventrytofindthis.server, or even simpler john.doe@mgail.com, although having a valid format, would not exist. A validation solely based on the filter_var() function would not detect the error.

To implement such a verification script, it would be necessary to write complex logic to test the domain name's existence, then query its records to determine if the MX fields are correctly filled in, and finally test if the SMTP server responds correctly. As one can easily imagine, this is a heavy task.

The most efficient solution for email verification with PHP: using the Abstract API

When it is too difficult to develop an effective solution, one must turn to the services available on the Internet.

Abstract provides a free API that allows verification of email addresses, validating their format, and checking if the domain name is routable (in other words: it checks if the server exists). The API also indicates whether the email address is from a disposable email service that does not need identification to be used.

To use the Abstract API, create an account and get your private API key. Then using the API is as simple as a call via curl, like this:

$api_key = 'your_key';
$email = 'john.doe@email.com';

$ch = curl_init('https://emailvalidation.abstractapi.com/v1/?api_key='.$api_key.'&email='.$email);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
$data = curl_exec($ch);
curl_close($ch);

print_r($data);