sublime-security / emailrep.io Goto Github PK

I just checked multiple self-hosted emailaddresses. All of these show "valid_mx": false, but I don't understand why.

https://emailrep.io/[email protected]

curl emailrep.io/[email protected]
{
    "email": "[email protected]",
    "reputation": "low",
    "suspicious": true,
    "references": 2,
    "details": {
        "blacklisted": false,
        "malicious_activity": false,
        "malicious_activity_recent": false,
        "credentials_leaked": false,
        "credentials_leaked_recent": false,
        "data_breach": false,
        "last_seen": "never",
        "domain_exists": true,
        "domain_reputation": "low",
        "new_domain": false,
        "days_since_domain_creation": 773,
        "suspicious_tld": false,
        "spam": false,
        "free_provider": false,
        "disposable": false,
        "deliverable": false,
        "accept_all": false,
        "valid_mx": false,
        "spoofable": false,
        "spf_strict": true,
        "dmarc_enforced": true,
        "profiles": [
            "spotify",
            "twitter"
        ]
    }
}

The Domain is using DNSSEC with RSASHA256, properly configured (see https://dnssec-debugger.verisignlabs.com/keigel2001.net or http://dnsviz.net/d/keigel2001.net/dnssec/)
But also other domains without DNSSEC have the same problem.

A check at mxtoolbox said everything is ok.

Querying google-dns:

dig keigel2001.net MX +short @8.8.8.8
10 megan.keigel2001.net.
20 zooey.keigel2001.net.

Same output for cloudflare-dns and every nameserver delegated to the domain.

Hello!

On the page https://emailrep.io/key, this element links to a 404 page.

<a href="https://sublimesecurity.com/terms.html" target="_blank">Terms of Use.</a>

It should probably link to https://sublime.security/terms/ instead

In my tests I am hitting timeouts, I'd like to use an API key to have higher quota. Is this possible? Your docs mention an API key but don't specify how to generate one.

Hi - trying to pass my API Key to deal with rate limiting issue and it doesn't seem to be having any effect (tried with a brand new API key and still got the rate limiting msg).

Following your nodejs code sample in the docs, here's what I'm trying:

const sdk = require("api")("@sublimesecurity/v0.3#49y4gl02wflaz");
sdk.server("https://emailrep.io");

sdk
  .auth(MY_API_KEY) //doesn't seem to change rate limiting, is this working?
  .get(`/${email}`)

In my mail server I have deliverable: false, but otherwise everything looks good. I think this may be closely related to #2, and the cause may be the same exact timeout.

Hi!

Just generally wondering why my domain ironpeak.be (e.g. [email protected]) is marked as:

• DMARC not enforced
• Spoofable

While I have following TXT records:

• _dmarc.ironpeak.be v=DMARC1; p=reject; rua=mailto:[email protected]
• v=spf1 include:_spf.google.com ~all

Command:

# curl emailrep.io/[email protected]
{
  "email": "[email protected]",
  "reputation": "low",
  "suspicious": false,
  "references": 1,
  "details": {
    "blacklisted": false,
    "malicious_activity": false,
    "malicious_activity_recent": false,
    "credentials_leaked": false,
    "credentials_leaked_recent": false,
    "data_breach": false,
    "first_seen": "never",
    "last_seen": "never",
    "domain_exists": true,
    "domain_reputation": "low",
    "new_domain": false,
    "days_since_domain_creation": 1498,
    "suspicious_tld": false,
    "spam": false,
    "free_provider": false,
    "disposable": false,
    "deliverable": true,
    "accept_all": false,
    "valid_mx": true,
    "primary_mx": "aspmx.l.google.com",
    "spoofable": true,
    "spf_strict": true,
    "dmarc_enforced": false,
    "profiles": [
      "gravatar"
    ]
  }

Dear EmailRep Team,
I want to confirm if the daily limit also applied on 1000/20$ package too? I am facing a response of too many submission on UI and daily limit exceed in response.
Further, how to get information of usage of my paid api key. Thanks

Good day.
It's been a few days since I keep trying to contact you.

How can I cancel my monthly commercial subscription?
Thank you.

{
"email": "[email protected]",
"reputation": "medium",
"suspicious": false,
"references": 1,
"details": {
"blacklisted": false,
"malicious_activity": false,
"malicious_activity_recent": false,
"credentials_leaked": true,
"credentials_leaked_recent": false,
"data_breach": true,
"first_seen": "01/07/2019",
"last_seen": "01/07/2019",
"domain_exists": true,
"domain_reputation": "n/a",
"new_domain": false,
"days_since_domain_creation": 9620,
"suspicious_tld": false,
"spam": false,
"free_provider": true,
"disposable": false,
"deliverable": true,
"accept_all": true,
"valid_mx": true,
"primary_mx": "mxs.mail.ru",
"spoofable": false,
"spf_strict": true,
"dmarc_enforced": true,
"profiles": []
}
}

In Windows PowerShell, curl is an alias for the Invoke-WebRequest cmdlet, so when you execute:

Invoke-WebRequest https://emailrep.io/[email protected]

... you get the full html of the web page in the response body. Changing the UserAgent string to anything with the substring curl makes it return the raw JSON:

Invoke-WebRequest https://emailrep.io/[email protected] -UserAgent not_curl |ConvertFrom-Json
# Works as expected

This is probably by design, but please consider either adding an optional query param (?api=1 or whatever) to specify that output should be pure JSON, or at least document in the README that the user is expected to supply a user string containing curl :)