Risk Signal: Email Check
Email Verification enables you to assess the risk of email addresses provided by the end user. Email verification is a fundamental risk check that analyzes an email address to provide an overall risk. Email verification, adds email intelligence as a layer of defense to fraud prevention. It assesses risks by evaluating email address metadata points such as domain details, email details, and risk indicators.
Use Case
For those with onboarding and account login workflows, who wish to understand and assess the risks of a given email address.
Supported Credentials
The following values can be uploaded as Prepared Data. Alternatively, they can be extracted by an upstream capability in a workflow.
To use Prepared Data with email verification as a standalone capability use workflow key 10066.
|
Key |
Type |
Mandatory |
Description |
|---|---|---|---|
|
Email address |
String |
yes |
Email Address of Applicant |
Example Prepared Data Body
{
"email": "martin***ng@gmail.com"
}
Response
Response data is available for transactions that include the risk signal. For information on transaction data see Viewing or Retrieving Workflow Transactions.
Example Response
{
"workflow": {
"id": "203cf33c-77f8-443d-ac4d-ad52121f94f8",
"status": "PROCESSED",
"definitionKey": "10066",
"userReference": "abc",
"customerInternalReference": "dd"
},
"account": {
"id": "4363fce6-6197-46e6-9840-39cda6860c97"
},
"createdAt": "2025-05-08T12:45:43.518Z",
"startedAt": "2025-05-08T12:45:51.122Z",
"completedAt": "2025-05-08T12:45:53.801Z",
"credentials": [
{
"id": "a0c4d666-9718-49a0-a120-d259f1cea0a4",
"category": "DATA",
"parts": [
{
"classifier": "PREPARED_DATA",
"href": "https://retrieval.amer-1.jumio.ai/api/v1/accounts/4363fce6-6197-46e6-9840-39cda6860c97/credentials/a0c4d666-9718-49a0-a120-d259f1cea0a4/parts/PREPARED_DATA"
}
]
}
],
"decision": {
"type": "PASSED",
"details": {
"label": "TXN_PASSED"
},
"risk": {
"score": 0
}
},
"steps": {
"href": "https://retrieval.amer-1.jumio.ai/api/v1/accounts/4363fce6-6197-46e6-9840-39cda6860c97/workflow-executions/203cf33c-77f8-443d-ac4d-ad52121f94f8/steps"
},
"capabilities": {
"emailVerification": [
{
"id": "0790a7f1-5ebf-451a-98b1-d6ad60f2ffe0",
"credentials": [
{
"id": "a0c4d666-9718-49a0-a120-d259f1cea0a4",
"category": "DATA"
}
],
"decision": {
"type": "PASSED",
"details": {
"label": "LOW_RISK"
}
},
"data": {
"emailVerificationStatus": "ValidDomain",
"firstVerifiedAt": "2022-07-10T00:00:00.000Z",
"totalHits": "6",
"domainExists": true,
"domainName": "jumio.com",
"domainCompany": "Jumio",
"domainRiskLevel": "LOW",
"domainCreationDate": "2004-03-30T07:07:55.000Z",
"advice": "LOWER_FRAUD_RISK",
"domainCountry": "USA",
"domainCategory": "Technology",
"domainCorporate": true,
"reason": "EMAIL_CREATED_AT_LEAST_YEARS_AGO",
"emailDeterminedStatus": "Not Sure",
"countForReason": 2
},
}
]
},
}
Decision Details Labels
|
Decision Type |
Label |
Description |
|---|---|---|
|
PASSED |
LOW_RISK |
No significant risk is associated with the data. |
|
REJECTED |
HIGH_RISK |
High risk is associated with the data. |
|
WARNING |
MEDIUM_RISK |
Moderate risk is associated with the data. |
|
NOT_EXECUTED |
PERMISSION_DENIED |
Cannot be executed because the required permissions or credentials are missing. Verify your API key and access rights. |
|
NOT_EXECUTED |
BAD_REQUEST |
Malformed or missing required parameters. Ensure that all mandatory fields are included and correctly formatted before retrying. |
|
NOT_EXECUTED |
PRECONDITION_NOT_FULFILLED |
Preconditions were not met to process the data. |
|
NOT_EXECUTED |
TECHNICAL_ERROR |
There was an error in processing the request. |
Data
| Parameter | Type | Description |
