EmailRep is a system of crawlers, scanners, and enrichment services that collect data on email addresses, domains, and internet personas.

EmailRep uses hundreds of data points from social media profiles, professional networking sites, dark web credential leaks, data breaches, phishing kits, phishing emails, spam lists, open mail relays, domain age and reputation, deliverability, and more to predict the risk of an email address.


An API key is not required to use the EmailRep API, but using one will afford you higher rate limits than the unauthenticated API. If you don’t have an API key, you can request a free one here.

Specify your API key in the Key header field:

Key: [your api key]
User-Agent: [your app name]

An invalid API key will result in an HTTP 401 response.

User-agent requirements

Each request to the API must be accompanied by a user agent request header. Typically this should be the name of the app consuming the service. A missing user agent will result in an HTTP 403 response. A valid request would look like:

User-Agent: [your app name]

The user agent should accurately describe the nature of the API consumer such that it can be clearly identified in the request. Not doing so may result in the request being blocked.


Rate-limits are enforced using a rolling 24-hour window, not by calendar day. When using an API key, you can determine the number of requests remaining by inspecting either the X-Rate-Limit-Daily-Remaining or X-Rate-Limit-Monthly-Remaining headers, depending on the type of API key you have. Exceeding the rate limit will result in an HTTP 429 response.