Monday, 13 March 2017

Yahoo! Email addresses - what's happening?

Lately we have a new word in the office.

It's Yah-boo.

Yahoo! is in a state of flux and we've noticed technical changes that have made it impossible to validate Yahoo! email domains within degrees of accuracy that are acceptable to us.

Because of these changes, we're no longer offering to validate Yahoo! email addresses for lists with our special level of accuracy. We pioneered accurate levels of validation for Yahoo! domains, so for now by switching off our specific Yahoo! service, we'll be validating them with a similar level of accuracy as other reputable providers.

An overview of Yahoo! technology in relation to email validation.

You may have heard negative things about Yahoo, regarding wide-scale hacking and security breaches. You may also be aware that Yahoo! has been up for sale, has found a buyer and is going through a process of due diligence.

The business press has been reporting about the purchase of Yahoo! for some time, and as recently as January 2017 there was speculation about whether the brand / company had been devalued so much by security issues that the sale may not complete.

We can only imagine how the double-whammy of high-profile security breaches, resulting in millions of email accounts being hacked, and the process of being on the market has impacted Yahoo! email systems. As close observers to Yahoo! email systems, with patterns and processes noted over many years, we can confidently report that all is not as it was.

If you've got queries about Yahoo! content on your list please let us know.

If you would like to read more about the sale of Yahoo! internet business, check this NPR article out. It's very useful.

Wednesday, 8 March 2017

What's the best way to clean an email list?

Cleaning your email list will help reduce bounce rates and improve deliverability.  If you've never had a list of emails validated the options can be confusing.

Here's a helpful guide to the options out there, the steps to go through and points to consider when having your list cleaned. The article finished with top tips as useful memory joggers.

Choices for email validation

To a great extent, your choices depend on the number of emails you have and how often you need to check them. Consider whether you are cleaning lists from time to time, or checking emails live via an API on say, web forms or a CRM (Customer Relationship Management) system.

A note about free email checks

If you've just got a hundred or so addresses to check once in a blue moon there are free services to use that can save you a couple of dollars.

With all things, you pay for what you get. If the website offering free services looks dubious, move on to another that you can trust. After all, your data is valuable, so don't share it with just anybody. Look for valid security credentials when you choose a provider.

We offer 100 checks free when you register.
Other reputable providers (we rate a handful of companies in this category) also let you check some emails for free, over a period of time. Terms vary; some companies don't really deal with very small lists and ask for a lot of information up front. Have a look around and see what suits you.

From time to time we get customers using our free 100 service to check thousands of emails. It must take ages to manage the process of cutting pasting and building a fresh list. Typical prices across the industry for less than 1,000 emails are $10. So before you spend ages cutting and pasting and validating emails over a period of a couple of weeks, consider if your time is worth $10!

One-off use - or do you need a subscription?

Are you checking a list infrequently, or do you have a rolling programme of regular checks?

One-off services allow you to upload your data and pay a flat fee, based on how many emails are on it.

Alternatively,  you can subscribe to a service for regular use. If you take out a subscription, look for one that lets you change the level and unsubscribe whenever you want, so you don't waste money.

There are differences in fee calculations between providers. Some will charge for the total number of rows on your list, others will give you a price after an initial check has shown whether you have a lot of obvious bad addresses or duplicates. So be prepared to be charged for a slightly different amount than you expect.

Let's explain that in more detail.

A good service provider will run your list through an initial scan, to check for obvious errors. They identify first big stuff first, then drill down into the addresses to check more subtle characteristics.

Syntax errors are very easily detected. For instance, if your 'email address' has no @ signs it isn't an email address. emailvalidation#emailhippo.cog is a syntax error. If it couldn't be an email address to begin with, you shouldn't be charged.

Duplicates are also easy to spot. Don't use a service that charges for duplicates, unless you are savvy enough to de-duplicate your data first.

How do you get your emails to your email validator?
It depends whether you're uploading a list, or using an API.
To be frank, if you need to use an API to check email addresses in real time and you don't know how to do it, you shouldn't be doing it. Hand the job over to someone who knows how to add code to your website / CRM process. An API enables live email validation, which will help stop bad email addresses getting on to your system. It's often used for web forms.

If you need to upload your emails to be checked, you'll need to get your emails into a file. Most providers of email checking services look for files that are .csv types. There's a link here about how to save an Excel sheet into a .csv file as that's a very frequently used path.

The thing that's often overlooked is how to get the data back onto your system. 

