DOCS

Free Email Risk Checker: Score Any Address Instantly

Get a risk grade for any email address in one query. The score combines disposable detection, breach history, domain age, catch-all status, and reputation signals so you do not have to wire them up yourself.
START FOR FREE
CONTACT SALES
Enter an email address to start
Need inspiration? Try
Try
test@abstractapi.com
Check email risk
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Checking
5
You have used all your daily credits
Sign up to get more free validations
Please, input a correct email address
Sign up to get more free validations
Results for
email
Address risk:
Address risk
Domain risk:
Domain risk
Disposable:
Disposable
Suspicious username:
Suspicious username
Domain age (days):
Domain age
Breach count:
Breach count
Get free credits, more data, and faster results
CREATE A FREE ACCOUNT

What is an email risk checker?

An email risk checker scores how likely an email address is to be associated with fraud, abuse, or low-quality signups. Instead of returning a single yes/no answer, it produces a graded risk level (typically low, medium, or high) by combining many signals into one output.

The signals that feed risk scoring are familiar individually:

  • Is the address from a disposable provider?
  • Is the domain newly registered?
  • Does the domain accept mail for any address (catch-all)?
  • Is the username a random-looking string?
  • Has the address appeared in known breaches?
  • Is it on a top-level domain over-represented in abuse data?

None of these signals is enough on its own. A real user might have an address on a free email provider with a random username. A fake user might have an address on an established domain that looks legitimate. The risk grade comes from how the signals combine, not from any single one.

How email risk scoring works

When you submit an address, the lookup runs four steps:

  1. Format and deliverability check. The tool validates the address syntax, resolves MX records, and runs an SMTP probe. Addresses that fail format or deliverability return a high-risk grade immediately.
  2. Signal collection. For deliverable addresses, the tool collects every quality signal in parallel: disposable status, free-email status, role-address status, catch-all status, suspicious-username heuristic, subaddress detection, domain age, registrar, risky TLD flag, and breach history.
  3. Risk grading. Each signal pulls the score in one direction with a different weight. A disposable domain pushes risk up sharply. An established domain registered ten years ago pulls risk down. A username made of random characters pushes risk up. A name-shaped username pulls it down. The combined output is a grade: low, medium, or high.
  4. Response. The result returns address_risk_status (graded for the specific email) and domain_risk_status (graded for the domain alone), plus all the underlying signals so you can see what drove the grade.

What drives a high-risk grade

The strongest individual signals for high-risk classification:

Disposable email providers. Mailinator, 10MinuteMail, and the long tail of throwaway services. By itself, this signal almost always lifts the grade.

Newly-registered domains. Domains under 30 days old are over-represented in fraud data. The combination of "new domain + non-disposable" is the most common pattern in coordinated fake-account attacks because operators register their own domains to evade disposable blocklists.

Suspicious username patterns. Random-character strings (h7k4j2qx@example.com) and high-entropy patterns are statistically unlikely to be human-chosen. Real users tend to pick name-shaped or word-based usernames.

Risky TLDs. Some top-level domains are over-represented in abuse data because they offer cheap bulk registration with weak abuse handling. The is_risky_tld flag captures the most extreme cases.

Breach history. An address that appears in recent large-scale breaches signals a real but compromised account. Risk scoring treats this as elevated for purposes of credential-stuffing detection but does not push individual signups to high-risk on the breach signal alone.

The grade is the combination, not any one of these on its own. A medium-risk grade means a few signals are firing but not enough for high-risk; a high-risk grade means several are stacked together.

Use cases for email risk scoring

Signup form gating: Block or step-up high-risk signups before they reach your user table. Route low-risk signups through the standard flow, medium-risk through additional verification (email confirmation, payment pre-auth, light identity check), and high-risk to manual review or outright block. This pattern catches most automated fake-signup waves without adding friction for real users.

Payment fraud prevention: Pair email risk with IP risk and behavioral signals at checkout. Email risk by itself is not enough to decline a transaction, but combined with mismatched billing/shipping IPs, brand-new accounts, or unusual cart patterns, it sharpens fraud detection without adding payment friction. Use the grade as one feature in a risk-scoring model, not as a hard gate.

Lead qualification and routing: For B2B SaaS with self-serve signup and an inside sales motion, email risk is a fast triage signal. Low-risk inbound leads from established domains get priority SDR outreach. Medium-risk signups go to automated nurture. High-risk signups (disposable, suspicious username, brand-new domain) are de-prioritized or filtered. This protects sales capacity for the leads most likely to convert.

