The Story
Last month, a friend's SaaS got flooded with fake signups. 200+ accounts from disposable emails. Their verification service cost $0.01 per check — $2 per batch, adding up fast.
Then I found EmailRep.io — a completely free API that scores any email's reputation. No API key for basic lookups. One request, instant answer.
The API
Base URL: https://emailrep.io/
curl https://emailrep.io/test@example.com
Response:
{
"email": "test@example.com",
"reputation": "low",
"suspicious": true,
"references": 0,
"details": {
"blacklisted": false,
"malicious_activity": false,
"credentials_leaked": false,
"data_breach": false,
"deliverable": true,
"free_provider": false,
"disposable": false,
"spam": false
}
}
Real Example: Signup Fraud Filter
import requests
def check_email_reputation(email):
"""Check if email is suspicious before allowing signup."""
resp = requests.get(
f"https://emailrep.io/{email}",
headers={"User-Agent": "MyApp/1.0"}
).json()
risk_score = 0
details = resp.get("details", {})
if details.get("disposable"):
risk_score += 50 # Disposable email = high risk
if details.get("spam"):
risk_score += 30
if resp.get("suspicious"):
risk_score += 20
if details.get("credentials_leaked"):
risk_score += 10 # Compromised account
return {
"email": email,
"reputation": resp.get("reputation"),
"risk_score": risk_score,
"allow_signup": risk_score < 40
}
# Test it
emails = ["john@company.com", "temp@guerrillamail.com", "spam@example.com"]
for email in emails:
result = check_email_reputation(email)
status = "✅" if result["allow_signup"] else "🚫"
print(f"{status} {email}: {result['reputation']} (risk: {result['risk_score']})")
Bulk Validation From CSV
import csv
import requests
import time
def validate_email_list(csv_path):
results = []
with open(csv_path) as f:
reader = csv.DictReader(f)
for row in reader:
email = row["email"]
resp = requests.get(
f"https://emailrep.io/{email}",
headers={"User-Agent": "BulkValidator/1.0"}
).json()
results.append({
"email": email,
"reputation": resp.get("reputation", "unknown"),
"disposable": resp.get("details", {}).get("disposable", False)
})
time.sleep(1) # Be nice to the API
clean = [r for r in results if r["reputation"] in ("high", "medium")]
risky = [r for r in results if r["reputation"] == "low"]
print(f"Clean: {len(clean)} | Risky: {len(risky)} | Total: {len(results)}")
return results
Why This Is Useful
| Use Case | How |
|---|---|
| Signup fraud prevention | Block disposable/suspicious emails |
| Email list cleaning | Remove risky addresses before campaigns |
| OSINT investigations | Check if email appeared in breaches |
| Lead validation | Score lead quality by email reputation |
Limits & Alternatives
- EmailRep.io: Free, no auth needed for basic lookups. Rate limit: ~100/day
- Hunter.io: Free tier 25 verifications/month
- Have I Been Pwned API: Breach data (free for individual lookups)
Full toolkit: email-osint-toolkit
More free APIs: awesome-free-apis-2026
How do you handle fake signups? Share your approach 👇
Top comments (0)