Vrfymail vs ZeroBounce: Pricing, Latency, Verdicts (2026)
ZeroBounce works fine. The catch is that “fine” starts at $16 per 2,000 credits on pay-as-you-go — $8 per thousand — and the math goes sideways the moment your signup form starts taking real traffic.
This is a side-by-side, not a hit piece. ZeroBounce has been processing email verification since 2015. They built features that earn their price tag if you’re cleaning B2B prospecting lists — AI-scored catch-all guesses, mailbox activity history, mature compliance docs. Skip ahead to “Where ZeroBounce still wins” if that’s the workflow you’re scoping. For everyone else — indie SaaS founders running vrfymail or any verification API behind a Resend pipeline, growth engineers wiring real-time gating into a Next.js form — the trade-offs land differently.
We’ll go through the five things that actually decide which API you ship: pricing, p50 latency, verdict semantics, disposable-domain freshness, and bounce-webhook handling. Then a clear “pick this if” section and an FAQ.
Pricing: where the 5–10× delta comes from
ZeroBounce’s headline rate on pay-as-you-go is $16 for 2,000 credits — $8 per thousand. Volume tiers walk that down (a million credits drops it under $3 per thousand), but at the small-and-medium-volume bands where most signup-gating workloads live, you’re paying $4–$8 per thousand.
Vrfymail’s pricing was set to undercut that band by an order of magnitude:
| Plan | $/mo | Verifies/mo | Effective $/1k | Overage $/1k |
|---|---|---|---|---|
| Free | $0 | 5,000 | $0 | — |
| Indie | $9 | 10,000 | $0.90 | $1.50 |
| Pro | $29 | 50,000 | $0.58 | $0.80 |
| Business | $99 | 250,000 | $0.40 | $0.50 |
| Enterprise | $499+ | 1,000,000+ | custom | custom |
5,000 verifies a month free, no card, no expiry. ZeroBounce’s free tier is 100 lifetime credits — enough to test the API once.
Two more details that matter for the bill:
- Unknown verdicts don’t bill. When the verify pipeline can’t reach a verdict — DNS lookup failed, strict-mode check failed, the upstream MX timed out — vrfymail calls
refundUsage()and releases the slot. ZeroBounce charges for unknown (“catch-all” / “do-not-mail”) results. - Per-customer caching is included. The same customer asking twice for the same email in a 24h window is one billable call, not two. ZeroBounce charges per call.
For a more granular tear-down across the category — Hunter, NeverBounce, Bouncer, Emailable — see our ZeroBounce alternatives breakdown.
Latency: the 50ms vs 400ms gap
For real-time signup gating, latency is not a vanity metric. A 50ms verdict is invisible inside a form-submit roundtrip. A 400ms verdict shows up as a perceptible pause and pushes you toward client-side workarounds (optimistic accept, async verify on the server).
Vrfymail runs on Cloudflare Workers in 300+ POPs. There are no cold starts — the Worker is always warm. p50 sits at ~50ms (cache hit), p99 at ~250ms (cold path with MX lookup and Spamhaus DBL probe in parallel). Full request shapes are in the API docs.
ZeroBounce’s verifier runs on regional infrastructure with their public stats citing 100ms+ for the API path under normal load. In practice, real-world p50 from a US edge tends to land in the 200–500ms range depending on the call (DBL probe, SMTP probe, or cached lookup). For bulk uploads it doesn’t matter; for a Next.js handleSubmit it does.
The mechanical reason for the delta: vrfymail does the MX probe and the Spamhaus DBL probe in parallel and caches the verdict per-customer in Workers KV. The hot path skips both probes entirely.
Verdict semantics: deliverable, undeliverable, risky, unknown
Both APIs return broadly similar verdict taxonomies. Where they diverge is in the reason — the field that tells you why the email is undeliverable — and in the strict-mode hooks for B2C signup gating.
Vrfymail’s POST /v1/check returns:
{
"verdict": "undeliverable",
"reason": "disposable",
"trap": { "listed": true, "lists": ["spamhaus_dbl"], "code": "127.0.1.2" },
"strict": { "canonical_email": "alice@gmail.com", "flags": ["plus_alias"] }
}
Reasons split across valid_mailbox | syntax | no_mx | disposable | spam_trap | previously_bounced | previously_complained | previously_unsubscribed | role_account | typo_suspected | strict_check_failed | dns_lookup_failed. The trap object exposes the Spamhaus DBL response code: .2 for spam, .4 for phish, .5 for malware. Most APIs flatten that to a boolean and lose the why.
