@emailcheck/email-validator-js 3.4.4 → 4.0.0-beta.2

package/dist/index.js

@@ -4,6 +4,7 @@ var tinyLru = require('tiny-lru');
 var psl = require('psl');
 var stringSimilarityJs = require('string-similarity-js');
 var node_dns = require('node:dns');
+var node_crypto = require('node:crypto');
 var net$1 = require('node:net');
 var tls = require('node:tls');
 
@@ -196,6 +197,7 @@ exports.SMTPStep = void 0;
   SMTPStep2["greeting"] = "GREETING";
   SMTPStep2["ehlo"] = "EHLO";
   SMTPStep2["helo"] = "HELO";
+  SMTPStep2["startTls"] = "STARTTLS";
   SMTPStep2["mailFrom"] = "MAIL_FROM";
   SMTPStep2["rcptTo"] = "RCPT_TO";
 })(exports.SMTPStep || (exports.SMTPStep = {}));
@@ -680,9 +682,9 @@ function parseCompositeNamePart(part) {
         cleaned = pureAlpha;
         confidence = 0.6;
       } else {
-        const baseMatch2 = part.match(/^([a-zA-Z]+)\d*$/);
-        if (baseMatch2) {
-          cleaned = baseMatch2[1];
+        const baseMatch = part.match(/^([a-zA-Z]+)\d*$/);
+        if (baseMatch) {
+          cleaned = baseMatch[1];
           confidence = 0.75;
         } else {
           cleaned = part;
@@ -696,9 +698,7 @@ function parseCompositeNamePart(part) {
       confidence = Math.min(1, confidence + 0.2);
     }
   }
-  const baseMatch = part.match(/^([a-zA-Z]+[a-zA-Z0-9]*?)\d*$/);
-  const base = baseMatch ? baseMatch[1] : part;
-  return { base, hasNumbers, cleaned, confidence };
+  return { hasNumbers, cleaned, confidence };
 }
 function isLikelyName(str, allowNumbers = false, allowSingleLetter = false) {
   if (!str)
@@ -989,6 +989,9 @@ function parseDsn(reply) {
     return null;
   return { class: Number(match[1]), subject: Number(match[2]), detail: Number(match[3]) };
 }
+function dsnToString(dsn) {
+  return `${dsn.class}.${dsn.subject}.${dsn.detail}`;
+}
 function isPolicyBlock(reply) {
   const dsn = parseDsn(reply);
   return (dsn === null || dsn === void 0 ? void 0 : dsn.class) === 5 && (dsn === null || dsn === void 0 ? void 0 : dsn.subject) === 7;
@@ -1009,8 +1012,11 @@ function isInvalidMailboxError(reply) {
     return false;
   return true;
 }
+function defaultProbeLocal() {
+  return `${node_crypto.randomBytes(8).toString("hex")}-noexist`;
+}
 async function verifyMailboxSMTP(params) {
-  var _a, _b, _c, _d, _e, _f, _g;
+  var _a, _b, _c, _d, _e, _f, _g, _h, _j;
   const { local, domain, options = {} } = params;
   const mxRecords = (_a = params.mxRecords) !== null && _a !== void 0 ? _a : [];
   const ports = ((_b = options.ports) !== null && _b !== void 0 ? _b : DEFAULT_PORTS).filter((port) => Number.isInteger(port) && port > 0 && port < 65536);
@@ -1023,16 +1029,30 @@ async function verifyMailboxSMTP(params) {
   const cache = options.cache;
   const log = debug ? (...args) => console.log("[SMTP]", ...args) : () => {
   };
-  const mxHost = mxRecords[0];
-  if (!mxHost) {
+  const startedAtMs = Date.now();
+  const primaryMx = mxRecords[0];
+  if (!primaryMx) {
     log("No MX records found");
-    return { smtpResult: failureResult("No MX records found"), cached: false, port: 0, portCached: false };
+    const metrics2 = makeMetrics([], 0, 0, void 0, startedAtMs);
+    return { smtpResult: failureResult("no_mx_records", metrics2), cached: false, port: 0, portCached: false };
   }
-  log(`Verifying ${local}@${domain} via ${mxHost}`);
+  log(`Verifying ${local}@${domain} via ${primaryMx} (mx count=${mxRecords.length})`);
   const transcript = [];
   const commands = [];
