Thursday, 23 February 2017

Email On Deck domain updates

Email on Deck is a service providing disposable email addresses

Disposable, or 'burner' or temporary or transient... email addresses are those that exist for a short period of time and enable a user to sign-up for a service and disappear into the ether.

We've written before about how Email On Deck domains are on the SpamHaus block list. SpamHaus is the world's most widely used anti spam service. We're not alone in disliking Email On Deck. The briefest of online searches today returns information linking Email on Deck with scam sites and revoked business licences.

But why is it that we take such a dim view of disposable email addresses? And Email on Deck in particular? And what are we doing about it?

Why the dim view of disposable email addresses ?

These are the the reasons why people use disposable email addresses;

1. Signing into a forum to be untraceable
2. Staying anonymous online to 'prevent spam'
3. To commit credit card fraud

From our extensive experience of validating email addresses, spotting patterns and considering the outcomes of disposable email address usage, we make a direct link between use of disposable email addresses and bad actions.

We provide services to clean lists and remove DEA's and also to prevent them being entered online in real-time via our API. In addition, we share a free DEA detector tool. 

Email on Deck provides disposable email addresses on ever-changing domains.

If you are trading online and trying to prevent fraudulent use of your services you need to be able to filter disposable email addresses. We recommend you don't have disposable addresses cluttering up your mailing lists - and you certainly don't want to trade with anyone who doesn't want to hang around for more than a few minutes...

Unless you are really into email address detection, it's hard to stay up to date with domains that are used for temporary email addresses.

So here is what we are doing about Email on Deck

Luckily, we get a kick out of trapping DEA domains. We trace, we watch, we learn and we add domains to our list and flag them to our real-time users. All Email Hippo customers (and the wider email validation community) benefit from our pro-active hunting of Email on Deck addresses.

Here's today's new domain.

We'll keep posting them.

Read our post about Email on Deck and SpamHaus
New to email validation? Learn more about what we look out for as 'tells' to identify how deliverable an email address is.

Monday, 20 February 2017

The EU-US Privacy Shield and Email Hippo

What is the EU-U.S. Privacy Shield? 

This is a Privacy Shield explanation for readers who don't want to get bogged down in legal jargon and follow trails of crumbs through some p-retty dry articles. We have gone through the pain so you don't have to.

You'll find links to more technical and detailed explanations at the foot of this article. If that is your thing, please scroll down and tuck in. If not, read on.

The EU-U.S. Privacy Shield is the framework that enables firms to transfer personal data legally from the European Union to the United States. Firms in the USA that move personal data from Europe into the USA are invited to voluntarily participate and join the Privacy Shield Program.

It came into existence in July, 2016, replacing the 'Safe Harbour' framework that had been doing the job previously.

There is a separate Swiss-U.S. Privacy Shield Framework that covers transferring data from Switzerland to the USA. That came into existence in January 2017.

Why does the EU-U.S. Privacy Shield exist?

Basically, to help the digital economy grow, to improve trade and to increase security.

Back in 2012, The European Commission raised concerns about the security of personal data of European Union citizens being transferred to the USA. The European press reported on areas of disagreement between legislative attitudes to protecting personal data. The prevailing attitude was and still is, that in Europe, data privacy laws are more stringent than in the US.

The European Court of Justice rejected the existing 'Safe Harbour' framework. Stories about social-media data storage and transfer, preceded news of subsequent US eavesdropping activities. This did little to help create a feeling of 'common ground.' In fact Facebook ended up in court in Ireland, so it's fair to see the governments weren't seeing eye to eye on this one.

Does the EU-U.S. Privacy Shield affect Email Hippo then?

Nope. Email Hippo is a UK company so we don't need to participate in the Privacy Shield.

But we thought you might want to know more about how we deal with personal data that is uploaded to our servers for validating.  Especially as most of our customers are companies in the USA, so they might be familiar with Privacy Shield participation and think of it as a sign of reassurance in a data partner.

