Stop Verifying Email Addresses by Sending Spam to Them

An article published on milek7.pl has gained significant traction on Hacker News, accumulating over 123 points and nearly 40 comments. The piece takes a firm stance against a surprisingly common practice in software development: verifying whether an email address is valid by actually sending a message to it and checking whether it bounces or gets a response.

The core issue is straightforward but often overlooked. When a system sends an unsolicited message to an email address solely to check if it exists, it is effectively sending spam. The recipient never asked to be contacted, and their inbox is being used as a testing ground without their knowledge or consent. At scale, this practice can result in thousands of unwanted messages being delivered to innocent users every single day.

Fortunately, there are well-established and respectful alternatives for validating email addresses. Developers can check syntax compliance using RFC 5321 and RFC 5322 standards, verify the existence of MX records via DNS lookups, and utilize mature validation libraries that handle edge cases gracefully. These methods provide a high degree of confidence in an address's validity without ever sending a single message.

The Hacker News community has responded enthusiastically to the article, with many developers admitting they have encountered or even implemented this problematic pattern themselves. The broader takeaway is a call for greater awareness and professional responsibility in how we handle user data and communication. Respecting users' inboxes is not just a technical best practice — it is an ethical obligation for anyone building software that interacts with email.