+  const probeOptions = {
+    local,
+    domain,
+    timeout,
+    tlsConfig,
+    hostname,
+    sequence,
+    log,
+    catchAllProbeLocal: options.catchAllProbeLocal,
+    pipelining: (_h = options.pipelining) !== null && _h !== void 0 ? _h : "auto",
+    startTls: (_j = options.startTls) !== null && _j !== void 0 ? _j : "auto"
+  };
   const verdictCache = cache ? getCacheStore(cache, "smtp") : null;
-  const verdictKey = `${mxHost}:${local}@${domain}`;
+  const verdictKey = `${primaryMx}:${local}@${domain}`;
   if (verdictCache) {
     const cachedResult = await safeCacheGet(verdictCache, verdictKey);
     if (cachedResult) {
@@ -1041,81 +1061,99 @@ async function verifyMailboxSMTP(params) {
     }
   }
   const portCache = cache ? getCacheStore(cache, "smtpPort") : null;
-  if (portCache) {
-    const cachedPort = await safeCacheGet(portCache, mxHost);
-    if (cachedPort) {
-      log(`Using cached port: ${cachedPort}`);
-      const probe = await runProbe({
-        mxHost,
-        port: cachedPort,
-        local,
-        domain,
-        timeout,
-        tlsConfig,
-        hostname,
-        sequence,
-        log
-      });
-      collectTranscript(transcript, commands, probe, cachedPort);
-      const smtpResult = toSmtpVerificationResult(probe.result, captureTranscript ? { transcript, commands } : void 0);
-      await safeCacheSet(verdictCache, verdictKey, smtpResult);
-      return { smtpResult, cached: false, port: cachedPort, portCached: true };
-    }
-  }
-  for (const port of ports) {
-    log(`Testing port ${port}`);
-    const probe = await runProbe({ mxHost, port, local, domain, timeout, tlsConfig, hostname, sequence, log });
-    collectTranscript(transcript, commands, probe, port);
-    const smtpResult = toSmtpVerificationResult(probe.result, captureTranscript ? { transcript, commands } : void 0);
-    await safeCacheSet(verdictCache, verdictKey, smtpResult);
-    if (probe.result !== null) {
-      await safeCacheSet(portCache, mxHost, port);
-      return { smtpResult, cached: false, port, portCached: false };
+  const cachedPort = portCache ? await safeCacheGet(portCache, primaryMx) : null;
+  const mxHostsTried = [];
+  let mxAttempts = 0;
+  let portAttempts = 0;
+  let lastReason = "all_attempts_failed";
+  let lastEnhancedStatus;
+  let lastResponseCode;
+  for (const mxHost of mxRecords) {
+    mxHostsTried.push(mxHost);
+    mxAttempts++;
+    const portsForThisMx = mxHost === primaryMx && cachedPort ? [cachedPort, ...ports.filter((p) => p !== cachedPort)] : ports;
+    for (const port of portsForThisMx) {
+      portAttempts++;
+      log(`Testing ${mxHost}:${port}`);
+      const probe = await runProbe({ ...probeOptions, mxHost, port });
+      collectTranscript(transcript, commands, probe, mxHost, port);
+      lastReason = probe.reason;
+      if (probe.enhancedStatus !== void 0)
+        lastEnhancedStatus = probe.enhancedStatus;
+      if (probe.responseCode !== void 0)
+        lastResponseCode = probe.responseCode;
+      if (probe.result !== null) {
+        const metrics2 = makeMetrics(mxHostsTried, mxAttempts, portAttempts, mxHost, startedAtMs);
+        const smtpResult2 = toSmtpVerificationResult(probe, {
+          transcript: captureTranscript ? transcript : void 0,
+          commands: captureTranscript ? commands : void 0,
+          metrics: metrics2
+        });
+        await safeCacheSet(verdictCache, verdictKey, smtpResult2);
