Open-source Node.js SMTP email verification library for developers who need programmatic, multi-layer address validation with detailed reason codes.
What it does
ping-email is an open-source Node.js library for SMTP email verification. It validates addresses through syntax checks, MX record lookups, and live SMTP handshakes, returning structured pass/fail results with detailed reason codes.
Sending to bad addresses burns deliverability, wastes server resources, and invites fraud. ping-email catches invalid addresses before the send, using a real SMTP handshake rather than a regex alone, so bad addresses are flagged at the source.
ping-email is a Node.js library, licensed MIT, from the Pingback team. It layers three checks in sequence: syntax validation, DNS MX record lookup, and a simulated SMTP conversation with the recipient's mail server. Each step has its own exit code, so your application knows exactly why an address failed, not just that it did.
Instantiate PingEmail with your SMTP config (port, FQDN, sender address, timeout, retry count), then call ping(email). The response object carries email, valid, success, and a message string drawn from 14 named constants, covering scenarios from "Invalid email syntax" to "Disposable email is not allowed" to "Connection timeout". The ignoreSMTPVerify option skips the live SMTP probe when you only need syntax and MX validation.
The built-in CLI script (scripts/filter-valid-csv-emails.ts) reads a CSV with an email column, runs each address through PingEmail, and writes a second CSV containing only rows where valid is true. Concurrency, pacing, and the --ignore-smtp flag are all configurable via command-line arguments, per the README.
SMTP probing carries a real IP-blocking risk. Recipient mail servers can flag frequent verification attempts as suspicious and block your IP. The README recommends rate limiting, proxy distribution, or a dedicated IP for high-volume runs. Skipping SMTP with ignoreSMTPVerify reduces that risk but also reduces accuracy.
ping-email is the right pick when you need programmatic, in-process email verification with granular failure reasons and the flexibility to tune aggressiveness per environment. It is not a managed SaaS API, so your infrastructure is responsible for reputation management at scale.
Features
Field notes
Reviewed Jun 26, 2026
Best for
Builder outcomes
Watch out
Tested with
ping-email is an open-source Node.js library for programmatic email address verification. It validates addresses through three sequential layers: syntax checking, DNS MX record lookup, and a live SMTP handshake with the recipient's mail server. Each check produces a named result code, so callers know exactly why an address passed or failed, not just the boolean outcome. It is published under the MIT license by the Pingback team.
Install via npm (`npm install ping-email`) or Yarn (`yarn add ping-email`). Instantiate `PingEmail` with your SMTP options (port, FQDN, sender address, timeout in milliseconds, and number of retry attempts), then call `await pingEmail.ping('user@example.com')`. The response object returns `email`, `valid`, `success`, and a `message` string from the library's named message constants. A bundled CLI script (`npm run filter-csv`) can also process a CSV file in bulk and output a filtered file of valid addresses.
Yes, ping-email is fully open-source and licensed under the MIT License, copyright 2024-present Pingback. There are no API fees or usage tiers. You run the library inside your own Node.js environment using your own SMTP infrastructure, so all costs (server, IP reputation management) are yours to manage.
ping-email is best for backend services that need in-process email validation before persisting user records, and for teams cleaning bulk contact lists using the built-in CSV CLI script. It excels when you need 14 granular failure reason codes (covering syntax, domain, MX, disposable-email detection, SMTP timeouts, and more) to drive different application behavior per failure type. It is a strong fit for self-hosted stacks where you want no third-party API dependency.
ping-email runs entirely in your own Node.js process with no external SaaS dependency, which means zero per-lookup fees and full control over the code. Managed APIs, by contrast, handle IP reputation, proxy rotation, and uptime on your behalf, making them safer for high-volume bulk verification. The README explicitly flags that frequent SMTP probes from a single IP can trigger blocking by recipient mail servers, a problem managed services absorb for you. Choose ping-email when self-hosting and low cost matter more than managed IP reputation.
The primary risk is IP blocking: recipient mail servers can flag repeated SMTP verification attempts as suspicious and block your IP, especially at high volume or frequency. Many cloud providers (AWS, GCP, Azure) also block outbound port 25 by default, which is the library's default SMTP port. The `ignoreSMTPVerify` option reduces blocking risk by skipping the live SMTP probe, but sacrifices mailbox-level accuracy. The library simulates an SMTP conversation; it cannot guarantee that a mailbox will actually accept a real message.
Free repo scanner that checks GitHub and Bitbucket projects for malware, credential stealers, and crypto scams before you run their code.
Best for Developers vetting unfamiliar GitHub or Bitbucket repos before cloning or running them locallyAnatomia, CLI harness that gives AI coding agents a verifiable pipeline and proof chain, not just prompts. MIT-licensed, works with Claude Code, Codex, and more.
Type-check TypeScript and JavaScript code fences in Markdown and MDX docs against your real project API, in editor, CLI, and CI.
Best for Teams using AI agents to write or update docs, where hallucinated API names and option keys are a real riskNVIDIA's open-source security scanner for AI agent skills, detects prompt injection, supply chain attacks, and 66 other vulnerability patterns before you install.
Best for Teams auditing AI agent skills before installation in Claude Code, Codex CLI, or Gemini CLI environmentsOpen-source autonomous AI pentester for web apps and APIs, analyzes your source code and runs real exploits, for developers and security engineers.
Best for Teams shipping code daily who need on-demand, proof-driven pentesting between annual engagementsOpen-source toolkit for Spec-Driven Development with AI coding agents, structured specs, plans, and tasks instead of vibe coding.
Best for Teams using AI coding agents on projects where correctness and reliability matter more than speed of first output