Abuse pattern detection in existing accounts: Run risk scoring against accounts already in your database, not just at signup. Patterns shift; an address that looked low-risk a year ago can move to medium-risk if its domain hits abuse data later. Periodic re-scoring catches accounts created during a time when the operator's pattern was not yet recognized, and it surfaces clusters of suspicious accounts that signed up close in time with similar signal profiles.

See what the API returns

Every MX record lookup returns a structured JSON response. Here is what a request returns for a domain:

Response parameters

email_address

String
The email address you submitted for analysis.

email_deliverability.status

String
Whether the email is considered deliverable, undeliverable, or unknown.

email_deliverability.status_detail

String
Additional detail on deliverability (e.g., inbox_full, full_mailbox, invalid_format).

email_deliverability.is_format_valid

Boolean
Is true if the email follows the correct format.

email_deliverability.is_smtp_valid

Boolean
Is true if the SMTP check was successful.

email_deliverability.is_mx_valid

Boolean
Is true if the domain has valid MX records.

email_deliverability.mx_records

Array
List of MX records associated with the domain.

email_quality.score

Float
Confidence score between 0.01 and 0.99 representing email quality.

email_quality.is_free_email

Boolean
Is true if the email is from a known free provider like Gmail or Yahoo.

email_quality.is_username_suspicious

Boolean
Is true if the username appears auto-generated or suspicious.

email_quality.is_disposable

Boolean
Is true if the email is from a disposable email provider.

email_quality.is_catchall

Boolean
Is true if the domain is configured to accept all emails.

email_quality.is_subaddress

Boolean
Is true if the email uses subaddressing (e.g., user+label@domain.com).

email_quality.is_role

Boolean
Is true if the email is a role-based address (e.g., info@domain.com, support@domain.com).

email_quality.is_dmarc_enforced

Boolean
Is true if a strict DMARC policy is enforced on the domain.

email_quality.is_spf_strict

Boolean
Is true if the domain enforces a strict SPF policy.

email_quality.minimum_age

Integer
Estimated age of the email address in days, or null if unknown.

email_sender.first_name

String
First name associated with the email address, if available.

email_sender.last_name

String
Last name associated with the email address, if available.

email_sender.email_provider_name

String
Name of the email provider (e.g., Google, Microsoft).

email_sender.organization_name

String
Organization linked to the email or domain, if available.

email_sender.organization_type

String
Type of organization (e.g., company).

email_domain.domain

String
Domain part of the submitted email address.

email_domain.domain_age

Integer
Age of the domain in days.

email_domain.is_live_site

Boolean
Is true if the domain has a live website.

email_domain.registrar

String
Name of the domain registrar.

email_domain.date_registered

Datetime
Date when the domain was registered.

email_domain.date_last_renewed

Datetime
Last renewal date of the domain.

email_domain.date_expires

Datetime
Expiration date of the domain registration.

email_domain.is_risky_tld

Boolean
Is true if the domain uses a top-level domain associated with risk.

email_risk.address_risk_status

String
Risk status of the email address: low, medium, or high.

email_risk.domain_risk_status

String
Risk status of the domain: low, medium, or high.

email_breaches.total_breaches

Integer
Total number of data breaches involving this email.

email_breaches.date_first_breached

Datetime
Date of the first known breach.

email_breaches.date_last_breached

Datetime
Date of the most recent breach.

email_breaches.breached_domains

Array
List of breached domains.

email_breaches.breached_domains[].domain

String
Domain affected by the breach.

email_breaches.breached_domains[].date_breached

Datetime
Date when the breach occurred.