If your emails are part of a CRM or sales contact system you'll need to be able to export and import data and be confident with how to cope with changes that may have happened to your system records in the meantime.  The best advice we can give you is to a dummy run with a secondary database. Make sure you understand the import settings before you do this for real.

Customers often upload data that isn't just email addresses, so we have a feature called 'Matchback'. Matchback lets our customers upload an unlimited number of columns (so all sorts of data, not just email addresses) and receive back their data in exactly the same order, with our results appended in extra columns. This makes it easier to load back up into any system. We don't know of anyone else who has a 'Matchback' service.

If you are anxious about downloading, sharing and uploading checked email addresses, take time and do a test run first.

Learn what the results tell you

It's great to have your emails checked - but what will the results tell you?
Make sure you understand what the results are and what the implications are for your decision making. If you're checking emails for a marketing campaign, you need to know what the results are telling you. For example, will you send an email to addresses that are 'Catch-all' and hope that they are opened? The detail for results varies between providers, so make sure the provider you choose gives you enough detail to enable you to tkae decisions. After all, you're checking your emails for a reason, so the results are vital.

Top Tips

  • Check your details - how many emails, how often and why?
  • De-duplicating your list makes sense
  • Look for security certificates when choosing a provider - your data is valuable
  • Do a dry run - especially if you're uploading data into a live system
  • Understand the results and choose a provider that enables you to make decisions

For more reading about our email cleaning results, read this article
Here's a link to a useful article about how to download data from Salesforce 

Thursday, 23 February 2017

Email On Deck domain updates

Email on Deck is a service providing disposable email addresses

Disposable, or 'burner' or temporary or transient... email addresses are those that exist for a short period of time and enable a user to sign-up for a service and disappear into the ether.

We've written before about how Email On Deck domains are on the SpamHaus block list. SpamHaus is the world's most widely used anti spam service. We're not alone in disliking Email On Deck. The briefest of online searches today returns information linking Email on Deck with scam sites and revoked business licences.

But why is it that we take such a dim view of disposable email addresses? And Email on Deck in particular? And what are we doing about it?

Why the dim view of disposable email addresses ?

These are the the reasons why people use disposable email addresses;

1. Signing into a forum to be untraceable
2. Staying anonymous online to 'prevent spam'
3. To commit credit card fraud

From our extensive experience of validating email addresses, spotting patterns and considering the outcomes of disposable email address usage, we make a direct link between use of disposable email addresses and bad actions.

We provide services to clean lists and remove DEA's and also to prevent them being entered online in real-time via our API. In addition, we share a free DEA detector tool. 

Email on Deck provides disposable email addresses on ever-changing domains.

If you are trading online and trying to prevent fraudulent use of your services you need to be able to filter disposable email addresses. We recommend you don't have disposable addresses cluttering up your mailing lists - and you certainly don't want to trade with anyone who doesn't want to hang around for more than a few minutes...

Unless you are really into email address detection, it's hard to stay up to date with domains that are used for temporary email addresses.

So here is what we are doing about Email on Deck

Luckily, we get a kick out of trapping DEA domains. We trace, we watch, we learn and we add domains to our list and flag them to our real-time users. All Email Hippo customers (and the wider email validation community) benefit from our pro-active hunting of Email on Deck addresses.

Here's today's new domain.

We'll keep posting them.

Read our post about Email on Deck and SpamHaus
New to email validation? Learn more about what we look out for as 'tells' to identify how deliverable an email address is.

Monday, 20 February 2017

The EU-US Privacy Shield and Email Hippo

What is the EU-U.S. Privacy Shield? 

This is a Privacy Shield explanation for readers who don't want to get bogged down in legal jargon and follow trails of crumbs through some p-retty dry articles. We have gone through the pain so you don't have to.

You'll find links to more technical and detailed explanations at the foot of this article. If that is your thing, please scroll down and tuck in. If not, read on.

The EU-U.S. Privacy Shield is the framework that enables firms to transfer personal data legally from the European Union to the United States. Firms in the USA that move personal data from Europe into the USA are invited to voluntarily participate and join the Privacy Shield Program.

It came into existence in July, 2016, replacing the 'Safe Harbour' framework that had been doing the job previously.

There is a separate Swiss-U.S. Privacy Shield Framework that covers transferring data from Switzerland to the USA. That came into existence in January 2017.

Why does the EU-U.S. Privacy Shield exist?

Basically, to help the digital economy grow, to improve trade and to increase security.

