How to detect a vendor using proxy SMTP pings?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
You're comparing two validation vendors and one comes back with results in under a second, every single time, for every address. That's a red flag worth investigating.
Proxy SMTP pings are shortcuts. Instead of reaching out to the actual mail server of each domain and asking whether an address exists, a vendor using proxy pings simulates that conversation from a central relay or pre-cached database. It's faster, cheaper to run, and almost impossible to distinguish from a real check just by looking at the output label.
But there are patterns that give them away.
Speed is the first signal. Real SMTP checks involve an actual network handshake with a remote mail server. That takes time. If your entire list processes in a few seconds flat, or if individual addresses return results nearly instantly with no variation, the vendor probably isn't connecting to real mail servers at all. Legitimate checks show a natural spread in response times, because different servers respond at different speeds.
Greylisting is the best stress test. Many receiving servers use greylisting, where they temporarily reject new senders with a "try again later" response. A real SMTP validation service handles this gracefully and either retries or flags the address as temporarily unresolvable. A proxy service won't see the greylist response at all, so it'll return a clean "valid" result for addresses that a real check would have flagged as uncertain. If a vendor never returns a greylisted or "try later" classification, that's telling.
Uniform category distribution is suspicious. Real validation returns a messy spread of results: valid, invalid, risky, catch-all, role-based, disposable, unknown. If a vendor returns almost everything as either valid or invalid with very little in between, they're probably not doing nuanced server-level checks. Catch-alls especially are a useful test case. A catch-all domain accepts every address thrown at it without bouncing, so a real validator will identify these domains and flag them accordingly. A proxy-based system often misclassifies catch-alls as valid because it never actually queries the server.
Test with known trap addresses. Run a small seed list through the vendor. Include a few spam trap patterns, a known catch-all domain, and a few role addresses like info@ and support@. A quality validator should correctly identify and flag all three categories. If it calls everything valid, something's off.
Check their IP diversity. Legitimate vendors use distributed sending infrastructure to avoid triggering rate limits and blocklists during the validation process. If you can inspect the headers or the vendor discloses their infrastructure, look for a range of IP addresses making the SMTP connections. A vendor pinging from a single IP or a small cluster is cutting corners, and those corners include the accuracy of what they're telling you.
When in doubt, ask the vendor directly: "Do you perform live SMTP handshakes for every address, and how do you handle greylisting?" The answer (or the deflection) tells you a lot. You can also cross-check a sample of results against a second validator to see how often they agree on edge cases.
If you're trying to test a vendor's accuracy more broadly, that's worth doing before you trust them with a full list clean.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.