What is ASSESS?
ASSESS is a scalable fraud prevention API for all businesses, from small business to enterprise level. It helps prevent the creation of fraudulent user accounts in apps and online services by checking the email addresses used at sign-up for fraud red flags. Results are then delivered in real time via an API.
Our solution analyses the data behind every sign up, and assigns a numeric risk level to every result. The aggregated results are then produced as a single Trust Score, which businesses can use to identify potentially fraudulent sign-ups and take the relevant action.
Why email address intelligence?
Every email address contains information that should be explored in depth to determine its validity. After checking if an email address is valid, ASSESS gathers more intelligence using functions such as our enhanced gibberish detector and unique sub-addressing filter.
Dark web links, spam history, temporary email addresses, mail provider quality, and many more ‘tells’ all set the scene for fraud, and ASSESS can detect all of these.
What can I use ASSESS for?
At sign-up to ensure that the email address, IP address, first name, last name are legitimate.
Prevent fraud in real time by identifying bots and spam email addresses at sign up.
Reduce manual reviews by automating preventative action, reducing your exposure to fraud.
Why choose Email Hippo’s fraud prevention API?
Easy to deploy
ASSESS is simple to deploy and is supported by clear, comprehensive technical documentation.
ASSESS delivers quick results at scale, with multiple API keys available for unique reporting in any integrated location. Businesses that need a sustained throughput at a high level can also access a dedicated service.
Our ASSESS documentation is comprehensive and we’re always happy to work with you to make sure the tool delivers usable results in every scenario.
Email Hippo’s fraud prevention API features
The Email Hippo Trust Score
The results from multiple data checks carried out pass through our system to produce a single, numeric score. This is the Trust Score and gives you an instant overview of how certain you can be about accepting a sign-up or new email account.
The Trust Score allows you to take automatic action depending on the score level. For instance, you can automatically block risky contacts, trigger manual reviews or show messages to the user asking for further information.
Domain age checker
Recently registered domains sometimes indicate a fraud risk. Often, fraudulent users will create websites that look plausible in order to trick people into believing they represent a real company. ASSESS checks the age of every domain and considers the risk of each.
ASSESS can also check if a domain is associated with the dark web or has been blocked, and find out why this happened. It carries out a deep assessment on domain data, looking at where it was registered, if it has any subdomains, information on infrastructure security and domain location.
Additionally, ASSESS can detect cash-parked domains. These are domains that are parked specifically to generate money from advertising. They are commonly associated with spam and may also be used to run phishing frauds.
Fraudulent users and bots need to work quickly. For this reason, many spam email addresses contain strings of letters and numbers that don’t make sense.
However, identifying gibberish is not a simple task. Genuine email users often have dates and years in their email addresses, and something that looks wrong to the human eye can be difficult for a machine to spot.
ASSESS detects gibberish in both the user and domain elements of an email address. Our gibberish detection has been developed to be the best filter and can correctly identify gibberish at the same level of accuracy as humans.
It’s often difficult to say with confidence whether an email address belongs to a business or a consumer. Our Consumer-Business score gives every email address a score from 0 to 10, 0 being most likely to be a consumer and 10 being most likely to be a business.
User information analysis
If a form includes fields for first and last name, ASSESS cross checks whether the email address and user name have any resemblance to one another. Name data also provides a secondary cross-check as part of detecting gibberish,profanity and intent.
Location and currency checker
Location conflicts can signal risk. They can lead to uncertainty about whether the user is who they say they are. ASSESS considers location points associated with their device IP address and mail server location, while detecting server characteristics such as virtual private networks.
Sub-addressing is the adding of extra detail into an email address. It isn’t necessarily a sign of fraud intent, but it can be. ASSESS analyses the components of a sub-address and determines whether there are any indicators that raise potential risk.
Blocklists are curated by collaborators across the internet, and are shared to allow security providers to filter any fraudulent or malicious activity.
ASSESS cross checks identities with centralised blocklists to filter out risks.
Role-based identities are important to recognise and can create different processes, particularly in situations where there is a potential for voucher or free trial abuse.
ASSESS determines role-based identities in multiple languages.
Getting started: How to use ASSESS
Our fraud prevention API is simple to use, and we have a free trial available so you can see for yourself.
With ASSESS, you can call the email verification API within seconds and our comprehensive documentation offers a wealth of advice on our results and scoring processes.
How can I get an API key?
You can get an API key by signing up for a free trial.
Can I trust Email Hippo with my data?
We pride ourselves on security and compliance, so you can definitely trust us to take care of your data. Read our compliance pages for detailed information and up to date information on our policies.
Is it possible to get blocklisted using your API?
No. The Email Hippo infrastructure does all the work, so you won’t be blocklisted. Nobody will know that you are querying an email address or domain.
How do I call an API?
Once you are signed up, read the endpoint sections of our technical documents to learn more and view the code samples.
For a JSON response, simply make a GET request to the endpoint to call the API.
Will your system slow down during busy periods?
All our infrastructure is hosted in cloud-based platforms that have automatic scaling enabled. This kicks in during busier periods to offer more hardware resources to meet the demand, meaning that the system will not slow down.
Can I get my usage in real time?
Usage information is available in the customer portal.
What if your service says an address is valid, but I know it’s bad (or vice versa?)
Email Hippo queries mail servers in real time, and mail servers respond with one of the following answers to a given email address:
- Yes, the email address exists - SMTP code 2xx
- No, the email address does not exist - SMTP code 5xx
We use these responses to determine if an email address is valid or not, and report it back to you. This process works in more than 99% of cases.
However, in a small number of cases it is possible for a mail server to report one thing on email verification and do something different when trying to deliver an email to the verified address. If it was a temporary error, the result may be remembered by our server in the following few hours.
An incorrect response could be due to an error with the target mail server. This happens only in very rare circumstances.
Online security is core to our offering. Email Hippo helps us stop toxic people at the border.
It was just obvious that the accuracy was far better than anything else we'd experienced and that Email Hippo was a company we could do business with.
We need our emails to be credible and influential. That’s why we’re happy with Email Hippo.