SparkPost Recipient Validation is now available both for existing SparkPost customers and for new, non-sending customers. It uses powerful data-driven analysis on billions of bounce, delivery, and engagement events daily to train our algorithm, bringing you one of the most powerful data-driven email validation tools on the market, so you can send emails smarter.

This article explains how you can get the most out of the data you’ll receive back on each validated recipient – you’ll see we classify addresses to be “valid”, “risky”, “neutral”, “undeliverable”, and “typo”. We give you a “reason” code and also a “did_you_mean” for known address typos.

API requests

In the SparkPost web app, you can drag & drop an entire list for validation. You can also use the API to validate single addresses, so you can build validation right into your address entry workflow.

A while back we came up with a Python command-line tool using this API. We talked over what we should do for other languages – and here we are! Let’s get started.

This Github repository folder has working Recipient Validation API call examples in around a dozen different languages. We try to cover the most popular applicable languages.

The common way of working through all these examples is:

  • Pick up your key from environment variable SPARKPOST_API_KEY
  • Make an API call to /api/v1/recipient-validation/single/to validate a recipient
  • Receive back a response string, containing JSON-formatted data with the result
  • Print out the result

SparkPost has libraries for some, but not all of the languages covered here. We chose to write these examples “native” instead, so we could a) cover more languages, b) show how simple the underlying code can be, and c) enable you to see clearly the similarities and differences between languages.

Bash / Curl

This wins the prize for shortest code – it simply uses the command-line tool “curl” to make the request and print the reply directly to the terminal. You can see the output is a string, containing JSON; we don’t actually parse the individual result attributes.


Trusty PHP has a few different ways to make HTTPS API calls. Here we chose to use curl_setopt and curl_exec. (

If you prefer HTTP_Request2 or pecl_http, then Postman has a built-in code generator that you can use to create similar examples – just set up a working GET request and use the “Code” button.


This uses the popular requests module, which is high-level and therefore easy to use. This example checks the returned status code, converts the results JSON back into a Python dictionary object, and prints the resulting object rather than just a string.

If you prefer the built-in http.client library, Postman can generate code for that too; it’s not much longer.


There are many different node.js HTTP(S) libraries. I started with the older request package (using a callback function) but it’s deprecated and no longer actively maintained.  I chose the newer axios package (using promises). 

Postman can also give you a Javascript native example and Unirest, in case you prefer those.

Because this code needs access to your API key, we strongly recommend calling our API from your server-side, never from the client (browser / mobile device) side.


Go strives toward a philosophy of “one good way” to do something; in this case, using the built-in “batteries included” libraries net/http, encoding/json and others.

The length is due mostly to the explicit error checking clauses if err != nil {} everywhere (no exceptions LOL).

We also declare the results object structure with field tags, to enable us to “unmarshal” the JSON returned string. We overlay the “results” and “errors” tags to allow for both kinds of return.

I like the speed, type-safety and clarity of Go, even if the code is longer than our previous examples.


I’m less familiar with C# – to me, it looks quite Java-like, rather than C-like. I was able to put this together following examples shown in the request library System.Net.Http.

Postman can auto-generate example code using RestSharp, if you prefer that.


This was my first attempt at Ruby code; I used the Net::http library, and followed this example (which turns out to be very close to the code that Postman auto-generates).

I ran into one language / library oddity that’s worth explaining. Just setting up using a URI that begins “https://” is not enough, you have to specifically set http.use_ssl = true

Without this, your code will attempt a request on port 443 – but without using SSL/TLS (i.e. in plain), and SparkPost will rightly refuse to authorize the request. Don’t try this at home, because your API key is in the Authorization header. This language / library feature felt unsafe to me.


I’ve not written any serious Java before, but it was easy to piece this together by following the general approach used in the SparkPost library for other GET calls.

Incidentally, using VS Code as my editor / debugger worked really well for all the languages here, giving me syntax highlighting, debugger stepping / variables viewing etc. The InputStreamReaderand BufferedReaderconstructs are similar to (and I assume were copied by) Go.

C / C++

This was a trip down memory lane, as I wrote a lot of C code in the 1990s, some still running deep in telecoms networks somewhere. As the history of C predates the modern Web, it’s not surprising that library support is a manual task. We need to download (and compile) a recent version of Libcurl, linking to an OpenSSL library – see the README for actual steps.

This feels like a lot of work compared to modern languages, particularly when Go (or Lua, or Python, or any of the others) are fast enough for tasks like this.