+        if (mxHost === primaryMx)
+          await safeCacheSet(portCache, primaryMx, port);
+        return { smtpResult: smtpResult2, cached: false, port, portCached: cachedPort === port };
+      }
     }
   }
-  log("All ports failed");
+  log(`All MX\xD7port attempts failed (mx=${mxAttempts}, port=${portAttempts})`);
+  const metrics = makeMetrics(mxHostsTried, mxAttempts, portAttempts, void 0, startedAtMs);
+  const smtpResult = {
+    ...failureResult(lastReason, metrics),
+    ...lastEnhancedStatus !== void 0 ? { enhancedStatus: lastEnhancedStatus } : {},
+    ...lastResponseCode !== void 0 ? { responseCode: lastResponseCode } : {},
+    ...captureTranscript ? { transcript: [...transcript], commands: [...commands] } : {}
+  };
+  return { smtpResult, cached: false, port: 0, portCached: false };
+}
+function makeMetrics(mxHostsTried, mxAttempts, portAttempts, mxHostUsed, startedAtMs) {
   return {
-    smtpResult: {
-      ...failureResult("All SMTP connection attempts failed"),
-      ...captureTranscript ? { transcript: [...transcript], commands: [...commands] } : {}
-    },
-    cached: false,
-    port: 0,
-    portCached: false
+    mxAttempts,
+    portAttempts,
+    mxHostsTried: [...mxHostsTried],
+    ...mxHostUsed !== void 0 ? { mxHostUsed } : {},
+    totalDurationMs: Date.now() - startedAtMs
   };
 }
-function collectTranscript(transcript, commands, probe, port) {
+function collectTranscript(transcript, commands, probe, mxHost, port) {
+  const prefix = `${mxHost}:${port}`;
   for (const line of probe.transcript)
-    transcript.push(`${port}|s| ${line}`);
+    transcript.push(`${prefix}|s| ${line}`);
   for (const cmd of probe.commands)
-    commands.push(`${port}|c| ${cmd}`);
+    commands.push(`${prefix}|c| ${cmd}`);
 }
-function failureResult(error) {
+function failureResult(reason, metrics) {
   return {
     canConnectSmtp: false,
     hasFullInbox: false,
     isCatchAll: false,
     isDeliverable: false,
     isDisabled: false,
-    error,
-    providerUsed: exports.EmailProvider.everythingElse,
-    checkedAt: Date.now()
+    error: reason,
+    checkedAt: Date.now(),
+    metrics
   };
 }
-function toSmtpVerificationResult(result, capture) {
-  const base = {
+function toSmtpVerificationResult(probe, extras) {
+  var _a;
+  const result = probe.result;
+  const out = {
     canConnectSmtp: result !== null,
-    hasFullInbox: false,
-    isCatchAll: false,
+    hasFullInbox: probe.reason === "over_quota",
+    isCatchAll: (_a = probe.isCatchAll) !== null && _a !== void 0 ? _a : false,
     isDeliverable: result === true,
     isDisabled: result === false,
-    error: result === true ? void 0 : result === null ? "ambiguous" : "not_found",
-    providerUsed: exports.EmailProvider.everythingElse,
-    checkedAt: Date.now()
+    error: result === true ? void 0 : probe.reason,
+    checkedAt: Date.now(),
+    metrics: extras.metrics,
+    ...probe.enhancedStatus !== void 0 ? { enhancedStatus: probe.enhancedStatus } : {},
+    ...probe.responseCode !== void 0 ? { responseCode: probe.responseCode } : {}
   };
-  if (!capture)
-    return base;
-  return { ...base, transcript: [...capture.transcript], commands: [...capture.commands] };
+  if (extras.transcript)
+    out.transcript = [...extras.transcript];
+  if (extras.commands)
+    out.commands = [...extras.commands];
+  return out;
 }
 async function safeCacheGet(store, key) {
   if (!store)
@@ -1145,8 +1183,17 @@ class SMTPProbeConnection {
