• APIs
    • WHOIS API
    • Domains & Subdomains Discovery API
    • Domain Availability API
    • Brand Alert API
    • Bulk WHOIS API
    • DNS Lookup API
    • Domain Reputation API
    • Email Verification API
    • IP Geolocation API
    • IP Netblocks API
    • Registrant Alert API
    • Reverse IP/DNS API
    • Reverse MX API
    • Reverse NS API
    • Reverse WHOIS API
    • WHOIS History API
    • Screenshot API
    • Subdomains Lookup API
    • Website Categorization API
    • Website Contacts API
  • Data feeds
    • WHOIS Database Download
    • ccTLD Historic WHOIS Database Download
    • IP Netblocks WHOIS Database
    • DNS Database Download
    • All Registered Domains
    • IP Geolocation Data Feed
    • Newly Registered Domains
    • Newly Created Websites
    • Real-time Domain Registration Streaming
    • Threat Intelligence Data Feeds
    • Website Contacts & Categorization Database
    • Disposable Email Domains Data Feed
    • Subdomains Database Download
    • Typosquatting Data Feed
    • US Internet Retailers Database
  • Domain Research & Monitoring
    • Domain Research Suite
    • Domain Monitor
    • Registrant Monitor
    • Brand Monitor
    • Reverse WHOIS Search
    • WHOIS History Search
    • WHOIS Search
    • Reverse DNS Search
    • Domain Availability Check
    • Domains & Subdomains Discovery
    • Bulk WHOIS Search
    • Bulk Email Verification
    • IP Geolocation Lookup
  • Enterprise packages
    • Enterprise API Packages
    • Enterprise Data Feed Packages
    • Enterprise Tools Packages
    • Enterprise Security Intelligence Packages
  • Custom solutions
    • WHOIS API Software Package
    • Registrar WHOIS Service
    • Internet Statistics Reports
  • Cyber-security research
    • Threat Intelligence Platform
    • Threat Intelligence API
  • Solutions
    • Cyber Security Data Solutions
    • Anti-Typosquatting & Cybersquatting Solutions
    • Attack Surface Management (ASM) Solutions
    • Brand Protection Solutions
    • Cyber Threat Hunting
    • Digital Forensics and Incident Response
    • Domainer Solutions
    • Fraud Detection Solutions
    • Investment Fund and Banking Solutions
    • Law Enforcement Solutions
    • Managed Security Service Providers
    • Marketing Research & Business Intelligence Solutions
    • Registrar Solutions
    • Security Information and Event Management
    • Security Operations Centers
    • Third-Party Risk Management (TPRM) Solutions
    • Threat Intelligence Solutions
  • Resources
    • About Us
    • Success stories
    • White papers
    • Media partnership
    • Partnerships/Integrations
    • API status
    • Blog
    • Webinars & Podcasts
    • Enterprise Blog
    • Knowledge base
    • Enterprise knowledge base
    • Terms of Service
    • Privacy Policy
    • Support services
    • Integration services
    • Core product portfolio
    • Security Intel Exchange Program
  • Contact Us
WhoisXML API
Products
Products APIs Data feeds Web tools Domain Research & Monitoring Enterprise packages Cyber Threat Intelligence
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domains & Subdomains Discovery Domains & Subdomains Discovery Domain Availability Domain Availability Brand Alert Brand Alert DNS Lookup DNS Lookup
Email Verification Email Verification Registrant Alert Registrant Alert Reverse IP/DNS Reverse IP/DNS Reverse MX Reverse MX
Reverse NS Reverse NS Reverse WHOIS Reverse WHOIS WHOIS History WHOIS History Screenshot Service Screenshot Service