API Endpoint

curl --request GET \
  --url https://emailreputation.abstractapi.com/v1
{
  "email_address": "benjamin.richard@abstractapi.com",
  "email_deliverability": {
    "status": "deliverable",
    "status_detail": "valid_email",
    "is_format_valid": true,
    "is_smtp_valid": true,
    "is_mx_valid": true,
    "mx_records": [
      "gmail-smtp-in.l.google.com",
      "alt3.gmail-smtp-in.l.google.com",
      "alt4.gmail-smtp-in.l.google.com",
      "alt1.gmail-smtp-in.l.google.com",
      "alt2.gmail-smtp-in.l.google.com"
    ]
  },
  "email_quality": {
    "score": 0.8,
    "is_free_email": false,
    "is_username_suspicious": false,
    "is_disposable": false,
    "is_catchall": true,
    "is_subaddress": false,
    "is_role": false,
    "is_dmarc_enforced": true,
    "is_spf_strict": true,
    "minimum_age": 1418
  },
  "email_sender": {
    "first_name": "Benjamin",
    "last_name": "Richard",
    "email_provider_name": "Google",
    "organization_name": "Abstract API",
    "organization_type": "company"
  },
  "email_domain": {
    "domain": "abstractapi.com",
    "domain_age": 1418,
    "is_live_site": true,
    "registrar": "NAMECHEAP INC",
    "registrar_url": "http://www.namecheap.com",
    "date_registered": "2020-05-13",
    "date_last_renewed": "2024-04-13",
    "date_expires": "2025-05-13",
    "is_risky_tld": false
  },
  "email_risk": {
    "address_risk_status": "low",
    "domain_risk_status": "low"
  },
  "email_breaches": {
    "total_breaches": 2,
    "date_first_breached": "2018-07-23T14:30:00Z",
    "date_last_breached": "2019-05-24T14:30:00Z",
    "breached_domains": [
      { "domain": "apollo.io", "date_breached": "2018-07-23T14:30:00Z" },
      { "domain": "canva.com", "date_breached": "2019-05-24T14:30:00Z" }
    ]
  }
}

API Response

Powered by the Email Reputation API · View pricing · See the full API reference

Email risk checker FAQ

What is an email risk checker?

An email risk checker scores how likely an email address is to be associated with fraud, abuse, or low-quality signups. Instead of returning a single yes/no answer, it produces a graded risk level (typically low, medium, or high) by combining many signals: whether the address is disposable, whether the domain is newly registered, whether the address appears in breach data, whether the domain accepts mail for any address, and whether the username pattern looks suspicious. The output is meant to feed risk-scoring systems, not to replace them.

How is email risk scored?

Risk scoring combines multiple independent signals into a single grade. Each signal pulls the score in one direction. A disposable domain pushes risk up; an established domain pulls risk down. A randomly-generated username pushes risk up; a name-shaped username pulls it down. A domain registered last week pushes risk up; one registered ten years ago pulls it down. The Email Reputation API returns two grades: address_risk_status for the specific email, and domain_risk_status for the domain itself.

What makes an email high-risk?

The strongest individual signals for high-risk classification are disposable provider domains, newly-registered domains (under 30 days), suspicious username patterns (random characters, high-entropy strings), known risky TLDs, and addresses that appear in recent breach data. No single signal is enough to mark an address high-risk on its own, but combinations are. A disposable address with a random username on a 7-day-old domain is almost certainly not a real user.

Can a low-risk email still be fake?

Yes. A low-risk grade means the obvious red flags are absent, not that the address is verified real. A patient fraud operator can register a domain, age it for a year, set up SPF and DMARC, and create human-looking aliases that score as low-risk on every automated check. Risk scoring catches the high-volume, low-effort attacks that make up most fraud. For high-stakes flows (payment, KYC, financial onboarding), pair email risk with IP risk, behavioral signals, and identity verification.

How is this different from disposable email detection?

Disposable email detection answers one yes/no question: is this address from a known throwaway provider? Email risk scoring answers a broader question by combining the disposable signal with five or more others (breach history, domain age, catch-all status, role address, suspicious username, risky TLD). The risk grade is what most fraud and abuse systems actually want as input. The disposable flag is one feature inside the risk score, useful on its own only when you specifically want to gate by that single signal.

How accurate is email risk scoring?

Accuracy depends on what you mean by accurate. The risk grade is calibrated to predict aggregate fraud rate, not individual outcomes. A medium-risk grade does not mean a specific address is 50% likely to be fraud; it means the population of medium-risk addresses converts to confirmed fraud at a measurably higher rate than low-risk and a lower rate than high-risk. Use the grade as one signal in a risk model, set thresholds based on your own conversion data, and revisit them as fraud patterns shift.

More email intelligence tools

Disposable Email Checker
Detect disposable email addresses before they enter your database.
Try it free
Domain Age Checker
Check when a domain was registered and how long it has been active.
Try it free
Catch-All Checker
Check if a domain accepts mail for every address.
Try it free
Email Verifier
Check if an email address is deliverable, disposable, or misspelled.
Try it free
MX Record Lookup
Look up the mail servers that accept email for any domain.
Try it free
Explore all Abstract tools
Get started
Need to score thousands of addresses?
stars rating
4.8 from 1,863 votes
The same lookup the tool runs, available as an API. No credit card required.
get free api key
No credit card required