The way we verify emails is the following:
- We contact their mail server and ask, for example, "Does firstname.lastname@example.org exist?" and their mail server should say yes since that is valid.
- Then we ask "Does email@example.com exist?" and they should say No because it's not valid. If it says No, we know it only accepted the legit email and we consider it verified.
- If they say yes to all formats, we can not verify the email because it's using a Catch-All system and accepting all mail and then rejecting it on the backend. This is an Unverified status.
- If we have a verified email from someone at a company, and other emails are unverified, we assume the company uses the same format for everyone, which isn't always the case (for example, we have 3 Ryans working for us, so they have various versions of emails). We list those as "Best Guess"
We also do use other methods, including third-party vendors, as data sources beyond our own testing.