Skip to content
emailrep.io Public API
Branch: master
Clone or download
Latest commit 048c503 Aug 20, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md remove gitter Aug 20, 2019

README.md

emailrep.io Alpha Risk API

Summary

EmailRep is a system of crawlers, scanners and enrichment services that collects data on email addresses, domains, and internet personas.

EmailRep uses hundreds of data points from social media profiles, professional networking sites, dark web credential leaks, data breaches, phishing kits, phishing emails, spam lists, open mail relays, domain age and reputation, deliverability, and more to predict the risk of an email address and answer these types of questions:

  • Is this email risky?
  • Is this a throwaway account?
  • Is there potential for this signup to commit fraud or abuse?
  • What kind of online presence does this email have?
  • Is this a trustworthy sender?

URL

https://emailrep.io

Detailed Usage

For authentication info, code samples and the Report API, see our detailed documentation.

Simple Usage

GET /[email] - query an email

Example:

$ curl -s emailrep.io/bill@microsoft.com
{
  "email": "bill@microsoft.com",
  "reputation": "high",
  "suspicious": false,
  "references": 61,
  "details": {
    "blacklisted": false,
    "malicious_activity": false,
    "malicious_activity_recent": false,
    "credentials_leaked": true,
    "credentials_leaked_recent": false,
    "data_breach": true,
    "last_seen": "03/01/2015",
    "domain_exists": true,
    "domain_reputation": "high",
    "new_domain": false,
    "days_since_domain_creation": 10232,
    "suspicious_tld": false,
    "spam": false,
    "free_provider": false,
    "disposable": false,
    "deliverable": true,
    "accept_all": true,
    "valid_mx": true,
    "spoofable": false,
    "spf_strict": true,
    "dmarc_enforced": true,
    "profiles": [
      "twitter",
      "linkedin",
      "instagram",
      "spotify",
      "vimeo",
      "angellist",
      "tumblr",
      "flickr",
      "myspace",
      "pinterest"
    ]
  }
}

Response Details

  • reputation: high/medium/low/none
  • suspicious: whether the email address should be treated as suspicious or risky
  • references: total number of positive and negative sources of reputation. note that these may not all be direct references to the email address, but can include reputation sources for the domain or other related information
  • blacklisted: the email is believed to be malicious or spammy
  • malicious_activity: the email has exhibited malicious behavior (e.g. phishing or fraud)
  • malicious_activity_recent: malicious behavior in the last 90 days (e.g. in the case of temporal account takeovers)
  • credentials_leaked: credentials were leaked at some point in time (e.g. a data breach, pastebin, dark web, etc.)
  • credentials_leaked_recent: credentials were leaked in the last 90 days
  • data_breach: the email was in a data breach at some point in time
  • last_seen: the last date the email was observed in a breach, credential leak, or exhibiting malicious or spammy behavior ('never' if never seen)
  • domain_exists: valid domain
  • domain_reputation: high/medium/low/n/a (n/a if the domain is a free_provider, disposable, or doesn't exist)
  • new_domain: the domain was created within the last year
  • days_since_domain_creation: days since the domain was created
  • suspicious_tld: suspicious tld
  • spam: the email has exhibited spammy behavior (e.g. spam traps, login form abuse)
  • free_provider: the email uses a free email provider
  • disposable: the email uses a temporary/disposable service
  • deliverable: deliverable
  • accept_all: whether the mail server has a default accept all policy. some mail servers return inconsistent responses, so we may default to an accept_all for those to be safe
  • valid_mx: has an MX record
  • spoofable: email address can be spoofed (e.g. not a strict SPF policy or DMARC is not enforced)
  • spf_strict: sufficiently strict SPF record to prevent spoofing
  • dmarc_enforced: DMARC is configured correctly and enforced
  • profiles: online profiles used by the email

Use cases

Defensive:

  • Detect targeted phishing attacks.
  • Detect and prevent fraud.
  • Detect throwaway accounts.
  • Require additional layers of verification (MFA) during your signup flow to prevent abuse.
  • Contextualize netflow and other products that analyze email addresses or related data.

Offensive (ethical):

  • Conduct recon on a target email address for credential brute forcing.
  • Construct targeted phishing attacks based off of target's social media profiles.
  • Inform reputation of social engineering campaigns (higher reputation can help avoid the spam folder).
You can’t perform that action at this time.