Websites don’t have an actual check for a legit email.
Some do. You can connect to an SMTP server and pretend to send an email (send the EHLO, MAIL FROM, and RCPT TO commands, but don’t actually send any content). A lot of servers will immediately reject as soon as you provide an invalid recipient email address.
Of course, that doesn’t work for any domains with a catchall address (where every address at a domain goes to one mailbox), and some SMTP servers don’t reject the email until later (or even just silently ignore emails to invalid addresses) in order to avoid enumeration attacks.
Some do. You can connect to an SMTP server and pretend to send an email (send the
EHLO,MAIL FROM, andRCPT TOcommands, but don’t actually send any content). A lot of servers will immediately reject as soon as you provide an invalid recipient email address.Of course, that doesn’t work for any domains with a catchall address (where every address at a domain goes to one mailbox), and some SMTP servers don’t reject the email until later (or even just silently ignore emails to invalid addresses) in order to avoid enumeration attacks.
Huh thank you for the more correct information, I didn’t know about those options.