Email

Overview

Email indicators within the CoreTIS platform offer an array of tools for analyzing the legitimacy, reputation, and operational security associated with an email address. The “Detection” and “Details” tabs provide various insights drawn from different data sources.

Detection Tab for Email Indicators

Abstract Information

Abstract gathers data about the email address’s general attributes and online presence.

• Data Provided:
  • Verification Status: Whether the email address is valid and active.
  • Domain Reputation: The reputation score of the domain associated with the email.
  • Known Associations: Links to social media or professional profiles tied to the email address.
• Utility:
  • Helps verify the legitimacy of email communications.
  • Aids in the assessment of potential phishing or spam threats.

Hunter.io Information

Hunter.io specializes in finding and verifying professional email addresses.

• Data Provided:
  • Email Discovery: Lists other emails from the same domain.
  • Organizational Roles: Identifies possible roles or titles associated with the email address.
  • Email Patterns: Shows common formats used by the domain for creating email addresses.
• Utility:
  • Useful for identifying business email compromise (BEC) threats.
  • Assists in mapping the structure of an organization for threat intelligence purposes.

Reacher Mail Information

Reacher provides real-time verification of email deliverability.

• Data Provided:
  • Deliverability Status: Indicates if emails sent to the address are likely to be delivered successfully.
  • Server Information: Details about the email server, including MX records and SMTP provider.
• Utility:
  • Ensures that security alerts and communications are sent to valid addresses.
  • Detects potential email spoofing by assessing server configurations.

Details Tab for Email Indicators

Whois Information

Whois provides domain registration details, which can be used to identify the owners of the email domain.

• Data Provided:
  • Domain Registration: Contact information, registrar details, and registration dates.
  • Administrative Contacts: Information about the individuals or entities managing the domain.
• Utility:
  • Identifies the potential origin of email-based threats.
  • Supports domain-based investigations by providing a starting point for contact.

SSL Certificate Information

Details the SSL certificate used by the email domain’s server, relevant for encrypting email transmissions.

• Data Provided:
  • Certificate Details: Issuer, validity dates, encryption protocols, and certificate fingerprints.
• Utility:
  • Assures that email communications are encrypted and secure.
  • Can expose insecure or improperly configured email servers.

Best Practices for Analysts

• Use Abstract to quickly assess an email’s legitimacy and associated online footprint.
• Leverage Hunter.io for detailed organizational insights and to uncover related email addresses.
• Depend on Reacher for deliverability checks to maintain effective email communication channels.
• Review Whois and SSL Certificate data to ensure email domain integrity and security.