Overview

The email_score is computed by analyzing various characteristics of both the email address and its associated domain. We run comprehensive checks on the domain to understand its trustworthiness and combine that with detailed analysis of the email structure and history to create a single score. The scoring process involves:
  1. Domain Intelligence - Analyzing the domain’s web presence, business metadata, and reputation
  2. Email Intelligence - Examining email structure, deliverability, and breach history
  3. Signal Aggregation - Combining all signals into a unified risk assessment
We return this as email_score in our API, where the score ranges from -1 to 1:
  • -1 represents the most trustworthy emails
  • 1 represents the highest risk emails

Score Examples

High Trust (-1.0)

johndoe@gmail.comTrust Signals: email_age_greater_than_5_years, email_known_online_history

Neutral (0.0)

john@verisoul.aiNo particular risk or trust indicators detected, representing a neutral assessment.

High Risk (1.0)

confidentialbot+1232384uu8734587@tempmail.comRisk Signals: email_alias, email_likely_generated, email_high_number_count, domain_disposable_type

Domain Intelligence

Web Presence Analysis

We evaluate how the domain appears in search engines and assess its overall online footprint and reputation.

Content Quality Assessment

Our systems analyze the domain’s landing page content, design quality, and professional appearance indicators.

Business Verification

For business domains, we cross-reference public company data including employee count, registration details, and legitimacy markers.

Technical Infrastructure

We examine the domain’s technical setup, including MX record configuration, DNS health, and email delivery infrastructure.

Email Intelligence

Our comprehensive email analysis examines multiple dimensions of the email address to determine authenticity and risk:

Signals

Asynchronous Scoring: For the most accurate email_score scoring runs asynchronously. You can determine the score is complete when email_score is non-null, which typically takes about 3–5 seconds after we first observe the email.
Our email intelligence generates various trust and risk signals that contribute to the overall email score. These signals are categorized into risk indicators and trust indicators to provide a comprehensive assessment.

Risk Signals

FlagDescription
email_invalidemail is not a valid email formatted string
email_high_number_countemail has more than 5 numbers
email_high_period_countemail has more than 2 periods
email_high_number_numeric_blocksemail has more than 1 distinct block of numbers
email_with_business_with_numbersemail is a business email with numbers in username
email_suspicious_keywordsemail username contains suspicious words like “stealth” or “fraud”
email_aliasemail is an alias
email_role_keywordemail is an abstract role entity (hr, sales, etc.)
email_no_replyemail is a noreply username
email_not_deliverableemail can’t receive emails
email_likely_generatedemail appears to be illegible and randomly generated
email_young_ageemail is less than 1 year old
email_no_online_historyemail has no breaches
email_unknown_ageemail has no breaches
email_too_many_breachesemail has been seen in over 50 breaches
email_risky_online_historyemail has been seen in a high risk breach
email_mailbox_fullemail exists and is theoretically deliverable but mailbox is full currently
domain_relay_typedomain is a known relay domain
domain_disposable_typedomain is a known disposable
domain_low_trust_businessdomain is a low trust business
domain_no_mx_recorddomain has no mx record
domain_suspicious_keywordsdomain contains suspicious keywords like “temp” or “throwaway”
domain_whois_less_than_1_yeardomain was registered less than 1 year ago
domain_risky_personaldomain is known to be risky relative to gmail.com
domain_does_not_resolvedomain does not resolve to an IP
domain_impersonation_typedomain is attempting to impersonate another domain
domain_invaliddomain (fqdn) does not have a valid mx record

Trust Signals

FlagDescription
email_age_greater_than_3_yearsemail first seen more 3 years ago
email_age_greater_than_5_yearsemail first seen more 5 years ago
email_age_greater_than_10_yearsemail first seen more 10 years ago
email_age_greater_than_15_yearsemail first seen more 15 years ago
email_known_online_historyemail has history in data breaches
email_trusted_online_historyemail has been seen in high trust breaches
domain_trusted_typedomain is a government or education type
domain_trusted_personaldomain is known higher trust relative to gmail.com
domain_high_trust_businessdomain is a known business
domain_whois_greater_than_5_yearsdomain first registered over 5 years ago
domain_trusted_relaydomain is a Apple Private Relay, a trusted forwarding service

Domain Types

Our system categorizes email domains into various types based on their purpose and characteristics:
TypeDescription
relaya email forwarding service
personala public email service
disposablea throwaway or temporary email provider
businessa business domain
governmenta government entity domain
educationan educational entity domain
impersonationa domain attempting to impersonate another domain
invalida domain that doesn’t have a valid mx server attached
not_activea domain that appears to be inactive or not used