     this.buffer = "";
     this.resolved = false;
     this.currentStepIndex = 0;
+    this.tlsUpgrading = false;
+    this.postUpgradeReEhlo = false;
     this.transcript = [];
     this.commands = [];
+    this.supportsPipelining = false;
+    this.supportsStartTls = false;
+    this.dualPhase = "idle";
+    this.realOutcome = "pending";
+    this.probeOutcome = "pending";
+    this.dualPipelined = false;
+    this.pendingDecision = null;
     this.onData = (data) => {
       if (this.resolved)
         return;
@@ -1159,7 +1206,7 @@ class SMTPProbeConnection {
         this.processLine(line);
       }
     };
-    const defaultSteps = [exports.SMTPStep.greeting, exports.SMTPStep.ehlo, exports.SMTPStep.mailFrom, exports.SMTPStep.rcptTo];
+    const defaultSteps = [exports.SMTPStep.greeting, exports.SMTPStep.ehlo, exports.SMTPStep.startTls, exports.SMTPStep.mailFrom, exports.SMTPStep.rcptTo];
     this.steps = [...(_b = (_a = p.sequence) === null || _a === void 0 ? void 0 : _a.steps) !== null && _b !== void 0 ? _b : defaultSteps];
     this.isTLS = PORT_TLS[p.port] === true;
     const servername = isIPAddress(p.mxHost) ? void 0 : p.mxHost;
@@ -1170,6 +1217,7 @@ class SMTPProbeConnection {
       minVersion: "TLSv1.2",
       ...typeof p.tlsConfig === "object" ? p.tlsConfig : {}
     };
+    this.probeLocal = p.catchAllProbeLocal ? p.catchAllProbeLocal(p.local, p.domain) : defaultProbeLocal();
   }
   run() {
     return new Promise((resolve) => {
@@ -1178,7 +1226,8 @@ class SMTPProbeConnection {
         this.connect();
         this.armConnectionTimer();
       } catch (error) {
-        this.finish(null, `connect_throw:${error instanceof Error ? error.message : "unknown"}`);
+        this.p.log(`connect threw: ${error instanceof Error ? error.message : "unknown"}`);
+        this.finish(null, "connection_error");
       }
     });
   }
@@ -1230,51 +1279,173 @@ class SMTPProbeConnection {
     switch (step) {
       case exports.SMTPStep.greeting:
         return;
+      // server-driven; nothing to send
       case exports.SMTPStep.ehlo:
         this.send(`EHLO ${this.p.hostname}`);
         return;
       case exports.SMTPStep.helo:
         this.send(`HELO ${this.p.hostname}`);
         return;
+      case exports.SMTPStep.startTls:
+        this.executeStartTls();
+        return;
       case exports.SMTPStep.mailFrom: {
         const from = (_b = (_a = this.p.sequence) === null || _a === void 0 ? void 0 : _a.from) !== null && _b !== void 0 ? _b : `<${this.p.local}@${this.p.domain}>`;
         this.send(`MAIL FROM:${from}`);
         return;
       }
       case exports.SMTPStep.rcptTo:
-        this.send(`RCPT TO:<${this.p.local}@${this.p.domain}>`);
+        this.executeEnvelope();
         return;
     }
   }
-  processLine(line) {
-    if (this.resolved)
+  /**
+   * Conditional STARTTLS upgrade. Skipped (advances to next step) when:
+   *   - already TLS (implicit-TLS port like 465 or already-upgraded)
+   *   - `startTls === 'never'`
+   *   - `startTls === 'auto'` AND the MX didn't advertise STARTTLS in EHLO
+   *
+   * Sends `STARTTLS` and waits for 220 when:
+   *   - `startTls === 'force'` (regardless of advertisement)
+   *   - `startTls === 'auto'` AND the MX advertised it
+   *
+   * On 220, `tls.connect()` wraps the existing socket. After the handshake
+   * we re-EHLO (mandatory per RFC 3207 §4.2 — pre-TLS state must be
+   * discarded) before continuing to MAIL FROM.