We have servers in the cloud worldwide, stacking, moving and returning results to our customers. We shave nanoseconds off our times by using servers in many locales. However; and it's a shiny good however; all the data is processed in the EU. Which is a good thing as it shows that we are working within the codes of practise in a more stringent environment. It also helps US companies who need to have international email addresses checked and can't be sure if they are EU or US or elsewhere.

Is an email address personal data?

A paragraph defining personal data

Oooh. Good question. And a moot point.
Personal data is essentially information that is designed to be processed and can identify a living individual.
So can an email address on its own identify a living individual? Yes? No?
Obviously role based email addresses can't identify a living individual, gives no personal information. But what about That's personal.

So that's why we take personal data privacy very seriously. Every email uploaded to our service could be personal data. From time to time customers send us extraordinary amounts of personal data that is far and above simple email addresses. In the interests of security, compliance and frankly, just good manners, we have created a framework of extremely secure best practise that we adhere to.

That framework begins with a combination of Microsoft Azure and Amazon Web Service (AWS) security. In addition our discrete EU data center is protected by security that is at least at Azure and AWS enterprise level.

It ends with our ISO 27001 certification. Our information and security management systems are certified to this internationally recognised compliance level.

So we deal with data, safe in the knowledge that we are operating within a secure framework, compliant with the most stringent data law levels on the planet.

You can trust us with your data.

If personal data security is important to you and you'd like more information, please let us know.

You can read about Amazon Web Service security here

Learn about Microsoft Azure enterprise security standards

The EU-U.S. Privacy Shield is described in detail on this US Government site.

Whilst this site outlines the legal and social processes leading up to the failure of the Safe Harbour framework and subsequent development of the Privacy Shield.

If you need to participate in the Privacy Shield you can register here.

For more information about Email Hippo privacy and ISO 27001 read here

Friday, 20 January 2017

Information security systems in the email validation industry ISO 27001

Email Hippo has raised the standard for the email validation industry

Great news!

ISO 27001 is an international standard that’s the cornerstone of best practise for information security.

Our information security management systems are now ISO 27001 certified. That means we offer ‘best of breed’ systems on an international level and that we are committed to maintaining and continually improving our systems.
To gain the certification we had to align with the most stringent standards. Our information security management systems have been audited in detail by an independent authority.

So why did we put ourselves through the challenge? To show that we are different. And better.

We sit proudly alongside just over 10,000 companies in Europe that have taken the time, effort and expense to invest in their information security systems and attain this standard. Better than that, we’re one of only 2 companies providing a standalone email checking service that is ISO 27001 certified. (The other guys are an awful lot bigger and cost an awful lot more☺.)

At Email Hippo we’re committed to offering our customers ‘affordable excellence’.

It’s a proper ongoing commitment that’s at the centre of everything we do. That’s why we have taken the time, effort and expense to become certified to an ISO 27001 standard. We make excellent email validation accessible to all companies, whatever their scale by keeping our standards high and our prices realistic.
This day and age, with data breaches and identify theft making daily headlines, you need to be sure you can trust any company that has access to your data. But when you’re choosing an email validation supplier it can be hard to make ‘like for like’ comparisons. The industry is full of technical jargon and because email checking is usually delivered online, you rarely get to meet the people who will be involved. You can't look people in the eye, yet you are required to trust them with your data.
Our new accreditation is proof that your data is being treated with respect, that our systems are robust and that you can trust us.

ISO 27001  - the little logo that is a big deal to Email Hippo.

Monday, 28 November 2016

Data we supply about your emails

What do we tell you about your emails?

Email Hippo customers have different reasons for using our services, so the information we provide about the emails we check is important for different reasons.

Here's a quick spin through the end-points that we report on.

One Time Lists

One Time List Dashboard options
When you send us a list of emails we take great care to give you your data back in the same order it arrived in. We simply add 5 columns to the end of your data. The columns show you the following;

1. Confirmation of the email address we checked
2. Status (OK / Bad  / Unknown.)
3. Additional status information
4. Domain country code
5. Mail server country code

These 5 columns give you the information you need to clean your email lists. In addition it helps you cross check the location of domains and mail servers, which may be useful information to you commercially.

