Email Verification
Email validation via Device Intelligence
Email verification is part of the Device Intelligence service. There is no standalone email verification endpoint. To validate an email, include the email parameter when calling the Device Intelligence analyze endpoint.
Email verification validates email addresses and assesses their risk level based on multiple factors including deliverability, disposable domain detection, fraud scoring, and abuse history. Under the hood, TrustGate uses a fraud intelligence provider for email validation.
Email Verification Process
┌─────────────────────────────────────────────────────────┐
│ EMAIL ADDRESS │
└─────────────────────────┬───────────────────────────────┘
│
┌─────────────┼─────────────┐
│ │ │
v v v
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Syntax │ │ Domain │ │ Mailbox │
│ Check │ │ Check │ │ Check │
└────┬─────┘ └────┬─────┘ └────┬─────┘
│ │ │
v v v
┌─────────────────────────────────────────────────────────┐
│ RISK ASSESSMENT │
│ Domain age, reputation, fraud history, patterns │
└─────────────────────────┬───────────────────────────────┘
│
v
┌─────────────────────────────────────────────────────────┐
│ VERIFICATION RESULT + RISK SCORE │
└─────────────────────────────────────────────────────────┘
Verify an Email
Email verification is performed by passing the email field to the Device Intelligence analyze endpoint. The endpoint also requires session_id and ip_address, and optionally accepts an applicant_id to associate the result with an applicant.
API Request
curl -X POST https://api.bytrustgate.com/api/v1/device-intel/analyze \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"session_id": "sess_abc123",
"ip_address": "203.0.113.1",
"email": "john.doe@example.com",
"applicant_id": "550e8400-e29b-41d4-a716-446655440000"
}'
Response
The response contains the full device analysis result. The email verification data is in the email_check object:
{
"id": "d4e5f6a7-b8c9-0d1e-2f3a-4b5c6d7e8f9a",
"session_id": "sess_abc123",
"risk_score": 25,
"risk_level": "low",
"fraud_score": 20,
"ip_address": "203.0.113.1",
"ip_check": {
"ip_address": "203.0.113.1",
"fraud_score": 20,
"is_proxy": false,
"is_vpn": false,
"is_tor": false,
"is_bot": false,
"country_code": "US",
"city": "San Francisco",
"isp": "Comcast"
},
"email_check": {
"email": "john.doe@example.com",
"valid": true,
"disposable": false,
"fraud_score": 25,
"recent_abuse": false,
"deliverability": "high"
}
}
Email Check Fields
| Field | Type | Description |
|---|---|---|
email | string | The email address that was checked |
valid | boolean | Whether the email address is valid |
disposable | boolean | Whether the email uses a disposable/temporary provider |
fraud_score | integer | Fraud risk score (0-100, higher = riskier) |
recent_abuse | boolean | Whether the email has been associated with recent abuse |
deliverability | string | Email deliverability assessment (e.g., "high", "medium", "low") |
Risk Factors
High Risk
| Factor | Risk Contribution | Description |
|---|---|---|
disposable_email | +30 | Temporary email service |
known_fraud_domain | +40 | Domain associated with fraud |
spam_trap | +50 | Known spam trap address |
recently_created_domain | +20 | Domain < 30 days old |
Medium Risk
| Factor | Risk Contribution | Description |
|---|---|---|
free_provider | +5 | Gmail, Yahoo, etc. |
catch_all_domain | +10 | Domain accepts all addresses |
role_account | +10 | Generic addresses (info@, admin@) |
no_mx_records | +15 | Domain can't receive email |
Low Risk
| Factor | Risk Contribution | Description |
|---|---|---|
new_email | +5 | No history of this email |
unusual_tld | +5 | Uncommon top-level domain |
Disposable Email Detection
TrustGate detects disposable email providers via its fraud intelligence provider. When a disposable email is detected, the disposable field in the email_check response is set to true.
Common Disposable Providers
TrustGate detects 10,000+ disposable email providers including:
- 10minutemail.com
- guerrillamail.com
- tempmail.com
- throwaway.email
- mailinator.com
- And many more...
Response for Disposable Email
{
"email_check": {
"email": "user@tempmail.com",
"valid": true,
"disposable": true,
"fraud_score": 75,
"recent_abuse": true,
"deliverability": "low"
}
}
Workflow Rules
You can create workflow rules that trigger based on email verification results. Use the workflow rules endpoint to automate actions when emails are flagged.
Block Disposable Emails
curl -X POST https://api.bytrustgate.com/api/v1/workflows/rules \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"rule_id": "block_disposable_email",
"trigger": "email_verified",
"conditions": {
"all": [
{"field": "email_is_disposable", "operator": "eq", "value": true}
]
},
"actions": [
{
"type": "update_status",
"status": "pending_review"
},
{
"type": "request_info",
"info_needed": "Please provide a permanent email address"
}
]
}'
Flag Free Email Providers
curl -X POST https://api.bytrustgate.com/api/v1/workflows/rules \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"rule_id": "flag_free_email",
"trigger": "email_verified",
"conditions": {
"all": [
{"field": "email_is_free_provider", "operator": "eq", "value": true},
{"field": "applicant_type", "operator": "eq", "value": "business"}
]
},
"actions": [
{
"type": "add_flag",
"flag": "personal_email_for_business"
}
]
}'
Next Steps
- Phone Verification - Phone number validation
- Device Intelligence - Device risk assessment
- Risk Signals - All fraud signals