Following is from PayPal Order Management Integration Guide:

Processing the PayPal Response to Your Postback

PayPal responds to your postbacks with a single word in the body of the response: VERIFIED or INVALID.

When you receive a VERIFIED postback response, perform the following checks on data in the IPN:

1. Check that the payment_status is Completed.
2. If the payment_status is Completed, check the txn_id against the previous PayPal transaction that you processed to ensure it is not a duplicate.
3. Check that the receiver_email is an email address registered in your PayPal account.
4. Check that the price, carried in mc_gross, and the currency, carried in mc_currency, are correct for the item, carried in item_name or item_number.

After you complete the above checks, notification validation is complete. You can update your database with the information provided, and you can initiate other appropriate automated back-end processing.

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">

    <input type="hidden" name="cmd" value="_cart" />
    <input type="hidden" name="upload" value="1" />
    <input type="hidden" name="business" value="GXLC9H9VFPLQE">

    .....


    <input type="submit" name="Submit" value="Submit" />

</form>

In step 3 I should check receiver_email, but I don't want to.

I don't want to keep my paypal account email in my application.

My question is: can I check business variable instead?