|---|---|---|
| firstVerificationDate | date time (UTC) | The oldest date found for records associated with the query. This date can also be considered the First Seen Date. If this is the first time an email is seen by Emailage, the field will be set to the current date. Returned in UTC format. |
| emailVerificationStatus | string | The status of the email generated:
|
| totalHits | integer | Number of times the email address was queried through the risk signal or overall vendor platform in the last 7 days. |
| emailExists | boolean | Indicator of whether or not the email address exists. Possible values: true / false. |
| domainExists | boolean | Indicator of whether or not the email domain exists. Possible values: true / false. |
| domainName | string | The email domain. |
| domainCompany | string | Owner of the email domain. |
| domainRiskLevel | string | Possible values:
|
| domainCreationDate | string | The creation date of the domain. This field may be blank for some queries. Returned in UTC format: YYYY-MM-DDThh:mm:ssZ. |
| advice | string | Serves as a guideline based on the risk associated with the email address. Possible values are:
|
| domainCountry | string | The country that issued the domain. Can be any ISO 3166-1 alpha-3 country code, and XKX for Kosovo. Examples: USA, AUT, GER, FRA. |
| domainCategory | string |
The category of the domain. For example,
|
| domainCorporate | boolean | Indicates if the domain is corporate. Possible values: true / false. |
| emailDeterminedStatus | string |
Uncertainty in determining whether the email exists. This field is included only when the emailExists field has the value Not Sure. Possible Value: Not Sure |
| domainDeterminedStatus | string |
Uncertainty in determining whether the domain exists. This field is included only when the domainExists field has the value Not Sure. Possible Value: Not Sure |
reason_reasonType Values and Descriptions
|
reasonType Values |
Description |
|---|---|
| FRAUD_LEVEL | Describes how many unique customers in the Emailage Network that have marked the email as Fraud. |
| EMAIL_DOES_NOT_EXIST_EMAIL_DOES_NOT_EXIST_ANYMORE | It has been confirmed that the email address does not exist or no longer exists. |
| DOMAIN_DOES_NOT_EXIST | Domain is not found in registry. |
| RISKY_DOMAIN | Domains which have particularly high fraud rate. |
| RISKY_COUNTRY | Email owner location, domain location or IP location coming from a risky country. |
| RISKY_EMAIL_SYNTAX | Certain email patterns that have been found to be associated with fraud. |
| NUMERIC_EMAIL | Email address handle contains numeric email patterns. |
| LIMITED_HISTORY_FOR_EMAIL | Not enough relevant information to determine fraud risk. |
| EMAIL_RECENTLY_CREATED | Threshold for length of time is determined by machine learning algorithms. |
| EMAIL_LINKED_TO_HIGH_RISK_ACCOUNT | Email is connected with high-risk accounts. |
| GOOD_LEVEL | Describes how many unique customers in the Emailage Network that have marked the email as Good. |
| LOW_RISK_DOMAIN | Domains which have particularly low fraud rate. |
| EMAIL_CREATED_YEARS_AGO | Gives the number of years ago the email was created. |
| EMAIL_CREATED_AT_LEAST_YEARS_AGO | Gives the general number of years ago the email was created. |
| EMAIL_LINKED_TO_LOW_RISK_ACCOUNT | Email is connected with low-risk accounts. |
| INVALID_EMAIL_SYNTAX | Email syntax was determined invalid. |
| MAILBOX_IS_FULL | Email owner has exceeded allowable capacity of email service. |
| MAILBOX_IS_INACTIVE | Email address is no longer active. |
| MAILBOX_IS_EXPIRED | Email existed in the past and is no longer available. |
| USER_DEFINED_RISK_DOMAIN | Domains which have been marked as high risk by the company. |
