Rowland O'Connor, Email Hippo: “there's a wide spectrum of threats where a fake email address could be a red flag”
Email marketing has been highly favored by all types of companies over the past years. It’s no surprise that cybercriminals are also using it as an opportunity to broaden their attack vectors. So, they employ sophisticated social engineering tactics to deliver malware via email or steal sensitive information.
Often, malicious emails look almost identical to the common messages sent from well-known providers. While users can stop malware infiltration with the help of a robust antivirus, the reputational damage such attacks make on the exploited brand name is enormous for the company.
So, today we talked with the Founder and the CEO of Email Hippo, a company specializing in email address verification solutions. Rowland O’Connor explained how emails can be used for malicious purposes and what are the best ways to protect them.
Let’s start at the beginning of Email Hippo. How did the idea of email verification come about?
We can trace the origins of Email Hippo back to 2000 when I launched a free email address-checking widget on an IT advice website.
At the time, most email address verification solutions were slow, cumbersome, and unscalable on-prem solutions, so our humble widget was something of a breakthrough. Traffic soon outstripped the rest of the site and our parent company Rolosoft was born.
The Email Hippo brand was launched in 2015 and since then we've focused on doing what we do best – taking email address verification to the next level. Most recently, we entered the fraud prevention space with our ASSESS product, which uses email intelligence to help prevent fraud during the sign-up process.
Can you tell us a little bit about what you do? What is email validation?
Email address validation or email address verification is the process of checking whether an email address is valid or not. That encompasses everything from the syntax of the email address, whether or not an inbox exists at that address, and whether or not the email occurs in any blacklists.
Email address verification technology has many different applications. A common one is to check marketing lists to avoid high bounce rates that could impact the sender's reputation and future email deliverability. In industries such as financial services and online gaming, email verification checks can help to identify whether new user accounts are legitimate or could be used for fraud or abuse.
There are many verification solutions out there. Ours is at the more sophisticated end of the market due to its speed, flexible API, and the number of checks we can carry out on a single email address. This has helped us build close working relationships with clients who may need to verify millions of email addresses every month.
When it comes to threats carried out using fake email addresses, what are the most common ones?
When someone signs up to an online platform or service with any kind of malicious intent, they almost always use a fake or temporary email address. So, there's a wide spectrum of threats where a fake email address could be a red flag: phishing scams, online abuse or harassment, impersonation, fraudulent transactions, and the list goes on. Even large-scale hacking threats could use fake emails at some point in the chain.
71% of people who used a disposable email address in a sign-up transaction said they did it because they didn’t want to receive marketing communication, leaving 29% of users with another reason for using a disposable email address.
As such, our solution can add value for a wide range of companies who need to stop suspicious users at the point of sign-up – whether that's a fake account for an online game or something much more sinister.
How do you think the pandemic has affected your field of work?
Trends such as the great resignation and the high number of workers on furlough have had a significant impact on email list attrition and, at the same time, the number of global email users is expected to grow to 4.6 billion in 2025, making email verification a higher priority for B2B marketers than ever.
Elsewhere, the trend of remote working has created a lot of new opportunities for fraudsters and hackers to target users who no longer have the safety net of office IT security.
Why do you think certain businesses fail to recognize the benefits of data enrichment?
Many companies don't realize they have a problem until disaster hits. For example, marketers may not realize their email list needs attention until after they're penalized for a high bounce rate or the true costs of chargebacks may not be fully identified. More worryingly, online service providers may turn a blind eye to fake sign-ups until fraud and abuse become ever-present problems they need to address.
I think there's also a lack of awareness in the fraud and security space about the value email verification can add to their operations. Our solution isn't a silver bullet, but it's simple, easy to deploy, and provides deep insight into whether or not a person represents a potential security risk – before you let them through the gates.
What are some of the most serious security issues that can arise when dealing with large amounts of sensitive data?
The nightmare scenario is a large-scale theft or data breach leading to financial penalties and reputational damage. A lot of attacks like this have been carried out using techniques such as social engineering and privilege escalation, so it's not inconceivable that email address verification could offer an extra layer of defense.
For our part, we've always been keenly aware that our customers need to be able to trust us with their data, and often, a lot of it. As such, we're big on security and were the first email address verification provider to be accredited against ISO27001.
Besides email address validation, what other marketing tools do you believe can greatly enhance one’s operations?
One of the benefits of our API is that it makes it very easy to integrate email address verification with other business systems, such as a CRM or marketing automation platform. Many of our customers use this method to automate marketing communications at scale, without the need to clean their email lists manually on a regular basis.
Talking about cybersecurity, what would you consider to be the best practices organizations should follow?
Most companies today face such a rapid proliferation of security threats that it's hard to see the forest for the trees. My advice would be to automate as much as possible to eliminate the simpler threats, such as invalid contact information or contacts with low levels of credibility. Then, you can focus your time and resources on the more serious ones, such as preventing bad actors from accessing your systems, committing fraud, and causing chargebacks. But more importantly, I'd advise choosing your customers and suppliers carefully.
Can you give us a sneak peek into some of your future plans for Email Hippo?
Our plans are simply to keep doing what we’re doing and continue to adapt to an ever-changing email services landscape. We have to maintain and improve accuracy and we’ll be enhancing our fraud-fighting solutions with new datasets and intelligence. I can’t share more, it's top secret!