We are using SendGrid's Event webhook to track invalid emails. This webhook will post back to a specified API whenever an email has been dropped or bounced. In case the webhook was improperly setup, this endpoint will only invalidate emails if the event is either dropped or bounced.
https://services.sparkart.net/api/v1/sendgrid/events
A simple signature is passed to sendgrid along with every email request. When an email is invalid or bounces, that signature gets POSTed back to us through the webhook. We verify the token before marking an email as invalid.
This endpoint currently invalidates all email matches across all fanclubs. I think it makes sense to do so as an email invalid in one fanclub will also be invalid in every fanclub, but let me know if I should not be doing this because of some compliance issues or something...
Sendgrid allows us to pass unique_args in the special header the same way we pass the category. We pass fanclub_api_key along with a sig that allows us to verify the validity of the POST request if the email happens to be invalid or bounces.
The signature is generated with the following method:
md5( md5(email=theUsersemail@domain.com&fanclub_api_key=the-fanclub-api-key) + organization_api_key )
When the email, fanclub_api_key, and sig gets passed back to us, we'd be able to confirm that this request came from Sendgrid and not some hacker.