| USER_DEFINED_LOW_RISK_DOMAIN | Domains which have been marked as low risk by the company. |
| VELOCITY_LEVEL | Measures the frequency of queries for a particular email in a short period of time. |
| RISK_DOMAIN_CATEGORY | Domains are grouped into broad categories, like banking, webmail, etc. |
| LOW_RISK_DOMAIN_CATEGORY | Domain categories which have particularly low fraud rates. |
| HIGH_RISK_EMAIL_ACCOUNT | Email has high probability of being associated to fraud. |
| EMAIL_CREATED_AT_LEAST_MONTHS_AGO | Approximate number of months ago the email was created. |
| POTENTIALLY_BREACHED_EMAIL | Email identified as high risk due to exposure/breach. |
| GOOD_POPULARITY | Email is found to have strong connections via social media or other sources. |
| RISK_DOMAIN_CATEGORY_REVIEW | Domain categories which have particularly high fraud rates. |
| TUMBLING_ABUSE | Different variation of the email which points to the same inbox was recently queried. Example: If a.bc@gmail.com was queried before, then ab.c@gmail.com will be considered as tumbled. |
| EMAIL_ENUMERATION_FOR_COMPANY | Multiple email addresses with similar handle patterns were recently queried by the same company. Example: If handle123@yahoo.com, handle+43@yahoo.com queried before, then query handle3@yahoo.com will be considered as an enumerated email. |
| EMAIL_ENUMERATION_FOR_INDUSTRY | Multiple email addresses with similar handle patterns were recently queried by companies in the same industry. |
| CREATION_DATE_VELOCITY | Based on our network activity, we have identi |
| CUSTOMER_EMAIL_NOT_PROVIDED | Emails not provided are sometimes marked with a dummy email so that they can be separately |
| RISK_EMAIL_PATTERN | Certain email patterns that have been found to be associated to fraud based on Emailage Global |
| SUSPECTED_FRAUD | Email was marked as Fraud with the "Suspected Fraud" type. |
| LIMITED_EMAIL_INFORMATION | Limited information could be found for the queried email. |
| DOMAIN_RECENTLY_CREATED | Length of time that domain has been in existence. Threshold for length of time is determined by |
| VELOCITY_OTHER | High velocity of email address usage stated by external data providers. |
| VALID_EMAIL_FROM_DOMAIN | Email exists and is associated to the domain provided. |
| VALID_DOMAIN | Domain Exists |
| LOW_RISK_EMAIL_DOMAIN_FOR_COMPANY | Email domain exists in Risk Pro |
| LOW_RISK_EMAIL_DOMAIN_FOR_INDUSTRY | Email domain exists in Risk Pro |
| LOW_RISK_EMAIL_DOMAIN_FOR_NETWORK | Email domain exists in Risk Profile List with Low Risk at network level. |
| VERY_LOW_RISK_EMAIL_DOMAIN_FOR_COMPANY | Email domain exists in Risk Profile List with Very Low Risk at company level. |
| VERY_LOW_RISK_EMAIL_DOMAIN_FOR_INDUSTRY | Email domain exists in Risk Profile List with Very Low Risk at industry level. |
| VERY_LOW_RISK_EMAIL_DOMAIN_FOR_NETWORK | Email domain exists in Risk Profile List with Very Low Risk at network level. |
| HIGH_RISK_EMAIL_DOMAIN_FOR_COMPANY | Email domain exists in Risk Profile List with High Risk at company level. |
| HIGH_RISK_EMAIL_DOMAIN_FOR_INDUSTRY | Email domain exists in Risk Profile List with High Risk at industry level. |
| HIGH_RISK_EMAIL_DOMAIN_FOR_NETWORK | Email domain exists in Risk Profile List with High Risk at network level. |
| VERY_HIGH_RISK_EMAIL_DOMAIN_FOR_COMPANY | Email domain exists in Risk Profile List with Very High Risk at company level. |
| VERY_HIGH_RISK_EMAIL_DOMAIN_FOR_INDUSTRY | Email domain exists in Risk Profile List with Very High Risk at industry level. |
| VERY_HIGH_RISK_EMAIL_DOMAIN_FOR_NETWORK | Email domain exists in Risk Profile List with Very High Risk at network level. |