+   */
+  executeStartTls() {
+    const mode = this.p.startTls;
+    const wantsUpgrade = !this.isTLS && mode !== "never" && (mode === "force" || mode === "auto" && this.supportsStartTls);
+    if (!wantsUpgrade) {
+      this.nextStep();
       return;
-    this.transcript.push(line);
-    this.p.log(`\u2190 ${line}`);
-    if (isHighVolume(line)) {
-      this.finish(true, "high_volume");
+    }
+    this.send("STARTTLS");
+  }
+  /**
+   * Wrap the plaintext socket with TLS in place. Called after the server
+   * answers our STARTTLS with 220. Detaches the plaintext-socket listeners
+   * (TLS owns the underlying transport now), re-installs them on the wrapped
+   * socket, resets EHLO-derived capabilities, and re-issues EHLO once the
+   * handshake completes (RFC 3207 §4.2 mandates re-EHLO after upgrade —
+   * pre-TLS state must be discarded).
+   */
+  upgradeToTls() {
+    const plainSocket = this.socket;
+    if (!plainSocket) {
+      this.finish(null, "tls_upgrade_failed");
       return;
     }
-    if (isOverQuota(line)) {
-      this.finish(false, "over_quota");
+    const detach = plainSocket.removeAllListeners;
+    if (typeof detach === "function") {
+      detach.call(plainSocket, "data");
+      detach.call(plainSocket, "error");
+      detach.call(plainSocket, "close");
+      detach.call(plainSocket, "timeout");
+    }
+    try {
+      plainSocket.setTimeout(0);
+    } catch {
+    }
+    this.tlsUpgrading = true;
+    const servername = isIPAddress(this.p.mxHost) ? void 0 : this.p.mxHost;
+    const tlsSocket = tls__namespace.connect({ ...this.tlsOptions, socket: plainSocket, servername }, () => {
+      this.tlsUpgrading = false;
+      this.isTLS = true;
+      this.buffer = "";
+      this.supportsStartTls = false;
+      this.supportsPipelining = false;
+      this.postUpgradeReEhlo = true;
+      this.send(`EHLO ${this.p.hostname}`);
+    });
+    this.socket = tlsSocket;
+    this.socket.on("data", this.onData);
+    this.socket.on("error", () => {
+      this.finish(null, this.tlsUpgrading ? "tls_handshake_failed" : "connection_error");
+    });
+    this.socket.on("close", () => this.finish(null, "connection_closed"));
+    this.socket.setTimeout(this.p.timeout, () => this.finish(null, "socket_timeout"));
+  }
+  /**
+   * Send the dual-probe envelope (real RCPT + probe RCPT + RSET). Pipelined
+   * when the MX advertised PIPELINING (or `pipelining: 'force'`); sequential
+   * otherwise.