The other thing I had forgotten, despite bearing the scars from previous battles, is the scariness of memory allocation! To keep the example simple, I preallocated the URL string length as 1024 characters, and bounds-checked the email address length (using strlen) before we concatenate into it (using strcat).

We treat the Authorization string with a concatenated API key in the same way .. even though we know a valid API key will never be too long .. that’s no protection! User input coming from an environment variable could be anything. You must program defensively.

A more sophisticated developer might use mallocinstead of stack variable allocation, and calculate just how long the joined strings need to be. Having to think about this extra complexity gave me a pain in the diodes down my left side; it reminded me of the risks that C programmers run every day, trying to avoid buffer overruns and unexpected side-effects. Which brings us to ..


Lua is known for its easy coexistence alongside a body of C code, and here at SparkPost, we used Lua extensively for Policy customisations inside our Momentum on-premises MTA. You can also use it as a stand-alone scripting language, and it’s pretty nice for that, too.

With Lua 5.3 and the luarocks package manager, we use libraries luasocket and luasec. Showing its C integration heritage, we link to our local OpenSSL library. The luarocks install process calls the gcc compiler (or whatever C compiler you are using), so adding new libraries takes a while.

The Lua code is quite simple. The characters mark comments.  The function https.request provides multiple return values (a bit like Python and Go). String concatenation is done with the operator  .. (instead of + in Python).

The response body from this call is handled with the “ltn12” module – see here. That enables efficient handling of data that could be returned in multiple “chunks”. As that article explains:

The table factory creates a sink that stores all obtained data into a table. The data can later be efficiently concatenated into a single string with the table.concat library function.

Our example just concatenates table t and prints it out; you could use a filter to perform more processing.


While Perl is famous for its one liners, this is not one of them.  Perl was designed for very fast document search and modification, but is actually capable of so much more.  I once wrote an entire Inventory control suite in Perl.  Go figure.   A n y w a y…

This script makes use of LWP::UserAgent and HTTP::Request and optionally the JSON and Data::Dumper packages depending on how you want to see the output. As with all the other scripts on this page, you should pre-set an environment variable SPARKPOST_API_KEYto your generated API key that includes the Recipient Validation function. This script hard codes $recipient = ‘’ but you can easily add command-line input or consume from a file.

After all the variables are populated, we load an HTTP:Request with GET parameters and send it to the LWP:UserAgent.  The resulting “message” is the result of the email validation test as an array.  You can use JSON and DUMPER to display the result or just pass the array on for additional processing.

Visual Basic is not visual and it is not basic (IMHO), but it is #6 on the TIOBE language index so here we go.

There are other ways to do this, but the easiest path to success is to use the Visual Studio SDK in a Windows platform. Fire up Visual Studio, start a new project and select Visual Basic, then select  Be sure to use the VB version not the C# version – it is easy to miss that in the SDK.

At this point you can edit lines manually or copy/paste the code from here into VS and save a bunch of time. In order to make this code work, you need to add a Windows environment variable.  The easiest way to do this is to open a command prompt and use setx.exe like this: 

C:\Users\me>setx SPARKPOST_API_KEY  "142<redacted<redacted>c531c3"

In Windows 10, this is applied to your user environment, but is not immediately available in the current command session, so testing it with a “set” will not work, but it will be available to the code. If you build and execute the code included in the repo, you’ll see the validation result.


Rust is a language for systems and web-services programming that is focused on performance, safety and concurrency. As Wikipedia says, Rust has been the “most loved programming language” in the Stack Overflow Developer Survey since 2016.

The Rust code in our Github repo uses the reqwest library with tokio async, similar to this example from the Rust cookbook. (That’s not a typo, the reqwest library name is spelled like that). We’ve included a cargo package manager configuration file, so you can build and run with:

cd rust_recipient_validation
cargo run

This will compile the package into executable code, and run it:

    Finished dev [unoptimized + debuginfo] target(s) in 0.10s
     Running `target/debug/rust_recipient_validation`

Status: 200 OK
: (etc)

The code uses std:envto read the SPARKPOST_API_KEY environment variable. A match clause handles the case where the key is undefined. If all is well, a new reqwest::Client is created and an async call issued, followed by an .await? (see here). Async, rather than the simpler blocking call, seems to be needed to set request headers. Response body text is read with a second .await?, as per this example.


In this article, we’ve walked through Recipient Validation code examples in many languages. Here’s our request to you.

Let us know if you think we missed your favorite language. We may not have as many examples as The Fibonacci Project, but we’d love to add some more. Also, if you think our examples can be improved, let us know!

You can get in touch on Twitter via @SparkPost, or open a Github Issue – we’d love to hear from you.

~ Steve