Advertisement

Hello, Is It Me You’re Looking For?

Article main image
Nov 25, 2020

How do you know that the person you’re intending to reach is the person receiving your message, or that there is anyone at the other end at all?

Validating and verifying contact information can be a time-consuming practice but will help keep you from ending up in spam, from messaging dead emails, and calling the wrong number.

“269 billion emails were sent and received each day in 2017, but that number is expected to increase to over 333 billion daily emails in 2022. Out of those emails, only 28% actually make it to the inbox.” ~ Campaign Monitor

Based on the quote above, 72% of almost 270 billion daily emails ended up in spam folders or otherwise not reaching their intended target – the inbox. That amounts to a whopping 71 trillion emails PER YEAR that don’t reach their target, and that number is only growing with each passing year.

Verifying and Validating Email Addresses

There are many tools out there, paid and free, that can verify and validate email addresses. The paid tools will certainly get the job done faster, but those of you working on shoestring and ramen noodle budgets don’t always have the luxury of having access to those types of products.

Some of my favorite free tools for verifying email addresses are:

I first learned about the outlook method from Irina Shamaeva, who wrote the article I came across detailing how to import and verify emails in Outlook’s web app – and while this method has its limits, it is absolutely an invaluable tool for anyone’s toolkit.

Epieos is a pen-test and OSINT consulting organization, and their Google Account Finder is another invaluable asset for your toolkit. It enables to you verify Gmail accounts and displays the users name as well as links to some of their google activity like YouTube, Photo Backups, and Map Contributions. This allows you to verify outside of LinkedIn who the owner of the account is and compare it to your gathered information to reasonably conclude that it is the person you’re intending to reach.

Hunter.io Email Verifier is a function built into the Hunter.io website that allows you to enter a professional/work email address and attempt to verify deliverability as well as identity of the user. Unfortunately, this doesn’t work for personal email domains like Gmail, Yahoo, etc.

Centralops.net has a suite of tools available including a tool to test email addresses for deliverability. This verifies the domain and checks that the email can receive messages through that domain. It will give you a confidence rating based on the outcome of the test and provides a chart for you to understand what the confidence rating means (which is hyperlinked in the blued “more info” at the end of the rating).

Verifying and Validating Phone Numbers

Verifying and validating a phone number can be a little trickier than an email address, as there is no public database published by providers that detail cell phone numbers. There are a couple of tools that can provide you known numbers for that person but sometime, especially with more common names, it could give you a number to the right name but wrong person.

Some tools that you can use to locate and verify numbers:

USPhonebook.com is tool I’ve mentioned in previous articles. It is a lookup site where you can search for someone by name or reverse search a phone number to find the details of the potential owner of the number. It’s database isn’t up to date (as tested on my own new-ish phone number) but is a great tool nonetheless as not everyone changes numbers frequently. If using this as a source to gather numbers, I would recommend verifying the number using another source before launching any outreach.

OKCaller.com is another similar lookup site, where you can search by name or reverse search a phone number. The interface is a little odd, as you have to navigate to the Address Book and then click on “Find by Name” at the top of the page in order to search by name, you can’t do that from the main page.

Apeiron CNAM Lookup is a newer tool I stumbled on but is proving itself nicely. To use this tool, you enter a phone number and it searches and returns the caller ID that is broadcasted when that number calls another number. It displays these results in the greyed-out box below the “Lookup number” button.

Just for Fun

If you’re familiar with Python, here are a couple of other tools you should check out. Keep in mind that these are pen test tools, and should be used responsibly, the Email2PhoneNumber tool especially.

Email2PhoneNumber is a python module that will use a known email address and check it against services like PayPal, Amazon, etc. that typically return a portion of a phone number that is set as the “Reset Password” phone number for the account associated with the email address you entered. It is an entirely convoluted process that is well-detailed here.

theHarvester is another python module that allows you to search multiple search engines, social media sites and more all at one through your command prompt. It is well documented in the github repository as well as many video walkthroughs hosted on YouTube. One key thing is that it cannot run on Windows, as one of its dependencies is incompatible with Windows OS. I bypass that by running a virtual machine on my desktop using VirtualBox, a free VM service, with Kali Linux which comes pre-loaded with theHarvester and many other pentest and OSINT tools.