+   */
+  executeEnvelope() {
+    var _a;
+    const wantsPipelining = this.p.pipelining === "force" || this.p.pipelining === "auto" && this.supportsPipelining;
+    const realCmd = `RCPT TO:<${this.p.local}@${this.p.domain}>`;
+    if (wantsPipelining) {
+      this.dualPipelined = true;
+      const probeCmd = `RCPT TO:<${this.probeLocal}@${this.p.domain}>`;
+      const rsetCmd = "RSET";
+      this.commands.push(realCmd, probeCmd, rsetCmd);
+      this.p.log(`\u2192 ${realCmd}`);
+      this.p.log(`\u2192 ${probeCmd}`);
+      this.p.log(`\u2192 ${rsetCmd}`);
+      (_a = this.socket) === null || _a === void 0 ? void 0 : _a.write(`${realCmd}\r
+${probeCmd}\r
+${rsetCmd}\r
+`);
+      this.dualPhase = "rcpt_real";
       return;
     }
-    if (isInvalidMailboxError(line)) {
-      this.finish(false, "not_found");
+    this.dualPipelined = false;
+    this.send(realCmd);
+    this.dualPhase = "rcpt_real";
+  }
+  processLine(line) {
+    if (this.resolved)
       return;
+    this.transcript.push(line);
+    this.p.log(`\u2190 ${line}`);
+    const codeStr = line.slice(0, 3);
+    const numericCode = /^\d{3}$/.test(codeStr) ? parseInt(codeStr, 10) : null;
+    if (numericCode !== null)
+      this.lastResponseCode = numericCode;
+    const dsn = parseDsn(line);
+    if (dsn)
+      this.lastEnhancedStatus = dsnToString(dsn);
+    if (this.dualPhase === "idle" || this.dualPhase === "rcpt_real") {
+      if (isHighVolume(line)) {
+        this.finish(true, "high_volume");
+        return;
+      }
+      if (isOverQuota(line)) {
+        this.isCatchAllFlag = false;
+        this.finish(false, "over_quota");
+        return;
+      }
+      if (isInvalidMailboxError(line)) {
+        this.isCatchAllFlag = false;
+        this.finish(false, "not_found");
+        return;
+      }
     }
-    if (MULTILINE_RE.test(line))
+    if (MULTILINE_RE.test(line)) {
+      const step = this.steps[this.currentStepIndex];
+      const isEhloLike = step === exports.SMTPStep.ehlo || step === exports.SMTPStep.helo || step === exports.SMTPStep.startTls && this.postUpgradeReEhlo;
+      if (isEhloLike && line.startsWith("250-")) {
+        const upper = line.toUpperCase();
+        if (upper.includes("PIPELINING"))
+          this.supportsPipelining = true;
+        if (upper.includes("STARTTLS"))
+          this.supportsStartTls = true;
+      }
       return;
-    const code = line.slice(0, 3);
-    const numericCode = /^\d{3}$/.test(code) ? parseInt(code, 10) : null;
+    }
     if (numericCode === null) {
       this.finish(null, "unrecognized_response");
       return;
     }
-    this.dispatch(numericCode);
+    this.dispatch(numericCode, line);
   }
-  dispatch(code) {
+  dispatch(code, line) {
     const step = this.steps[this.currentStepIndex];
+    if (this.dualPhase !== "idle" && step === exports.SMTPStep.rcptTo) {
+      this.handleEnvelopeReply(code, line);
+      return;
+    }
     switch (step) {
       case exports.SMTPStep.greeting:
         if (code === 220)
@@ -1294,6 +1465,21 @@ class SMTPProbeConnection {
         else
           this.finish(null, "helo_failed");
         return;
+      case exports.SMTPStep.startTls:
+        if (this.postUpgradeReEhlo) {
+          this.postUpgradeReEhlo = false;
+          if (code === 250)
+            this.nextStep();
+          else
+            this.finish(null, "ehlo_failed");
+          return;
+        }
+        if (code === 220) {
+          this.upgradeToTls();
+        } else {
+          this.finish(null, "tls_upgrade_failed");
+        }
+        return;
       case exports.SMTPStep.mailFrom:
         if (code === 250)
           this.nextStep();
@@ -1301,15 +1487,91 @@ class SMTPProbeConnection {
           this.finish(null, "mail_from_rejected");
         return;
       case exports.SMTPStep.rcptTo:
-        if (code === 250 || code === 251)
-          this.finish(true, "valid");
-        else if (code === 552 || code === 452)
-          this.finish(false, "over_quota");
-        else if (code >= 400 && code < 500)
-          this.finish(null, "temporary_failure");
-        else
-          this.finish(null, "ambiguous");
+        this.handleEnvelopeReply(code, line);
+        return;
+    }
+  }
+  /**
+   * Dual-probe / pipelined-envelope reply router. Demuxes server replies for
+   * the three queued commands (real RCPT, probe RCPT, RSET) and resolves
+   * with the catch-all-aware verdict.
