top of page

Email Authentication


Email authentication is the process of searching public and private data sources, as well as social network data, to determine the age and association of an email with demographic data provided by a person online. Key considerations when implementing or buying this functionality include:

  • It works internationally.

  • No data or limited data doesn't equal fraud. Not everyone has their emails out on the web, so you won't get hits on everyone.

  • Depending on the service, email authentication lookups may be submitted manually, in batch processing or automatically via an API.

  • The coverage and type of detail a vendor can supply for an email lookup will vary and depend on their data sources. Vendors directly connected to major email domains are likely to have broad coverage whereas vendors utilizing data from private sources and social networks are likely to have more detailed data, but it may not be available for as many email addresses. Vendors may have each of these data sources offering broad coverage but a high level of detail on a smaller percentage.


Email authentication vendors compile data from multiple sources. This can include public data sources, private data sources, email providers and social networks. Private data sources may include utility, cable, telecom and other service providers that have name and email information on file for their customers. Email authentication services may also receive data from premium email providers like AOL and Internet Service Providers (ISPs) as well as free email providers such as Hotmail, Yahoo!, Gmail and others. These data sources may provide information such as when the email address was created, if it is active, and possibly the date of birth and gender provided by the consumer when they created the email. Data from social networking sites may provide more demographic detail as well as a picture and the number of social media connections or friends, depending on the service provider's data sources and partnerships.


Depending on the service, an email authentication vendor may offer a risk score or recommendation based on the email address, they may provide all the detailed information associated with the email address that is available, or they may provide both. Merchants may use this risk score as an additional signal to help determine whether or not to review a transaction.

Services providing all of the detailed information for an email authentication lookup can be very useful for manual review. An email that was recently created or is associated with social network and demographic information that is inconsistent with the customer profile is a signal of increased risk. Alternatively, an email address that is active, has been existence for a long time, has an active social media presence and connections, or is associated with demographic data that matches the customer profile are all indications of decreased risk.

Email authentication is especially useful in industries such as digital goods, where there is no physical shipping address collected and less identity points that be can be used with reverse lookups. It also provides more visibility into a user's identity when an organization either does not want to require consumers to provide a phone number or when many customers may use prepaid phones, frequently move or present other difficulties with authenticating their identities via traditional address and phone lookups.

Using an API service, organizations can use automated response data to determine whether a name, phone number or address associated with an email address matches the information provided by the user online. These signals can then feed into modeling or rules engines.

Using the manual lookup service is intended for organizations while performing manual reviews, and can provide more context and visibility into a user that may allow the review agent or organization to feel confident in accepting the order (or conversely, show signals that the order should be declined).


Email Authentication determines the validity of an email address and associates that email with identity data, such as information on social networking sites and from other public and private data sources.

It has been an ongoing issue that consumers can get free emails easily and quickly. The challenge was to find a way to authenticate that the email is really associated with the profile data a consumer has presented to you.

So how can you really authenticate an email address like Sure you can perform an email verification which will confirm the user has access to that account, but how can you determine if the email really represents the person at your website?

There are services that provide the ability to lookup emails across a number of sources. This can include public data sources, private data sources like utility companies that have an email address on file, email domain providers like Yahoo! and Gmail, as well as social networking sites like Facebook, Instagram, LinkedIn and others.

Compiling this data from multiple sources, email authentication services offer insight into the profile of the person who owns the email as well as the age and status of the email account. 

These services can identify characteristics of an email address that make it suspicious, such as if the email was just created earlier today or if the demographic information associated with the email address is inconsistent with other information the customer provided.



Alternative Solutions - Email Verification or Email Return

Building this In-House - It is possible to perform this manually in-house.

Estimated Cost - Typically this service is offered on a per-transaction basis. This service is usually fairly inexpensive.

Sample Vendors - Ekata, Pipl, Emailage

bottom of page