Strict mode (?strict=true) is opt-in B2C signup gating. It demotes otherwise-deliverable verdicts but never promotes — safe to add to a gate without breaking existing flows. Flags include plus_alias, multi_dot_local, gmail_dot_alias, throwaway_local (catches test@, asdf@, nobody@), sequential_run (4+ char runs like qwerty), and repeated_char_run.
The strict.canonical_email field is the de-duplication trick: plus-alias-stripped, and (for Gmail) dot-collapsed. Use it as the primary key for “have I seen this person before” instead of the literal address. ZeroBounce returns the parsed local-part and domain but doesn’t canonicalize for Gmail dot-aliasing — a.lice@gmail.com and alice@gmail.com come back as distinct.
Disposable-domain freshness: daily vs weekly
Disposable email providers spin up fresh domains daily. 1secmail rotates their domain pool. mail.tm hands out new domains hourly via their public inbox API. mail.gw, internxt, and a long tail of throwaway services do the same. If your blocklist refreshes weekly, you’re catching last week’s burner addresses, not today’s.
Vrfymail’s domains table feeds from five sources, with the cron-driven ones running every 24h:
- Bundled seed — ~121k entries from the
disposable-email-domainsnpm package, one-time. - Scrapers — daily polls of 1secmail / mail.tm / mail.gw public APIs to capture today’s inbox domains. Rows tagged
source: "scraper:<provider>". - Spamhaus DBL (live) — every verify that hits DBL persists the domain.
- Customer consensus — ≥3 distinct customers POSTing
hard_bounceorspam_complaintfor the same domain within 30 days promotes it tois_spam_trap=1. Free-mail providers excluded. - CT-log scanner — daily polls of crt.sh for newly-issued TLS certs matching
temp/throwaway/minute/burner-mailpatterns. Catches the next disposable provider before they have customers.
Plus a sister temp-mail-agent Worker that runs four discovery channels (curated GitHub lists, DoH+HTTP probe, provider crawl, MX-cluster heuristics).
ZeroBounce’s bundled list refreshes weekly. For a B2C signup form taking 1,000 sign-ups a day, that’s the difference between blocking ~95% of disposable signups (fresh list) and ~80% (week-old list). For a quarterly newsletter scrub of 100k addresses, the delta is invisible.
If you want the discovery internals, the temp-mail domain list breakdown walks through how the daily scrapers actually work.
Bounce webhook handling: the data loop you don’t get from ZeroBounce
This is the biggest architectural difference, and it’s the one most comparisons skip.
Vrfymail exposes POST /v1/report-bounce — a webhook target you point your ESP’s bounce events at. Reasons accepted: hard_bounce | soft_bounce | spam_complaint | unsubscribe. The webhook URL embeds the api_key_id, so no shared bearer token is needed and you can pin a different webhook per ESP.
The data loop:
- Resend / Postmark / SendGrid / Mailgun / Mailchimp / Loops / customer.io fires a bounce event to
/v1/report-bounce. - The next
POST /v1/checkfor that email returnspreviously_bouncedfor that customer only — a per-tenant memory. - If ≥3 distinct customers report bounces or spam complaints for the same domain in 30 days (free-mail providers excluded), the domain promotes to
is_spam_trap=1globally — your bounce becomes everyone else’s pre-block.
Per-key budget on /v1/report-bounce is 1,000 reports/day default. The verify cache for the affected email is invalidated immediately, so the next read sees the new state without waiting on TTL.
ZeroBounce doesn’t accept ESP webhooks. Their bounce data is internal — collected from their own clients’ campaigns, surfaced through aggregate signals like AI scoring. You can’t tell ZeroBounce that this customer’s last send to bob@acme.com hard-bounced and have that change tomorrow’s verdict.
If you’re running vrfymail vs NeverBounce instead, the bounce-webhook loop is the same on our side; NeverBounce’s API is closer to ZeroBounce’s posture.
Where ZeroBounce still wins
Credit where it’s due. The honest places to pick ZeroBounce:
- AI Email Scoring on catch-all domains. ZeroBounce models whether a catch-all accepts your specific email. Most cheaper APIs (vrfymail included) return
riskyorunknownand let you decide. If catch-all guessing is core to your B2B prospecting workflow, ZeroBounce’s score is genuinely useful. - Activity tracker. ZeroBounce flags “active in the last 30/90/180/365 days” using their own opens/clicks tracker data. Useful for scoring purchased lists where you want a freshness signal.
