In today’s digital landscape, email addresses are often targeted in data breaches, posing a significant risk to businesses. To help your organization stay vigilant, we’re excited to introduce a new result code to our Global Email Web Service email validation framework – ES37, also known as the “Breach Flag”. This new result code will indicate that an email address has been involved in a data breach at some point in the past.
With the ES37 result code, your organization can quickly flag potentially compromised email addresses, allowing you to either take proactive steps towards tightening security or alerting the email’s owner that their email may be compromised.
The result code will allow for a more seamless integration into any existing result-handling logic your organization has set up. Of course, users can continue to reference the number of breaches for a given email through the ‘BreachCount’ field in the response.
Our breach dataset is multi-sourced, even including dark web scans to identify as many security breaches as possible. We will be continuing to expand our breached email dataset over the coming months.
Key Technical Points:
- ES37 identifies emails involved in past breaches
- BreachCount details the number of breaches an email is involved in
- Breach data is sourced from dark web and multiple reliable sources
The Breach Flag can be beneficial to any business where security is important and fraud is a risk. A throwaway email address is a valuable asset for hackers and malicious parties. They can be used to target both the individual and the associated organization of that email.
Some common attacks and ways to mitigate them are:
- Identity Theft and Fraud
- Proactive monitoring of accounts linked to breached emails.
- Encourage or enforce two-factor authentication for affected users.
- Business Email Compromise (BEC) and Email Spoofing
- Use identified breaches to identify attackers trying to impersonate a trusted individual in a company, or a client.
- Account Takeover and Data Theft
- Alert employees or customers who have been in a breach to take steps for securing their email accounts, such as a password change.
By identifying compromised email addresses through the ES37 Breach Flag, your organization gains early insight into potential risks.
Example Request:
GEWS Request: http://globalemail.melissadata.net/v4/WEB/GlobalEmail/doGlobalEmail?t=&id=&format=json&opt=&email=achancor@hotmail.com
GEWS Response:
{
"Version": "8.4.1.4318",
"TransmissionReference": "",
"TransmissionResults": "",
"TotalRecords": "1",
"Records": [
{
"RecordID": "1",
"DeliverabilityConfidenceScore": "57",
"Results": "ES01,ES07,ES37,ES21",
"EmailAddress": "achancor@hotmail.com",
"MailboxName": "achancor",
"DomainName": "hotmail",
…,
"BreachCount": "1"
}
]
}
Thank you for your attention to this update. If you have any questions or concerns please contact Tech Support at tech@melissa.com or call 1 (800) 800-6245 x4.