Production-Ready Email Verification in PHP (Laravel/Symfony)

Beyond filter_var()

In the PHP ecosystem, developers have long relied on `filter_var($email, FILTER_VALIDATE_EMAIL)` for validation. While this is a useful built-in function, it is strictly a syntax checker. It will happily accept `fakeuser@gmailll.com` as valid because it adheres to RFC 822 standards.

For a production Laravel or Symfony application, you need to know if the email exists, not just if it looks like an email. This guide integrates EmailVerifierAPI.com into a Laravel Service class using the Guzzle HTTP client.

The Service Class Approach

We will create a dedicated service that handles the external API call, timeouts, and error handling. This keeps your Controllers clean.

<?php

namespace AppServices;

use GuzzleHttpClient;
use IlluminateSupportFacadesLog;

class EmailValidationService
{
    protected $client;
    protected $apiKey;

    public function __construct()
    {
        $this->client = new Client([
            'base_uri' => 'https://www.emailverifierapi.com/v2/',
            'timeout'  => 5.0, // Fail fast
        ]);
        $this->apiKey = config('services.email_verifier.key');
    }

    public function verify(string $email): bool
    {
        try {
            $response = $this->client->request('GET', 'verify', [
                'query' => [
                    'api_key' => $this->apiKey,
                    'email'   => $email,
                ]
            ]);

            $body = json_decode($response->getBody(), true);

            // Business Logic: 
            // 1. Status must be 'valid'
            // 2. Cannot be disposable
            if ($body['status'] === 'valid' && $body['disposable'] === false) {
                return true;
            }

            return false;

        } catch (Exception $e) {
            // Log the error but fail OPEN (allow user) to avoid blocking signups 
            // if the API is momentarily unreachable.
            Log::error("Email Verification API Error: " . $e->getMessage());
            return true; 
        }
    }
}

Integration in Custom Request Rule

In Laravel, the cleanest way to use this is inside a custom Validation Rule.

public function rules()
{
    return [
        'email' => ['required', 'email', new AppRulesRealEmailAddress],
    ];
}

By stacking this logic, your application performs a three-step check:

1. Required: Field is not empty.
2. Email: Basic syntax check (regex).
3. RealEmailAddress: SMTP handshake via EmailVerifierAPI.

This ensures that your database remains pristine without bloating your controller logic with cURL requests.