Emails verified using Realtime API

Customers using our API to check emails receive additional information about each email address.
The columns are;
Realtime API Dashboard options
1. Confirmation of the email address we checked
2. Status (OK / Bad  / Unknown.)
3. Additional status information
4. Role (is the email address role based, e.g.
5. Free (is the email from a free email provider)
6. Disposable (is the email a disposable email address)
7. Domain  - the domain of the email address
8. User - named user

This information helps indicate whether the email is from a trustworthy source. Information about free and disposable email addresses is often used by our customers to filter against potential fraud. It's also valuable to indicate the quality of an email list.

Both sets of services are available to all our customers from their dashboard.

For all lists, we provide dynamic, useful reports that give visual information about your list and the characteristics of the email addresses.

Our development process includes further end-point reporting, to ensure the information we give helps customers make informed business decisions. We're especially active in developing end-points that help customers counter fraud. If fraud is a concern for you, please stay tuned for news of our upgrades and updates. We are doing lots of things that you will like...

If you're curious about the additional information we provide for each status, read about our codes here.

Wednesday, 16 November 2016

EmailOnDeck Blacklisted in Spamhaus

Popular Disposable Email Address Provider Blacklisted

Email Hippo Dislikes DEAs

It's no secret that Email Hippo considers Disposable Email Address (DEA) services as dirty and risky (especially for online merchants subject to card chargeback fraud). For more information on DEAs, including a free online tool to check for Disposable Emails, see here.

Spamhaus Agrees

It seems that the worlds most widely used email anti-spam system agrees with Email Hippo it it's views on Disposable Email Address providers!

During pre-production testing for our soon to released Version 3 email verification API, we received and interesting assessment from Spamhaus on the current (as of November 16th 2016) EmailOnDeck alias domain.

SpamHaus Assessment of EmailOnDeck Alias domain - 11/16/16

It seems that SpamHaus takes a dim view of email services promoting scam material.

On a recent visit to, we received a pop-under screen promoting a well known "binary options" scam. Screen shot below:

EmailOnDeck promoting Scam Binary Options

For more info on the "Oxford Method" scam, see

More About EmailOnDeck

EmailOnDeck is a DEA provider. It prides itself on being evasive to detection. From the EmailOnDeck FAQ:

How is this different from other temporary email sites?
The short answer is this service was created by a team of professionals that know how email systems work.  It's pretty trivial for most websites to detect whether an email address is temporary or not.  When websites know your email address is temporary, they can block you from signing up with their services.  EmailOnDeck makes it very difficult for websites to recognize our email addresses as temporary.
Your emails are only viewable by you. Other temporary email address services allow anyone who knows your email address to view all your emails.
Does it work?
Yes!  We pride ourselves on giving you email addresses that work on all sites and apps.  If you ever come across a site that doesn't allow you to use our email address, please tell us.
*NOTE: Sometimes sites will claim an email address is "invalid" or "already registered" but really what they are doing is blocking you from their site by either your IP address or cookie.  Please try from a different IP address and clear your cookies, local storage and cache if our email address doesn't seem to work.
If you have tried the techniques above and it still won't work, please let us know and we'll investigate as soon as possible. 

EmailOnDeck rotates its domains roughly every 48 hours to avoid detection.

Email Hippo & Spamhaus Vs EmailOnDeck

Email Hippo is already identifying EmailOnDeck domains. As of 11/16/16, it seems that spamhaus taking the issue seriously too.


Firstly, please do not fall for the scams promoted at EmailOnDeck.

Secondly, Email Hippo is already working on the significant task of enhancing the tracking and identifying DEA providers. Our list of DEA providers is already substantial and engineering is now underway to implement a system that automatically tracks / identifies DEA providers and the many domains / sub-domains that are used by DEA providers to try to cover their tracks.

Dislike DEA's as much as we do? Email Hippo has your back with a bunch of engineers working on the DEA problem right now.

Contact us for more information to learn more about enhanced DEA detection.

Thursday, 20 October 2016

Omnivore warning from Mailchimp. Account Issue. What to do to get back on track.