+   */
+  handleEnvelopeReply(code, line) {
+    if (this.dualPhase === "rcpt_real") {
+      this.realOutcome = classifyRcpt(code);
+      if (code === 552 || code === 452 || isOverQuota(line)) {
+        this.isCatchAllFlag = false;
+        if (this.dualPipelined) {
+          this.pendingDecision = { result: false, reason: "over_quota" };
+          this.dualPhase = "rcpt_probe";
+          return;
+        }
+        this.finish(false, "over_quota");
+        return;
+      }
+      if (this.realOutcome === "soft_reject") {
+        if (this.dualPipelined) {
+          this.pendingDecision = { result: null, reason: "temporary_failure" };
+          this.dualPhase = "rcpt_probe";
+          return;
+        }
+        this.finish(null, "temporary_failure");
+        return;
+      }
+      if (this.realOutcome === "hard_reject") {
+        const reason = isInvalidMailboxError(line) ? "not_found" : "ambiguous";
+        const result = reason === "not_found" ? false : null;
+        this.isCatchAllFlag = false;
+        if (this.dualPipelined) {
+          this.pendingDecision = { result, reason };
+          this.dualPhase = "rcpt_probe";
+          return;
+        }
+        this.finish(result, reason);
         return;
+      }
+      if (this.dualPipelined) {
+        this.dualPhase = "rcpt_probe";
+      } else {
+        this.send(`RCPT TO:<${this.probeLocal}@${this.p.domain}>`);
+        this.dualPhase = "rcpt_probe";
+      }
+      return;
+    }
+    if (this.dualPhase === "rcpt_probe") {
+      this.probeOutcome = classifyRcpt(code);
+      if (this.dualPipelined) {
+        this.dualPhase = "rset";
+      } else {
+        this.send("RSET");
+        this.dualPhase = "rset";
+      }
+      return;
+    }
+    if (this.dualPhase === "rset") {
+      if (this.pendingDecision) {
+        this.finish(this.pendingDecision.result, this.pendingDecision.reason);
+        return;
+      }
+      this.decideDualProbe();
+      return;
+    }
+  }
+  /** Final decision after both RCPT outcomes are known. Catch-all only when both 250. */
+  decideDualProbe() {
+    if (this.realOutcome === "accept" && this.probeOutcome === "accept") {
+      this.isCatchAllFlag = true;
+      this.finish(true, "valid");
+    } else if (this.realOutcome === "accept") {
+      this.isCatchAllFlag = false;
+      this.finish(true, "valid");
+    } else if (this.realOutcome === "hard_reject") {
+      this.isCatchAllFlag = false;
+      this.finish(false, "not_found");
+    } else if (this.realOutcome === "soft_reject") {
+      this.finish(null, "temporary_failure");
+    } else {
+      this.finish(null, "ambiguous");
     }
   }
   finish(result, reason) {
@@ -1335,9 +1597,24 @@ class SMTPProbeConnection {
       return (_a2 = this.socket) === null || _a2 === void 0 ? void 0 : _a2.destroy();
     }, QUIT_DRAIN_MS);
     (_c = drain.unref) === null || _c === void 0 ? void 0 : _c.call(drain);
-    this.resolveFn({ result, transcript: this.transcript, commands: this.commands });
+    this.resolveFn({
+      result,
+      reason,
+      ...this.lastEnhancedStatus !== void 0 ? { enhancedStatus: this.lastEnhancedStatus } : {},
