Validate a single email address using ZeroBounce API. Returns detailed validation results including status, sub-status, and additional metadata.
AI agents call validate_email to retrieve information from Zerobounce without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool queries an external email validation service and returns metadata about an email address. It has no destructive, financial, or code-execution capabilities. It does not create, modify, or delete data—it only retrieves and reports validation status.
From the tool's definition The tool 'Validate a single email address using ZeroBounce API. Returns detailed validation results' performs a query operation that retrieves validation data without modifying, deleting, or executing code.
Attacks that exploit this kind of access
Validate a single email address using ZeroBounce API. Returns detailed validation results including status, sub-status, and additional metadata. It is categorised as a Read tool in the Zerobounce MCP Server, which means it retrieves data without modifying state.
Register the Zerobounce MCP server in PolicyLayer and add a rule for validate_email: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Zerobounce. Nothing to install.
validate_email is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the validate_email rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for validate_email. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
validate_email is provided by the Zerobounce MCP server (@zerobounce/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
validate_email is one line of Zerobounce's registry record.
The record carries the whole server: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.
Teams ship this data inside their own products. See what a licence covers →