Back in 2012, The European Commission raised concerns about the security of personal data of European Union citizens being transferred to the USA. The European press reported on areas of disagreement between legislative attitudes to protecting personal data. The prevailing attitude was and still is, that in Europe, data privacy laws are more stringent than in the US.

The European Court of Justice rejected the existing 'Safe Harbour' framework. Stories about social-media data storage and transfer, preceded news of subsequent US eavesdropping activities. This did little to help create a feeling of 'common ground.' In fact Facebook ended up in court in Ireland, so it's fair to see the governments weren't seeing eye to eye on this one.

Does the EU-U.S. Privacy Shield affect Email Hippo then?

Nope. Email Hippo is a UK company so we don't need to participate in the Privacy Shield.

But we thought you might want to know more about how we deal with personal data that is uploaded to our servers for validating.  Especially as most of our customers are companies in the USA, so they might be familiar with Privacy Shield participation and think of it as a sign of reassurance in a data partner.

We have servers in the cloud worldwide, stacking, moving and returning results to our customers. We shave nanoseconds off our times by using servers in many locales. However; and it's a shiny good however; all the data is processed in the EU. Which is a good thing as it shows that we are working within the codes of practise in a more stringent environment. It also helps US companies who need to have international email addresses checked and can't be sure if they are EU or US or elsewhere.

Is an email address personal data?

A paragraph defining personal data

Oooh. Good question. And a moot point.
Personal data is essentially information that is designed to be processed and can identify a living individual.
So can an email address on its own identify a living individual? Yes? No?
Obviously role based email addresses can't identify a living individual, gives no personal information. But what about That's personal.

So that's why we take personal data privacy very seriously. Every email uploaded to our service could be personal data. From time to time customers send us extraordinary amounts of personal data that is far and above simple email addresses. In the interests of security, compliance and frankly, just good manners, we have created a framework of extremely secure best practise that we adhere to.

That framework begins with a combination of Microsoft Azure and Amazon Web Service (AWS) security. In addition our discrete EU data center is protected by security that is at least at Azure and AWS enterprise level.

It ends with our ISO 27001 certification. Our information and security management systems are certified to this internationally recognised compliance level.

So we deal with data, safe in the knowledge that we are operating within a secure framework, compliant with the most stringent data law levels on the planet.

You can trust us with your data.

If personal data security is important to you and you'd like more information, please let us know.

You can read about Amazon Web Service security here

Learn about Microsoft Azure enterprise security standards

The EU-U.S. Privacy Shield is described in detail on this US Government site.

Whilst this site outlines the legal and social processes leading up to the failure of the Safe Harbour framework and subsequent development of the Privacy Shield.

If you need to participate in the Privacy Shield you can register here.

For more information about Email Hippo privacy and ISO 27001 read here

Friday, 20 January 2017

Information security systems in the email validation industry ISO 27001

Email Hippo has raised the standard for the email validation industry

Great news!

ISO 27001 is an international standard that’s the cornerstone of best practise for information security.

Our information security management systems are now ISO 27001 certified. That means we offer ‘best of breed’ systems on an international level and that we are committed to maintaining and continually improving our systems.
To gain the certification we had to align with the most stringent standards. Our information security management systems have been audited in detail by an independent authority.

So why did we put ourselves through the challenge? To show that we are different. And better.

We sit proudly alongside just over 10,000 companies in Europe that have taken the time, effort and expense to invest in their information security systems and attain this standard. Better than that, we’re one of only 2 companies providing a standalone email checking service that is ISO 27001 certified. (The other guys are an awful lot bigger and cost an awful lot more☺.)

At Email Hippo we’re committed to offering our customers ‘affordable excellence’.

It’s a proper ongoing commitment that’s at the centre of everything we do. That’s why we have taken the time, effort and expense to become certified to an ISO 27001 standard. We make excellent email validation accessible to all companies, whatever their scale by keeping our standards high and our prices realistic.
This day and age, with data breaches and identify theft making daily headlines, you need to be sure you can trust any company that has access to your data. But when you’re choosing an email validation supplier it can be hard to make ‘like for like’ comparisons. The industry is full of technical jargon and because email checking is usually delivered online, you rarely get to meet the people who will be involved. You can't look people in the eye, yet you are required to trust them with your data.
Our new accreditation is proof that your data is being treated with respect, that our systems are robust and that you can trust us.

ISO 27001  - the little logo that is a big deal to Email Hippo.

Monday, 28 November 2016

Data we supply about your emails

What do we tell you about your emails?

Email Hippo customers have different reasons for using our services, so the information we provide about the emails we check is important for different reasons.