+      ...this.lastResponseCode !== void 0 ? { responseCode: this.lastResponseCode } : {},
+      ...this.isCatchAllFlag !== void 0 ? { isCatchAll: this.isCatchAllFlag } : {},
+      transcript: this.transcript,
+      commands: this.commands
+    });
   }
 }
+function classifyRcpt(code) {
+  if (code === 250 || code === 251)
+    return "accept";
+  if (code >= 400 && code < 500)
+    return "soft_reject";
+  return "hard_reject";
+}
 
 class ArrayTranscriptCollector {
   constructor() {
@@ -2010,12 +2287,11 @@ async function verifyEmail(params) {
   const skipMx = ((_f = params.skipMxForDisposable) !== null && _f !== void 0 ? _f : false) && result.isDisposable;
   const skipWhois = ((_g = params.skipDomainWhoisForDisposable) !== null && _g !== void 0 ? _g : false) && result.isDisposable;
   await runWhoisChecks(domain, params, result, skipWhois, log, collector);
-  if (((_h = params.verifyMx) !== null && _h !== void 0 ? _h : true) || ((_j = params.verifySmtp) !== null && _j !== void 0 ? _j : false)) {
-    if (skipMx) {
-      log(`[verifyEmail] skipping MX/SMTP for disposable: ${params.emailAddress}`);
-    } else {
-      await runMxAndSmtp(local, domain, params, result, log, collector);
-    }
+  const wantsMxOrSmtp = ((_h = params.verifyMx) !== null && _h !== void 0 ? _h : true) || ((_j = params.verifySmtp) !== null && _j !== void 0 ? _j : false);
+  if (wantsMxOrSmtp && skipMx) {
+    log(`[verifyEmail] skipping MX/SMTP for disposable: ${params.emailAddress}`);
+  } else if (wantsMxOrSmtp) {
+    await runMxAndSmtp(local, domain, params, result, log, collector);
   }
   result.metadata.verificationTime = Date.now() - startTime;
   if (captureTranscript)
@@ -2365,6 +2641,36 @@ function isSpamName(name) {
   return true;
 }
 
+const REFINEMENT_TABLE = {
+  // X.1.x — addressing
+  "5.1.1": "mailbox_does_not_exist",
+  "5.1.2": "bad_destination_system",
+  "5.1.3": "bad_destination_address",
+  "5.1.6": "mailbox_moved",
+  "5.1.10": "recipient_address_has_null_mx",
+  // X.2.x — mailbox status
+  "5.2.0": "mailbox_status_other",
+  "5.2.1": "mailbox_disabled",
+  "5.2.2": "mailbox_full",
+  "5.2.3": "message_too_long",
+  "5.2.4": "mailing_list_expansion_problem",
+  // X.4.x — network / routing
+  "4.4.1": "no_answer_from_host",
+  "4.4.2": "bad_connection",
+  // X.7.x — security / policy
+  "5.7.0": "security_other",
+  "5.7.1": "delivery_not_authorized",
+  "5.7.25": "no_reverse_dns",
+  "5.7.26": "multiple_authentication_failures"
+};
+function refineReasonByEnhancedStatus(reason, enhancedStatus) {
+  var _a;
+  const base = reason !== null && reason !== void 0 ? reason : "unknown";
+  if (!enhancedStatus)
+    return base;
+  return (_a = REFINEMENT_TABLE[enhancedStatus]) !== null && _a !== void 0 ? _a : base;
+}
+
 const NETWORK_ERROR_PATTERNS = [
   "etimedout",
   "econnrefused",
@@ -2495,6 +2801,7 @@ exports.isSpamName = isSpamName;
 exports.isValidEmail = isValidEmail;
 exports.isValidEmailDomain = isValidEmailDomain;
 exports.parseSmtpError = parseSmtpError;
+exports.refineReasonByEnhancedStatus = refineReasonByEnhancedStatus;
 exports.suggestDomain = suggestDomain;
 exports.suggestEmailDomain = suggestEmailDomain;
 exports.verifyEmail = verifyEmail;