Subdomains Lookup Subdomains Lookup Website Categorization Website Categorization Website Contacts Website Contacts
Domain/WHOIS
WHOIS API WHOIS API Brand Alert API Brand Alert API Bulk WHOIS API Bulk WHOIS API Domains & Subdomains Discovery API Domains & Subdomains Discovery API Domain Availability API Domain Availability API Domain Reputation API Domain Reputation API Registrant Alert API Registrant Alert API Reverse WHOIS API Reverse WHOIS API Subdomains Lookup API Subdomains Lookup API WHOIS History API WHOIS History API
DNS/IP
DNS Lookup API DNS Lookup API IP Geolocation API IP Geolocation API IP Netblocks API IP Netblocks API Reverse IP/DNS API Reverse IP/DNS API Reverse MX API Reverse MX API Reverse NS API Reverse NS API
Others
Email Verification API Email Verification API Screenshot API Screenshot API Website Categorization API Website Categorization API Website Contacts API Website Contacts API Premium API Services Premium API Services
Domain/WHOIS
WHOIS Database Download WHOIS Database Download ccTLD Historic WHOIS Database Download ccTLD Historic WHOIS Database Download WHOIS History Database WHOIS History Database All Registered Domains All Registered Domains Newly Registered Domains Newly Registered Domains Newly Created Websites Newly Created Websites Real-time Domain Registration Real-time Domain Registration Subdomains Database Download Subdomains Database Download
DNS/IP
DNS Database Download DNS Database Download IP Geolocation Data Feed IP Geolocation Data Feed IP Netblocks WHOIS Database IP Netblocks WHOIS Database
Others
Threat Intelligence Data Feeds Threat Intelligence Data Feeds Website Contacts & Categorization Database Website Contacts & Categorization Database Disposable Email Domains Data Feed Disposable Email Domains Data Feed Typosquatting Data Feed Typosquatting Data Feed US Internet Retailers Database US Internet Retailers Database
Domain/WHOIS
WHOIS Lookup WHOIS Lookup Brand Alert Lookup Brand Alert Lookup Bulk WHOIS Lookup Bulk WHOIS Lookup Domains & Subdomains Discovery Lookup Domains & Subdomains Discovery Lookup Domain Availability Lookup Domain Availability Lookup Domain Reputation Lookup Domain Reputation Lookup Registrant Alert Lookup Registrant Alert Lookup Reverse WHOIS Lookup Reverse WHOIS Lookup Subdomains Lookup Subdomains Lookup WHOIS History Lookup WHOIS History Lookup
DNS/IP
Bulk IP Geolocation Lookup Bulk IP Geolocation Lookup DNS Lookup DNS Lookup IP Geolocation Lookup IP Geolocation Lookup IP Netblocks Lookup IP Netblocks Lookup Reverse IP/DNS Lookup Reverse IP/DNS Lookup Reverse MX Lookup Reverse MX Lookup Reverse NS Lookup Reverse NS Lookup
Others
Email Verification Lookup Email Verification Lookup Bulk Email Verification Lookup Bulk Email Verification Lookup Screenshot Lookup Screenshot Lookup Website Categorization Lookup Website Categorization Lookup Website Contacts Lookup Website Contacts Lookup
Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Reverse WHOIS Search Reverse WHOIS Search WHOIS History Search WHOIS History Search WHOIS Search WHOIS Search Reverse DNS Search Reverse DNS Search Domain Availability Check Domain Availability Check
Monitoring
Domain Monitor Domain Monitor Registrant Monitor Registrant Monitor Brand Monitor Brand Monitor
White-Label
Domain Research Suite Domain Research Suite Brand Monitor Brand Monitor
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Enterprise Data Feed Packages
Enterprise Data Feed Packages

