If Jane@example.com sends you an email, how can you be sure it was actually Jane who wrote and sent the email? Verifying the authenticity and source of the emails in your inbox is crucial to your privacy and security. Not doing so can lead to stolen data, malware attacks, financial fraud, or even identity theft.
Validating email addresses is an important — and simple — way to protect yourself and your business. It helps you avoid scams like phishing by preventing you from interacting with fake or impersonated accounts that could steal your information.
This guide will show you how to check if an email address is legitimate, either manually or with the help of tools. You’ll also see how Proton Mail protects you from fraudulent senders and messages.
What is email verification?
Email verification is the process of verifying an email address — e.g. checking its format, content, authenticity, and source — to ensure that it’s genuine. Here’s how you can do that:
Check the email address and contents
The email address should have a correct format, consisting of a username, followed by the “@” symbol, and a valid domain name — “username@domain.com”.
If you get an email from a company that seems legitimate, take a moment to verify it. Look up the company’s official email address on their website and check if it matches the one you received. Pay close attention to small details, like extra or misplaced letters, as scammers often use subtle changes to mimic genuine email addresses.
Beyond the email address, review the subject line and message carefully. Legitimate companies typically avoid using urgent or threatening language, but fraudulent emails often create a sense of urgency to pressure you into acting quickly without fully investigating. Taking these steps can help you spot and avoid scams.
Send a test email
The simplest way to check if an email address is valid is to send a test email to it. If the address is invalid, you will receive a bounce-back message (also called a Non-Delivery Report or NDR) indicating that the email could not be delivered. However, a successful delivery doesn’t guarantee the email is monitored or active.
Keep the message simple and non-intrusive, such as “Hello, this is a test email. Please disregard.” to avoid alarming the recipient if the email turns out to be valid. If possible, send the test email from a secondary or generic account to protect your main email address. Keep in mind that some servers delay bounce-back notifications, so you may not receive an immediate response.
Use email aliases
Proton Mail has launched hide-my-email aliases to help you keep your real email address private. A hide-my-email alias is simply another address that will automatically forward all emails sent to it to your main mailbox. You receive all messages, but your real email address and identity remain hidden.
Look up the domain online
When receiving emails from someone you’ve never heard of before, enter the domain from the email address into a search engine and look for an official website or credible mentions of it in legitimate sources. Any reputable company should have a professional online presence, such as a secure website (with HTTPS) and clear contact details. It could even turn up on websites where users marked the domain as spam.
Use a WHOIS lookup tool
For a deeper investigation, you can use a WHOIS lookup tool to get registration details about the domain, such as the domain owner’s name or organization and contact details. Fraudulent domains often lack a credible digital footprint, are recently registered, or hide their WHOIS information using privacy protection services.
Inspect the email header
Examining email headers can help you determine if an email is legitimate or if it originates from a suspicious source. For instance, you can use IP lookup tools to check if the sender’s IP address matches the expected location.
If the email passed through unknown or untrusted servers before reaching your inbox, it could indicate tampering. For example, PayPal emails should route through paypal.com or related domains.
An email that fails SPF, DKIM, and DMARC checks might be spoofed since these authentication protocols are used to validate whether the sender is authorized to use the domain.
Keep emails secure and verified with Proton Mail
Proton Mail is a secure email service that protects your messages and metadata using end-to-end encryption, shielding them from unauthorized access. No one can access your personal information — not even us.
It minimizes the risk of falling victim to phishing scams by using digital signatures to verify that the sender is who they claim and that the email or attachments haven’t been tampered with. Plus, Proton Mail automatically checks incoming emails for compliance with SPF, DKIM, and DMARC protocols, immediately flagging anything suspicious.
Proton Mail also offers additional verification features to help you determine whether an email is legitimate:
- Official badge for Proton emails: Emails from Proton’s official domains include an “Official” badge, helping you instantly recognize authentic messages.
- Verified sender images for trusted organizations: Proton Mail displays sender images for tens of thousands of verified businesses and organizations, helping you quickly identify legitimate emails. However, the absence of an image doesn’t mean an email is fraudulent, and domains can still be compromised. Always verify the sender and stay cautious.
If you’re ready to move to a privacy-focused email service, Easy Switch securely imports your emails, calendars, and contacts into Proton Mail.
Proton Mail is part of a larger encrypted ecosystem designed to protect your data, including passwords, internet connections(nowe okno), cloud storage(nowe okno), calendar, and digital assets.
