Ir al contenido
POST AI agent ready /v1/abuse-email/check

Abuse Email Check API - Detect Throwaway and Suspicious Addresses

Classifies an email address against a list of known disposable providers (mailinator, guerrillamail, tempmail, and 80+ others) and checks the local part for suspicious patterns like all-numeric handles, excessive digits, throwaway keywords, and unusual characters. Returns a 0-100 risk score plus the specific reasons that triggered the flag.

Parameters

stringrequired

Email address to score.

Code examples

curl -X POST https://api.botoi.com/v1/abuse-email/check \
  -H "Content-Type: application/json" \
  -d '{"email":"test12345678@mailinator.com"}'

When to use this API

Block throwaway signups at registration

Call this endpoint when a user submits the signup form. If risk_score is 80+ or is_disposable is true, require a second verification step or reject the signup. Stops the trial-abuse pattern where one user creates 50 accounts with mailinator addresses.

Score leads in your CRM pipeline

Batch-score newsletter and lead-gen signups. Attach the risk score as a field in HubSpot or Salesforce so sales reps can deprioritize disposable addresses without deleting the record.

Flag suspicious account activity

When an existing account triggers fraud rules (multiple failed charges, bulk exports), re-check the email. A previously-clean address that now resolves to a known disposable provider is a signal that the account has been compromised or sold.

Frequently asked questions

How many disposable domains does this cover?
The endpoint checks against a curated list of 80+ well-known disposable-email domains (mailinator.com, guerrillamail.com, tempmail.com, yopmail.com, 10minutemail, trashmail variants, and more). The list focuses on high-volume providers rather than aiming for exhaustive coverage.
What does the risk_score mean?
Scores range 0-100. A disposable-provider domain scores at least 80. Each suspicious local-part pattern adds 10 points on top of a 40 base. A score above 70 indicates the address should not be trusted for product signups without additional verification.
Does this verify the address exists?
No. This endpoint checks domain reputation and local-part patterns only. Use /v1/email-mx/verify to check whether the domain has MX records and /v1/email/validate for syntax validation.
Why does "test1234567890@example.com" score high?
The local part starts with "test" (a throwaway keyword) and contains 10 consecutive digits. Both patterns match abusive signup behavior even when the domain itself is legitimate.
Is the email address logged?
No. The address is checked in memory and discarded after the response is sent. Nothing is written to disk or any persistent store.

Get your API key

Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.

Sign up free View full docs