Looks like there's a problem? Learn how to solve Mailchimp's Omnivore warning issue with email list cleaning

Mailchimp is great. It enables thousands of companies to send effective email marketing campaigns. We're big fans. Mailchimp may be annoying you right now for giving you an error message that sounds like a bear may come and get you, but please, hang in there.

This article contains four steps explaining how to go about cleaning your email address list so that you get passed Omnivore when you resubmit it.

As you are trying to load up data to Mailchimp we'll be talking to you as if you are a marketer, or someone who makes decisions about how your company communicates with the outside world. We think we've steered away from being too techy and where terms might need explaining we've provided links.

At the end there is more information about the likely reasons why Omnivore will have said "no" to your data. Just in case you're interested.

All you need to do to satisfy the Omnivore artificial intelligence system is clean up your email address list and resubmit it.

How to please Omnivore? Here's what you should do

Mailchimp's Omnivore System protects Mailchimp from bad data. Image is  a trademark of Mailchimp.

Step 1 - Use an Opt In Email Address List and proper names

Your goal is to have a list of email addresses from people who have double-opted in. (Not sure what double-opt in is?) If you are marketing B2B your email address list will be better for Mailchimp is it includes real names rather than anonymous job title addresses. Omnivore doesn't like some job title emails as they get out of date quickly. If your list contains  admin@ and support@ addresses they will be blocked by the Omnivore.

If you don't collect email addresses through a double opt-in process,  you should take steps to change the way you gather your email address data. This will benefit you in all sorts of ways in the long run, including saving costs, improving returns and improving customer satisfaction.

If you are happy with the way your data has been collected and you simply want to clean it and try uploading it to Mailchimp again you'll need to identify all the bad email addresses in your list and remove them. You'll need some help with this from an email validation company.

Email validation companies take email addresses and check each one to make sure it is deliverable. No reputable email validation company does this by actually sending an email to the people on your list. They simply "ping" an email address behind the scenes to verify it. There are a few email verification companies to choose from and they all provide services online.

But wait. What NOT to do

If your list is small, say, less than a thousand addresses, you might be tempted to save a few dollars and send a quick email through your usual email service provider,( ESP) inserting all the email addresses on your list into a BCC field and asking recipients to respond if they want to stay on your list. You could then use all the bounce backs and undeliverable messages to delete the bad email addresses from your list  - right? WRONG. Don't do this. You run the risk of having your ESP prevent you from sending any more emails.

Step 2 - Clean your emails using cloud-based software services

Whatever the size of your list, go online and look for "email address validation."  There are companies (like us) who will validate your email addresses and tell you which ones are OK to use and which ones are bad. Some will also tell you which addresses they just aren't sure about. No company should delete any addresses from your list. Use a company that will return your list intact, with added information to show which email addresses are good, bad or unknown.

Of course we'd like you to use our services because we know how good we are. We validate about 10,000,000 emails a day and we're excellent at it. We're the only people who can validate Yahoo addresses, so if you have lots of those it makes sense to use us. But you have choices. Generally speaking, with any email validation company you upload your email list, it is validated and returned to you with each address verified so that you can identify and remove the bad ones.

As a guide, every email address should take less than a second to check. The site you use to validate your list should offer a guarantee of at least 98% check rate. Remember, your data is an asset, so be careful who you give it to.

Verifying your email addresses is not generally expensive. As with everything, services vary and prices change. To give you an idea of what to expect, we're talking tens of dollars for tens of thousands of email addresses.

Less than 200 email addresses to check?

If you have just a few emails there are a couple of sites where you can upload them one by one to check. At Email Hippo we let you check up to 100 addresses for free and you can upload them all at once so it's easier than one by one by one...  You can also see our prices here and find out how easy it is to use our products.

Step 3 - Clean your list

Your emails will be returned to you validated. You'll need to clean the bad ones out. We can't cover off every system here but if you receive your list back and import it into an Excel or Access file, you simply need to sort the data and remove the addresses that are marked as bad. If you aren't sure, ask for help from your email validation company.

