Overview
Theemail_score is computed by analyzing various characteristics of both the email address and its associated domain. We run comprehensive checks on the domain to understand its trustworthiness and combine that with detailed analysis of the email structure and history to create a single score.
The scoring process involves:
- Domain Intelligence - Analyzing the domain’s web presence, business metadata, and reputation
- Email Intelligence - Examining email structure, deliverability, and breach history
- Signal Aggregation - Combining all signals into a unified risk assessment
email_score in our API, where the score ranges from -1 to 1:
- -1 represents the most trustworthy emails
- 1 represents the highest risk emails
Score Examples
High Trust (-1.0)
johndoe@gmail.comTrust Signals: email_age_greater_than_5_years, email_known_online_history
Neutral (0.0)
john@verisoul.aiNo particular risk or trust indicators detected, representing a neutral assessment.
High Risk (1.0)
confidentialbot+1232384uu8734587@tempmail.comRisk Signals: email_alias, email_likely_generated, email_high_number_count, domain_disposable_type
Domain Intelligence
Web Presence Analysis
We evaluate how the domain appears in search engines and assess its overall online footprint and reputation.
Content Quality Assessment
Our systems analyze the domain’s landing page content, design quality, and professional appearance indicators.
Business Verification
For business domains, we cross-reference public company data including employee count, registration details, and legitimacy markers.
Technical Infrastructure
We examine the domain’s technical setup, including MX record configuration, DNS health, and email delivery infrastructure.
Email Intelligence
Our comprehensive email analysis examines multiple dimensions of the email address to determine authenticity and risk:Email Structure Analysis
Email Structure Analysis
Username Pattern Recognition: We analyze the composition of email usernames, including the frequency of periods, numbers, and numeric blocks that may indicate automated generation or suspicious patterns.Format Validation: Our systems detect unusual character combinations, suspicious formatting patterns, and other indicators that suggest machine-generated or fraudulent email addresses.
Security & Breach History
Security & Breach History
Data Breach Intelligence: We maintain an extensive database of known data breaches and check whether the email address has appeared in previous security incidents.Risk Assessment: Each breach is categorized by severity and type, allowing us to assess the overall risk profile associated with the email’s exposure history.
Deliverability & Validation
Deliverability & Validation
Real-time Validation: We perform live checks to verify whether the email address can actually receive messages and is actively monitored.Mailbox Health: Our system monitors for delivery issues, full mailboxes, and other factors that might affect email deliverability and user engagement.
Signals
Asynchronous Scoring: For the most accurate
email_score scoring runs asynchronously. You can determine the score is complete when email_score is non-null, which typically takes about 3–5 seconds after we first observe the email.Risk Signals
| Flag | Description |
|---|---|
| email_invalid | email is not a valid email formatted string |
| email_high_number_count | email has more than 5 numbers |
| email_high_period_count | email has more than 2 periods |
| email_high_number_numeric_blocks | email has more than 1 distinct block of numbers |
| email_with_business_with_numbers | email is a business email with numbers in username |
| email_suspicious_keywords | email username contains suspicious words like “stealth” or “fraud” |
| email_alias | email is an alias |
| email_role_keyword | email is an abstract role entity (hr, sales, etc.) |
| email_no_reply | email is a noreply username |
| email_not_deliverable | email can’t receive emails |
| email_likely_generated | email appears to be illegible and randomly generated |
| email_young_age | email is less than 1 year old |
| email_no_online_history | email has no breaches |
| email_unknown_age | email has no breaches |
| email_too_many_breaches | email has been seen in over 50 breaches |
| email_risky_online_history | email has been seen in a high risk breach |
| email_mailbox_full | email exists and is theoretically deliverable but mailbox is full currently |
| domain_relay_type | domain is a known relay domain |
| domain_disposable_type | domain is a known disposable |
| domain_low_trust_business | domain is a low trust business |
| domain_no_mx_record | domain has no mx record |
| domain_suspicious_keywords | domain contains suspicious keywords like “temp” or “throwaway” |
| domain_whois_less_than_1_year | domain was registered less than 1 year ago |
| domain_risky_personal | domain is known to be risky relative to gmail.com |
| domain_does_not_resolve | domain does not resolve to an IP |
| domain_impersonation_type | domain is attempting to impersonate another domain |
| domain_invalid | domain (fqdn) does not have a valid mx record |
Trust Signals
| Flag | Description |
|---|---|
| email_age_greater_than_3_years | email first seen more 3 years ago |
| email_age_greater_than_5_years | email first seen more 5 years ago |
| email_age_greater_than_10_years | email first seen more 10 years ago |
| email_age_greater_than_15_years | email first seen more 15 years ago |
| email_known_online_history | email has history in data breaches |
| email_trusted_online_history | email has been seen in high trust breaches |
| domain_trusted_type | domain is a government or education type |
| domain_trusted_personal | domain is known higher trust relative to gmail.com |
| domain_high_trust_business | domain is a known business |
| domain_whois_greater_than_5_years | domain first registered over 5 years ago |
| domain_trusted_relay | domain is a Apple Private Relay, a trusted forwarding service |
Domain Types
Our system categorizes email domains into various types based on their purpose and characteristics:| Type | Description |
|---|---|
| relay | a email forwarding service |
| personal | a public email service |
| disposable | a throwaway or temporary email provider |
| business | a business domain |
| government | a government entity domain |
| education | an educational entity domain |
| impersonation | a domain attempting to impersonate another domain |
| invalid | a domain that doesn’t have a valid mx server attached |
| not_active | a domain that appears to be inactive or not used |