Here's a quick spin through the end-points that we report on.

One Time Lists

One Time List Dashboard options
When you send us a list of emails we take great care to give you your data back in the same order it arrived in. We simply add 5 columns to the end of your data. The columns show you the following;

1. Confirmation of the email address we checked
2. Status (OK / Bad  / Unknown.)
3. Additional status information
4. Domain country code
5. Mail server country code

These 5 columns give you the information you need to clean your email lists. In addition it helps you cross check the location of domains and mail servers, which may be useful information to you commercially.

Emails verified using Realtime API

Customers using our API to check emails receive additional information about each email address.
The columns are;
Realtime API Dashboard options
1. Confirmation of the email address we checked
2. Status (OK / Bad  / Unknown.)
3. Additional status information
4. Role (is the email address role based, e.g.
5. Free (is the email from a free email provider)
6. Disposable (is the email a disposable email address)
7. Domain  - the domain of the email address
8. User - named user

This information helps indicate whether the email is from a trustworthy source. Information about free and disposable email addresses is often used by our customers to filter against potential fraud. It's also valuable to indicate the quality of an email list.

Both sets of services are available to all our customers from their dashboard.

For all lists, we provide dynamic, useful reports that give visual information about your list and the characteristics of the email addresses.

Our development process includes further end-point reporting, to ensure the information we give helps customers make informed business decisions. We're especially active in developing end-points that help customers counter fraud. If fraud is a concern for you, please stay tuned for news of our upgrades and updates. We are doing lots of things that you will like...

If you're curious about the additional information we provide for each status, read about our codes here.

Wednesday, 16 November 2016

EmailOnDeck Blacklisted in Spamhaus

Popular Disposable Email Address Provider Blacklisted

Email Hippo Dislikes DEAs

It's no secret that Email Hippo considers Disposable Email Address (DEA) services as dirty and risky (especially for online merchants subject to card chargeback fraud). For more information on DEAs, including a free online tool to check for Disposable Emails, see here.

Spamhaus Agrees

It seems that the worlds most widely used email anti-spam system agrees with Email Hippo it it's views on Disposable Email Address providers!

During pre-production testing for our soon to released Version 3 email verification API, we received and interesting assessment from Spamhaus on the current (as of November 16th 2016) EmailOnDeck alias domain.

SpamHaus Assessment of EmailOnDeck Alias domain - 11/16/16

It seems that SpamHaus takes a dim view of email services promoting scam material.

On a recent visit to, we received a pop-under screen promoting a well known "binary options" scam. Screen shot below:

EmailOnDeck promoting Scam Binary Options

For more info on the "Oxford Method" scam, see

More About EmailOnDeck

EmailOnDeck is a DEA provider. It prides itself on being evasive to detection. From the EmailOnDeck FAQ:

How is this different from other temporary email sites?
The short answer is this service was created by a team of professionals that know how email systems work.  It's pretty trivial for most websites to detect whether an email address is temporary or not.  When websites know your email address is temporary, they can block you from signing up with their services.  EmailOnDeck makes it very difficult for websites to recognize our email addresses as temporary.
Your emails are only viewable by you. Other temporary email address services allow anyone who knows your email address to view all your emails.
Does it work?
Yes!  We pride ourselves on giving you email addresses that work on all sites and apps.  If you ever come across a site that doesn't allow you to use our email address, please tell us.
*NOTE: Sometimes sites will claim an email address is "invalid" or "already registered" but really what they are doing is blocking you from their site by either your IP address or cookie.  Please try from a different IP address and clear your cookies, local storage and cache if our email address doesn't seem to work.
If you have tried the techniques above and it still won't work, please let us know and we'll investigate as soon as possible. 

EmailOnDeck rotates its domains roughly every 48 hours to avoid detection.

Email Hippo & Spamhaus Vs EmailOnDeck

Email Hippo is already identifying EmailOnDeck domains. As of 11/16/16, it seems that spamhaus taking the issue seriously too.


Firstly, please do not fall for the scams promoted at EmailOnDeck.

Secondly, Email Hippo is already working on the significant task of enhancing the tracking and identifying DEA providers. Our list of DEA providers is already substantial and engineering is now underway to implement a system that automatically tracks / identifies DEA providers and the many domains / sub-domains that are used by DEA providers to try to cover their tracks.

Dislike DEA's as much as we do? Email Hippo has your back with a bunch of engineers working on the DEA problem right now.

Contact us for more information to learn more about enhanced DEA detection.