If you run lead forms—on your website, landing pages, or anywhere—you know the drill: people enter bogus email addresses all the time. Some do it to get past a paywall, others just fat-finger the keyboard. Either way, you end up wasting time and money chasing ghosts.
Real-time email verification is one of those fixes that sounds simple (and honestly, should be), but can trip you up with bad docs or tools that overpromise. This guide is for anyone who wants to set up live email checking on their forms using Truemail—without a bunch of hand-waving or fluff.
We'll walk through the setup, show you what actually matters, and point out where you can (and can't) trust the process.
Why bother with real-time email verification?
Before jumping in, a reality check: Real-time verification won't stop all junk signups. People can still use burner emails, and no tool's perfect. But you'll catch obvious errors and some fake addresses before they hit your database. That means:
- Fewer bounces when you send emails.
- Better data quality for your sales or marketing team.
- Less time scrubbing lists later.
If you're getting a ton of garbage signups, it's worth it.
Step 1: Sign up for Truemail and get your API key
First things first: you need a Truemail account. Go sign up if you haven't already.
- Head to Truemail and create an account.
- After verifying your email, log in to your dashboard.
- Look for the “API” or “Integrations” section.
- Generate an API key. Copy it somewhere safe—you’ll need it for your code.
Pro tip: Don’t share this key in public repos or front-end code. Anyone with the key can burn through your credits.
Step 2: Understand how Truemail’s API works
You don’t need to memorize the docs, but here’s what matters:
- Truemail’s API works over HTTPS. You send it an email address, it tells you if it’s valid, invalid, or risky.
- The endpoint is usually something like
POST https://truemail.io/api/v1/verify. - You’ll need to include your API key in the headers or as a parameter.
- The response is a JSON object. Look for fields like
resultorstatus.
Example request body:
json { "email": "test@example.com" }
Example response:
json { "email": "test@example.com", "result": "valid", "reason": "deliverable" }
You care about “valid” or “invalid.” Anything else might be “catch-all” or “unknown,” which you’ll want to handle.
Step 3: Decide where to put verification in your form flow
This is where most people overcomplicate things. You’ve got two basic choices:
-
Client-side (in the browser):
Pros: Fast feedback to the user, feels slick.
Cons: Exposes your API key (bad), can burn through your credits if someone spams the form. -
Server-side (after form submit):
Pros: Keeps your API key safe, lets you control when/how often you verify, easier to log or rate-limit.
Cons: Slightly slower for users (they get feedback after submit instead of instantly).
Short answer: Do email verification server-side. It’s safer, and you can trust the results. If you want to get fancy, you can use AJAX to submit the email to your backend and respond in real time, but don’t call Truemail directly from the browser.
Step 4: Add backend code to call Truemail
Here’s a basic example in Node.js/Express. You can adapt it to Python, PHP, Ruby, whatever. The idea’s the same.
Node.js example (Express)
Install Axios:
bash npm install axios
Add this to your form handler:
js const axios = require('axios');
app.post('/lead-form', async (req, res) => { const email = req.body.email; try { const response = await axios.post( 'https://truemail.io/api/v1/verify', { email }, { headers: { 'Authorization': 'Bearer YOUR_API_KEY', 'Content-Type': 'application/json' } } );
const result = response.data.result;
if (result === 'valid') {
// Proceed with normal form handling
res.status(200).send({ success: true, message: 'Thanks for signing up!' });
} else {
// Block or warn the user
res.status(400).send({ success: false, message: 'Please enter a valid email address.' });
}
} catch (err) { // Truemail might be down, or you hit a rate limit console.error(err); res.status(500).send({ success: false, message: 'Email verification failed. Please try again.' }); } });
Swap out YOUR_API_KEY for your actual key (preferably from an environment variable).
Pro tip: Don’t hard-fail if the Truemail API is down. You still want to collect the lead, just mark it as “unverified” so you can check it later.
Step 5: Handle edge cases (catch-all, unknown, disposable)
Not all emails are black-and-white. Here’s what to do when Truemail returns something other than "valid" or "invalid":
-
Catch-all:
Some domains accept any address. Truemail will flag these as “catch-all.” You can either allow them but mark them as “needs manual review,” or warn the user. -
Disposable:
Truemail can spot throwaway addresses (like Mailinator). Block these or ask the user for another email. -
Unknown:
If Truemail can’t verify at all (maybe the mail server is down), decide if you want to block or let them through. Usually, it’s safer to collect the lead and check later.
Example logic:
js switch (result) { case 'valid': // Accept break; case 'invalid': // Block break; case 'catch-all': // Allow, but flag for review break; case 'disposable': // Block break; default: // Unknown: accept, but mark as unverified }
Don’t obsess over perfection. No system catches everything. Your real job is to stop the easy junk and make the rest easier to clean up later.
Step 6: Give users clear feedback
If someone enters a bad email, tell them why it’s not working. “Email invalid” is fine, but if you can, say things like:
- “That doesn’t look like a real email address.”
- “We don’t accept disposable email addresses.”
Don’t get too cute, but don’t just fail silently either.
Step 7: Rate-limit and monitor your API usage
Truemail usually charges per API call, so you want to avoid bots or bored teenagers hammering your form.
- Add a CAPTCHA (like Google reCAPTCHA) to your form if you get a lot of automated spam.
- Limit how often a single IP or user can submit the form.
- Monitor your Truemail dashboard for spikes in usage you can’t explain.
Pro tip: If you suddenly see your credits drop, check your site logs. Someone might be abusing your form.
Step 8: Test the entire flow
Don’t skip this. Try:
- Real emails (your own, company, Gmail, etc.).
- Obvious fakes (“asdf@asdf.com”).
- Disposable addresses (Mailinator, Guerrilla Mail).
- Weird but valid addresses (“firstname+tag@gmail.com”).
- Catch-all domains if you know any.
Make sure your form handles each response the way you expect. Fix anything that’s confusing or broken.
What not to bother with
-
Don’t build your own SMTP email checker.
There are open source libraries, but they’re a pain and often unreliable. Use a service. -
Don’t put your API key in JavaScript.
Ever. Someone will find it. -
Don’t expect 100% perfection.
Some bad emails will get through, and some real users will get blocked. It happens.
Wrapping up: Keep it simple, tune as you go
Real-time email verification with Truemail is one of those “set it and mostly forget it” improvements. Do the basics—API integration, handle the common cases, don’t overthink the edge stuff. If you start seeing new patterns of fake signups, tweak your logic. Otherwise, move on to the next thing that matters.
Truth is, most of the benefit comes from just blocking the obvious junk. Everything beyond that is diminishing returns. So keep it simple, and revisit only if you have to.