/
Contact usPricingLog in
    Introduction
    Device Fingerprinting
      Fingerprint Lookup
      Fingerprint Lookup (Deprecated)
      Set Rule
      Get Rules
      Set Verdict Reason Override
      Get Verdict Reasons
      Check Email Risk
    Errors
      Overview
      Error object
      400
      401
      403
      404
      408
      499
      500
      503
Get support on SlackVisit our developer forum

Contact us

Fraud and Risk Prevention

/

API reference

/

Device Fingerprinting

/

Check Email Risk

Check Email Risk

POST
https://telemetry.stytch.com/v1/email/risk

Get risk information for a specific email address. The response will contain a recommended action (ALLOW, BLOCK, or CHALLENGE) and a more granular risk_score. You can also check the address_information and domain_information fields for more information about the email address and email domain.

This feature is in beta. Reach out to us here if you'd like to request early access.

Body parameters

email_address* string

The email address to check.

Response fields

request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

action string

The suggested action based on the attributes of the email address. The available actions are:

  • ALLOW - This email is most likely safe to send to and not fraudulent.
  • BLOCK - This email is invalid or exhibits signs of fraud. We recommend blocking the end user.
  • CHALLENGE - This email has some potentially fraudulent attributes. We recommend increased friction such as 2FA or other forms of extended user verification before allowing the privileged action to proceed.
address_information object

Information about the email address.

has_known_bounces bool

Whether email sent to this address is known to have bounced previously.

has_valid_syntax bool

Whether this email address is valid.

is_suspected_role_address bool

Whether the local part of the email appears to be a role or group, rather than an individual end user.

normalized_email string

The normalized email address after removing '.' characters and any characters after a '+'.

tumbling_character_count int

The number of '.' and '+' characters in the email address. A higher tumbling count indicates a higher potential for fraud.

domain_information object

Information about the email domain.

has_mx_or_a_record bool

Whether the email has appropriate DNS records to deliver a message.

is_disposable_domain bool

Whether the email domain is known to be disposable.

risk_score int

A score from 0 to 100 indicating how risky the email is. 100 is the most risky.

// Backend SDK coming soon!
RESPONSE 200
200
​
{
	"action": "ALLOW",
	"address_information": {
		"has_known_bounces": false,
		"has_valid_syntax": true,
		"is_suspected_role_address": false,
		"normalized_email": "sandbox@stytch.com",
		"tumbling_character_count": 0
	},
	"domain_information": {
		"has_mx_or_a_record": true,
		"is_disposable_domain": false
	},
	"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
	"risk_score": 0,
	"status_code": 200
}
RESPONSE 401
200
​
{
  "status_code": 401,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "unauthorized_credentials",
  "error_message": "Unauthorized credentials.",
  "error_url": "https://stytch.com/docs/api/errors/401"
}
RESPONSE 429
200
​
{
  "status_code": 429,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "too_many_requests",
  "error_message": "Too many requests have been made.",
  "error_url": "https://stytch.com/docs/api/errors/429"
}
RESPONSE 500
200
​
{
  "status_code": 500,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "internal_server_error",
  "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
  "error_url": "https://stytch.com/docs/api/errors/500"
}