EmailRep · Schema
EmailReputationDetails
Detailed intelligence signals about the email address and its domain.
SecurityEmailEmail ReputationThreat IntelligencePhishingFraud PreventionAnti-AbuseDeliverabilityRisk ScoringPublic APIs
Properties
| Name | Type | Description |
|---|---|---|
| blacklisted | boolean | The email is believed to be malicious or spammy. |
| malicious_activity | boolean | The email has exhibited malicious behavior (e.g. phishing or fraud). |
| malicious_activity_recent | boolean | Malicious behavior observed within the last 90 days. |
| credentials_leaked | boolean | Credentials for the email were leaked at some point (data breach, paste, dark web, etc.). |
| credentials_leaked_recent | boolean | Credentials were leaked within the last 90 days. |
| data_breach | boolean | The email appeared in a known data breach. |
| first_seen | string | First date the email was observed in a breach, credential leak, or exhibiting malicious or spammy behavior. `never` if never seen. |
| last_seen | string | Last date the email was observed in a breach, credential leak, or exhibiting malicious or spammy behavior. `never` if never seen. |
| domain_exists | boolean | Whether the email's domain is a valid, resolvable domain. |
| domain_reputation | string | Reputation verdict for the email's domain. `n/a` when the domain is a free provider, disposable, or does not exist. |
| new_domain | boolean | The domain was registered within the last year. |
| days_since_domain_creation | integer | Days since the domain was created. |
| suspicious_tld | boolean | The domain uses a top-level domain associated with abuse. |
| spam | boolean | The email has exhibited spammy behavior (e.g. spam traps, login form abuse). |
| free_provider | boolean | The email uses a free email provider (e.g. Gmail, Yahoo, Outlook). |
| disposable | boolean | The email uses a temporary or disposable provider. |
| deliverable | boolean | The address is deliverable based on SMTP probes and MX checks. |
| accept_all | boolean | The mail server has a default accept-all policy. |
| valid_mx | boolean | The domain has a valid MX record. |
| spoofable | boolean | The email address can be spoofed (e.g. SPF is not strict or DMARC is not enforced). |
| spf_strict | boolean | SPF record is sufficiently strict to prevent spoofing. |
| dmarc_enforced | boolean | DMARC is configured correctly and enforced. |
| profiles | array | Online profiles where the email has been observed. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/emailrep/refs/heads/main/json-schema/api-email-reputation-details-schema.json",
"title": "EmailReputationDetails",
"description": "Detailed intelligence signals about the email address and its domain.",
"type": "object",
"properties": {
"blacklisted": {
"type": "boolean",
"description": "The email is believed to be malicious or spammy.",
"example": false
},
"malicious_activity": {
"type": "boolean",
"description": "The email has exhibited malicious behavior (e.g. phishing or fraud).",
"example": false
},
"malicious_activity_recent": {
"type": "boolean",
"description": "Malicious behavior observed within the last 90 days.",
"example": false
},
"credentials_leaked": {
"type": "boolean",
"description": "Credentials for the email were leaked at some point (data breach, paste, dark web, etc.).",
"example": true
},
"credentials_leaked_recent": {
"type": "boolean",
"description": "Credentials were leaked within the last 90 days.",
"example": false
},
"data_breach": {
"type": "boolean",
"description": "The email appeared in a known data breach.",
"example": true
},
"first_seen": {
"type": "string",
"description": "First date the email was observed in a breach, credential leak, or exhibiting malicious or spammy behavior. `never` if never seen.",
"example": "07/01/2008"
},
"last_seen": {
"type": "string",
"description": "Last date the email was observed in a breach, credential leak, or exhibiting malicious or spammy behavior. `never` if never seen.",
"example": "05/24/2019"
},
"domain_exists": {
"type": "boolean",
"description": "Whether the email's domain is a valid, resolvable domain.",
"example": true
},
"domain_reputation": {
"type": "string",
"description": "Reputation verdict for the email's domain. `n/a` when the domain is a free provider, disposable, or does not exist.",
"enum": [
"high",
"medium",
"low",
"n/a"
],
"example": "high"
},
"new_domain": {
"type": "boolean",
"description": "The domain was registered within the last year.",
"example": false
},
"days_since_domain_creation": {
"type": "integer",
"description": "Days since the domain was created.",
"example": 10341
},
"suspicious_tld": {
"type": "boolean",
"description": "The domain uses a top-level domain associated with abuse.",
"example": false
},
"spam": {
"type": "boolean",
"description": "The email has exhibited spammy behavior (e.g. spam traps, login form abuse).",
"example": false
},
"free_provider": {
"type": "boolean",
"description": "The email uses a free email provider (e.g. Gmail, Yahoo, Outlook).",
"example": false
},
"disposable": {
"type": "boolean",
"description": "The email uses a temporary or disposable provider.",
"example": false
},
"deliverable": {
"type": "boolean",
"description": "The address is deliverable based on SMTP probes and MX checks.",
"example": true
},
"accept_all": {
"type": "boolean",
"description": "The mail server has a default accept-all policy.",
"example": true
},
"valid_mx": {
"type": "boolean",
"description": "The domain has a valid MX record.",
"example": true
},
"spoofable": {
"type": "boolean",
"description": "The email address can be spoofed (e.g. SPF is not strict or DMARC is not enforced).",
"example": false
},
"spf_strict": {
"type": "boolean",
"description": "SPF record is sufficiently strict to prevent spoofing.",
"example": true
},
"dmarc_enforced": {
"type": "boolean",
"description": "DMARC is configured correctly and enforced.",
"example": true
},
"profiles": {
"type": "array",
"description": "Online profiles where the email has been observed.",
"items": {
"type": "string"
},
"example": [
"myspace",
"spotify",
"twitter",
"pinterest",
"flickr",
"linkedin",
"vimeo",
"angellist"
]
}
}
}