Downloadable domain, IP, and DNS datasets for efficient and unrestricted access to all of our intelligence sources within your network perimeter.

Enterprise Tools Packages
Enterprise Tools Packages

Access to our domain and threat intelligence tools in combo with package discounts for enterprise and government customers.

Enterprise Security Intelligence Packages
Enterprise Security Intelligence Packages

Packages designed to augment commercial and in-house security platforms, support managed security services, and facilitate investigations.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

Threat Intelligence Analysis
Threat Intelligence Analysis

Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.

Threat Intelligence APIs
Threat Intelligence APIs

Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.

Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.

×
Solutions
  • Cyber Security
  • Brand Protection and Law Enforcement
  • Market Research & Business Intelligence
  • Fraud Enforcement and others
  • ×
    • Cyber Security Data Solutions
    • Anti-Typosquatting & Cybersquatting Solutions
    • Attack Surface Management (ASM) Solutions
    • Cyber Threat Hunting
    • Digital Forensics and Incident Response
    • Security Information and Event Management
    • Managed Security Service Providers
    • Security Operations Centers
    • Third-Party Risk Management (TPRM) Solutions
    • Threat Intelligence Solutions
    • Anti-Typosquatting & Cybersquatting Solutions
    • Brand Protection Solutions
    • Law Enforcement Solutions
    • Domainer Solutions
    • Marketing Research & Business Intelligence Solutions
    • Registrar Solutions
    • Fraud Detection Solutions
    • Investment Fund and Banking Solutions
Resources
  • About Us
  • Success stories
  • White papers
  • Media partnership
  • Partnerships/Integrations
  • API status
  • Blog
  • Webinars & Podcasts
  • Enterprise Blog
  • Knowledge base
  • Enterprise knowledge base
  • Terms of Service
  • Privacy Policy
  • Support services
  • Integration services
  • Core product portfolio
  • Security Intel Exchange Program
Contact Us
Login Sign Up Order now
Blog home

Post navigation

Previous | Next

Why You Should Add Email Address Validation to Your Email Security Best Practices

Posted on February 7, 2020 by admin
Why You Should Add Email Address Validation to Your Email Security Best Practices

Despite the emergence of instant messaging platforms, email is still the king of digital communication, particularly in the professional and business world. The number of email users globally is expected to reach 4.3 billion by the end of 2023, which accounts for more than half of the world’s population. Also, the total number of emails sent and received every day is forecasted to rise to 347.3 billion by 2023.

Probably because of its vast userbase, email is also a common cyberattack vector. For instance, some 65% of cybercriminal groups use phishing as their primary infection vector, and almost 60% of IT professionals view phishing as a top security threat.

Spamming is another way by which threat actors enter an organization’s IT network. Spam emails are not only annoying, but they can also be dangerous as they may carry ransomware and other malware.

With that in mind, email security has become a top priority for organizations. And among the email security best practices is email address validation.

Email Address Validation as a Security Practice

Email address validation is the process of verifying the validity of an email address to make sure that the intended recipient receives the message. The process is commonly employed by email marketing professionals to reduce bounce rates and increase delivery rates. As part of this, one tool that they may find useful is Email Verification API.

Aside from checking email address validity, however, Email Verification API can also be used to spot and restrict the access of potentially dangerous email addresses to an organization’s network. As an email security mechanism, it can filter out potential bad actors that use disposable addresses or homograph attack methods. And that, ultimately, mitigates email-based threats that could have dire consequences.

Effects of Email-Based Attacks

In a Barracuda study, IT stakeholders discussed the impact of email security attacks on their company. Below are the findings of the report:

  • Loss of employee productivity – 48%
  • Downtime and business disruption – 36%
  • Hurts the reputation of the IT team – 28%
  • Recovery costs – 20%
  • Loss of sensitive, confidential, or business-critical data – 16%
  • Direct monetary loss to cybercriminals – 10%

Overall, only 26% of the respondents said email security attacks had no impact. As such, email security is an essential component of an organization’s overall IT security. Let’s look at two cases to explore this point further.

Clamping Down on Users of Disposable Email Addresses

People may use disposable email addresses so they won’t have to give out their real ones when taking advantage of freemium features. Aside from this purpose, however, disposable or temporary email addresses are also used by cybercriminals. Fraudsters can use temporary email services to create an account on your website, chat with customer support representatives, and access documents and pages that may give them insights on your overall IT infrastructure.

These temporary email addresses can also figure in phishing campaigns, which are difficult to trace as most disposable email service providers offer features that allow messages to self-destruct after a certain period.

Let us take a look at an example. We generated a temporary email address on GuerillaMail, a service provider of disposable email addresses. The disposable email address was [email protected][.]la.

Generated a temporary email address on GuerillaMail

We ran the email address on Email Verification API, and as expected, the tool detected that the email address is disposable (disposableCheck>true).

Ran the email address on Email Verification API

By preventing users with disposable email addresses from reaching your corporate inbox, you minimize the risk of threat actors gaining access to your website.


Detecting Homograph Attacks Masquerading as Typos

By definition, homographs are two or more words that are spelled the same but may have different pronunciations or meanings. The word “bow,” for example, can mean to bend the upper part of the body to greet another person, but it could also refer to a weapon used for shooting arrows. And it looks like fraudsters have found a way to use homographs in cyberattacks, too.