Step - 4 Get back to Mailchimp with your head held high

Once you have cleaned your list, removing all the addresses that aren't OK, you will be able to go back to Mailchimp and upload your revised list. As long as you've had your list validated well, Mailchimp will be happy and Omnivore will leave you alone. Phew.

Read on if you want to understand why Omnivore shut the door on your list

Something that we really like about Mailchimp is that in this world of spam traps, stale lists, black lists and bounces, Mailchimp is holding the fort and trying to keep things clean. Just like us.

You've seen an Omnivore Warning because the email address list you tried to upload simply isn't good enough for Mailchimp to use. Your list probably contains old addresses that are out of date. (Did you know that within a twelve month period, an average of 40% of email addresses will become invalid?) It might contain addresses that have bad syntax, job titles instead of names, or email addresses that have been flagged as spam-traps. (What's a spam trap?)

You might be thinking that Mailchimp is being picky and is out to get you. Not so. Mailchimp is just trying to stay out of trouble so that it can keep on helping people send better emails.
When emails are sent that have high bounce rates, (think of them "bouncing" off in-boxes instead of getting delivered into them) the email service provider responsible for mailing to the bad email address has done a bad thing. If this act of trying to deliver to bad email addresses continues, Mailchimp (or any other email service provider you use) could end up suffering by being blocked.

What does being blocked mean?

To be blocked is to be stopped by the internet police and prevented from sending emails. Imagine if Mailchimp got blocked. It wouldn't be able to send any emails, this would damage the company and also impact other people like you who use Mailchimp for a great service. Mailchimp exists to help people send better emails. It puts its' chimpy reputation on the line every time it sends an email on behalf of someone else. That's why Omnivore is the ultimate gatekeeper, it helps make sure Mailchimp stays in business.

By cleaning your email address list you can help Mailchimp stay clean whilst delivering your email messages.

Want to know more?

If you'd like to know more about cleaning your email address lists please get in touch. We are always happy to share what we know.

Was this useful? Is there anything else on your mind?
If this was useful, please share. If you think we can help with anything else, just ask. Always happy to give Hippo Help.

Useful links:
What is double opt-in? Forwarding you to the Direct Marketing Association. Lots of marketing articles to read here.
What is a spam-trap?  Forwarding you to What is My IP Address, information about tech stuff explained.
What is Omnivore? Sending you back to Mailchimp to read a bit more about Omnivore
What do you mean - "ping" an email address? A step by step article for technical people who want more information about how email verification works.

Monday, 10 October 2016

UCEPROTECT. Email Hippo views and update to our services

UCEPROTECT blacklisting

We have worked in the email business for many years and have frequently come across for a variety of reasons.

The company creates and maintains a black-list of IP addresses. It charges for removal from the list.
As a spam filter service it is falling in popularity, but domains associated with it remain live and individuals and companies continue to have their IPs black-listed as result of mailing to these domains.

We have knowledge of Uceprotect contacting data center(s) to  alert them to apparent user mal-behaviour. Once data centers have been contacted about a supposed spamming activity, the outcome can quickly result in denial of service until the IP is removed from the Uceprotect list.

Although promises are made about automatic, time-related, free removal, we're not so sure that happens effectively within the terms of the Uceprotect published policy.
We think IP addresses aren't always on the list for valid anti-spam reasons.
We disagree with block-listing IPs.
We believe that charging for removal of an IP address is bad practice, and when we hear it called "extortion" we think the hat fits.

We have a list of UCEPROTECT associated domains

For years we've been capturing domains that feed Uceprotect. We have decided to flag to our users if the emails we're validating are associated with Uceprotect. That way people have a choice about whether to mail to those domains.

Soon customers will see these domains flagged in their email reports as specific infrastructure. If you use Email Hippo to check your emails you'll see UCEPROTECT in a similar way to Yahoo, Gmail etc.  We hope this will help save some people from the stress, time and money of trying to delist their IPs from Uceprotect.

If you'd like to remove Uceprotect domains from your email data please keep an eye on our blog. We'll let you know when the service is live. Of course there will be no extra charge for this addition to our service.

You're welcome.