Email Address Validation (Pre-Send Gate) Email Address Validation (pre-send gate) Owner: CodeCraft (tooling) Implemented: 2026-04-18 (after Quran outreach 2-bounce incident) Script: ~/system/tools/email-address-validate.js Cache: ~/system/databases/email-address-cache.sqlite (7-day TTL) Why First-send to uncatalogued institutional addresses (Al-Burhan, FIN Sarajevo) bounced because of typo/wrong-user assumptions. Adding an MX-lookup gate in front of SMTP send catches that class of failure before a message leaves the building. What it does Layer Catches Cost Syntax check (RFC 5322 simplified) invalid@ or missing domain negligible DNS MX lookup Nonexistent domain, missing MX records ~50–200 ms first time, cached after SMTP RCPT probe (optional, --probe ) Hard 550 rejections on strict servers ~1–5 s Cache Repeat validation on known addresses 0 ms What it does NOT catch Gmail-hosted domains respond 250 accepted to RCPT even for nonexistent recipients. The real NDR arrives seconds/minutes later from the submission pipeline. Since many academic/institutional domains are on Google Workspace, RCPT probing is not a reliable filter for the class of errors we hit. Mitigation: the validator prints a WARN when sending to a first-seen Gmail-hosted address, instructing the caller to verify manually. Integration mail-native.js sendEmail() calls the validator before the Himalaya/SMTP path. Hard-block on exit=1 (no MX / syntax). --force bypasses. CLI node ~/system/tools/email-address-validate.js # syntax + MX, cached node ~/system/tools/email-address-validate.js --probe # + SMTP RCPT (see caveat above) node ~/system/tools/email-address-validate.js --force # skip cache Exit codes: 0 valid, 1 invalid, 2 transient/unknown. Related ~/system/docs/quran-research/ — the outbound sprint that exposed the gap. ~/system/tools/email-safety.js — existing content/subject gates.