Since the Internet Corporation for Assigned Names and Numbers (ICANN) allows the use of non-Latin characters in domains, threat actors can potentially use homographs in their phishing campaigns. All they have to do is replace a character with a confusable one and pretend to be someone else. In a research paper proving that homograph attacks work, the researchers included their final list of confusable characters:

The researchers included their final list of confusable character

On the top row are the Latin characters. The succeeding rows show their confusable Unicode character counterparts.

Consider a scenario where phishers want to masquerade as someone from the accounting department of a company’s supplier. They can just register a domain that replaces any character in the supplier’s domain name with a confusable character, and send an email requesting for payment.

For example, bad actors can masquerade as midtownsupplier.net by replacing “t” with its Cyrillic equivalent, “т” so it becomes midтownsupplier[.]net. Such a domain can be bought with certain registrars:

Such a domain can be bought with certain registrars

At its simplest form, a homograph attack makes use of alphanumeric characters so that google.com becomes g00gle[.]com. In our illustration above, the “o” in midtownsupplier.net can also be replaced with “0”, thus becoming midt0wnsupplier[.]net.

Email Verification API can detect such misleading typos.

In short, while email remains a significant platform of communication, it is also a very common cyberattack vector. Organizations must, therefore, think through their current email security posture and include every possible process that can better protect them.

Email address validation using Email Verification API should be among a company’s email security best practices as it can help filter out potentially malicious emails used by hackers, spammers and phishers.

image_pdfDownload PDF version of this blog post

Related posts:

  • How to Check If an Email Address Exists Using DNS MX Records, SMTP Connections, and Email-Sending Emulation
  • 6 Compelling Reasons Why You Should Check Email Address Owners and Other Email Security Tips
  • Key Features Your Email Validator or Verifier API Should Have
  • Is This Email Address Valid? Here Are 5 Ways to Check and Why It Matters

Posted in: Cyber Security / Products / Solutions / Tips & Tricks / Tools


Tags: Disposable email account checker / email address checker / email address syntax checker / email address verifier / email validation api / email verification / email verification api / admin


Bookmark the permalink

follow us in feedly

Blog home

Post navigation

Previous | Next

APIs

  • WHOIS API
  • Domains & Subdomains Discovery API
  • Domain Availability API
  • Brand Alert API
  • Bulk WHOIS API
  • DNS Lookup API
  • Domain Reputation API
  • Email Verification API
  • IP Geolocation API
  • IP Netblocks API
  • Registrant Alert API
  • Reverse IP/DNS API
  • Reverse MX API
  • Reverse NS API
  • Reverse WHOIS API
  • WHOIS History API
  • Screenshot API
  • Subdomains Lookup API
  • Website Categorization API
  • Website Contacts API

Data feeds

  • WHOIS Database Download
  • ccTLD Historic WHOIS Database Download
  • IP Netblocks WHOIS Database
  • DNS Database Download
  • All Registered Domains
  • IP Geolocation Data Feed
  • Newly Registered Domains
  • Newly Created Websites
  • Real-time Domain Registration Streaming
  • Threat Intelligence Data Feeds
  • Website Contacts & Categorization Database
  • Disposable Email Domains Data Feed
  • Subdomains Database Download
  • Typosquatting Data Feed
  • US Internet Retailers Database

Domain Research & Monitoring

  • Domain Research Suite
  • Domain Monitor
  • Registrant Monitor
  • Brand Monitor
  • Reverse WHOIS Search
  • WHOIS History Search
  • WHOIS Search
  • Reverse DNS Search
  • Domain Availability Check
  • Domains & Subdomains Discovery
  • Bulk WHOIS Search
  • Bulk Email Verification
  • IP Geolocation Lookup

Enterprise packages

  • Enterprise API Packages
  • Enterprise Data Feed Packages
  • Enterprise Tools Packages
  • Enterprise Security Intelligence Packages

Custom solutions

  • WHOIS API Software Package
  • Registrar WHOIS Service
  • Internet Statistics Reports

Cyber-security research

  • Threat Intelligence Platform
  • Threat Intelligence API
Mobile App

Need access to whois data on the go?
Install our application on your device!

By subscribing, you agree to the Terms of Service and Privacy Policy.

Three-year growth 1,640% Three-year
growth 1,640%
TOP IT services
companies
© 2014 — 2021 WHOIS API, Inc. All rights reserved.
Terms of Service Privacy Policy Payment security and policy Partnerships/Integrations
Domain tools site recommended by Domaining.com