- Compliance posture. SOC 2 Type II, HIPAA-compliant data handling, GDPR DPA off the shelf. If your procurement department is going to ask, ZeroBounce has answers ready. Vrfymail has GDPR DPA and is SOC 2 Type II in progress (shipping next quarter).
- Bulk uploader UI. ZeroBounce’s web app for one-off list cleaning is mature. Vrfymail is API-first; bulk handling is
POST /v1/check/batch(up to 100 emails) shipping next quarter, and for now you script it against single-call endpoints. - Raw volume. They’ve processed billions of verifies. Their MX-pattern dataset is bigger than ours. For long-tail B2B domains, that matters.
If your workflow is “upload a 500k-row CSV once a quarter, click verify, download the cleaned list, and the procurement contract requires SOC 2 Type II”, buy ZeroBounce credits. The price tag is the price of a turnkey workflow.
Pick this if
Pick vrfymail if:
- You’re running a B2C or prosumer signup form and need real-time gating with sub-100ms latency.
- Your ESP is Resend, Postmark, SendGrid, Mailgun, Loops, or customer.io and you want bounces to feed back into future verdicts automatically.
- You’re price-sensitive at low-to-mid volume — the 5–10× delta on $/1k matters.
- You want canonical-email de-duplication for Gmail (dot-aliasing collapse + plus-alias strip) at signup.
- You ship on Cloudflare Workers and want a verifier that runs on the same edge.
Pick ZeroBounce if:
- You clean large lists (100k+) for B2B prospecting and care about catch-all scoring or activity history.
- Procurement requires SOC 2 Type II and HIPAA-aligned data handling today.
- A polished web UI for non-engineers running cleanups matters more than API ergonomics.
- You’ve already got integrations wired and switching cost > the bill delta.
FAQ
Is vrfymail as accurate as ZeroBounce?
On the verdicts that overlap (deliverable, undeliverable, syntax-invalid, no-MX, disposable, role-account), accuracy is comparable. The data sources are similar — both probe DNS, MX, and DBL — and the disposable list overlaps significantly because both bundle the same open-source seed. ZeroBounce wins on catch-all scoring (their AI model is better than our risky verdict). Vrfymail wins on disposable freshness (daily refresh vs weekly) and on per-customer bounce memory (we have it, ZeroBounce doesn’t).
Can I migrate from ZeroBounce to vrfymail?
Yes — drop-in for the verify call. Both APIs return JSON, both authenticate via bearer token, and the verdict taxonomy maps cleanly: ZeroBounce’s valid → vrfymail’s deliverable, invalid → undeliverable, catch-all → risky, unknown → unknown. You’ll need to update the response parser to read vrfymail’s verdict and reason fields instead of ZeroBounce’s status and sub_status. Plan an afternoon for the wire-up plus a day of staging traffic to compare verdicts.
Does vrfymail handle catch-all domains?
Yes — flagged as risky with reason catch_all_domain. We don’t do AI scoring on catch-alls (yet). If you need a confidence score for a B2B prospecting workflow, ZeroBounce’s AI Email Scoring is the better tool. For B2C signup gating, the standard advice — accept catch-alls, monitor bounce rates, let /v1/report-bounce close the loop — works fine.
What ESPs does vrfymail integrate with?
POST /v1/report-bounce accepts JSON bounce events from Resend, Postmark, SendGrid, Mailgun, Mailchimp, Loops, and customer.io. Any ESP that posts JSON bounce/complaint events to a webhook URL can integrate. The webhook URL embeds the api_key_id, so you don’t need to share a bearer token with the ESP.
Does vrfymail have bulk verification?
POST /v1/check/batch (up to 100 emails per call) is shipping next quarter. For now, the recommended pattern for bulk is to fan out single-email calls — the API has no per-second rate limit on the verify endpoint, and at 50ms p50 you can clear 100k emails in roughly 90 minutes from a single client.
Is the free tier really free, or a 14-day trial?
Free is free, no card, no trial expiry. 5,000 verifies a month, every month. The first 100 signups also get the founder’s perk: 2× free quota (10,000/month) for life.
The decision
ZeroBounce is the right pick when you’re cleaning large lists with B2B-shaped requirements. Vrfymail is the right pick when you’re verifying emails in real time inside a SaaS product, your ESP is in the supported list, and the price-per-thousand actually matters to your unit economics.
Try vrfymail free — 5,000 verifies/month, no card. Get an API key →