From Good to Bad: Exploring the Impact of Reputations on Online Trust.

A reputation speaks volumes without saying anything at all.

We blog because we love writing. But what we love even more than that is making complex things simpler for those new to cybersecurity and online safety. Because we feel that everyone should have access to tools that makes the online world safer, and easier to access and secure. We also think scammers are the butt end of society, and that everyday people should have the resources to accurately determine if they are being scammed, cat fished or the like. 

So with that said, in today’s article we’ll be having a look at some OSINT tools to assist us with examining email and domain reputations. 
Whilst Domain Reputation analysis can be considered a form of OSINT, the act of assessing a domain reputation would once be considered a niche interest, mostly being used by cyber professionals, marketers and the like. However now Reputations can give us plenty of insight in to the past actions of an address, and can even give us some insight on what we can possibly expect from the address or domain in questions. It’s also a field that is growing in importance as the internet expands and spam based email campaigns continue to proliferate. Let’s get a quick ChatGPT insight on why this might be useful for us. 

Input: Give a short summary of Domain and Email reputations and give us some insight on why this may be useful for us. 

Output: Domain reputation refers to the overall perception of your domain name by email service providers (ESPs) and internet service providers (ISPs). It is a measure of your domain’s trustworthiness, based on various factors such as the quality of your email practices, engagement rates, and user feedback. A positive domain reputation increases the chances of your emails reaching the recipients’ inboxes rather than being marked as spam or blocked.
Email reputation focuses specifically on the reputation of your email sender, usually an IP address or a sending domain. It is determined by analyzing the historical performance of your email campaigns and the quality of your email practices. A positive email reputation increases the likelihood of your emails reaching recipients’ inboxes.

Why is it useful?

1. Higher Deliverability: Positive domain and email reputations increase the chances of your emails reaching the intended recipients’ inboxes instead of being flagged as spam or blocked.
2. Enhanced Brand Credibility: A positive reputation ensures that your brand’s emails are seen as trustworthy, increasing customer confidence and brand loyalty.
3. Effective Email Marketing: Maintaining a good reputation allows your email marketing campaigns to reach the target audience, improving engagement, conversions, and ROI.
4. Avoiding Blacklisting: A positive reputation helps prevent your domain or IP address from being blacklisted, which can lead to severe email delivery issues.
5. Protection Against Phishing Attacks: A good reputation reduces the likelihood of your domain being spoofed for phishing scams, safeguarding your brand’s reputation and the security of your recipients.

The Tools:
While there is numerous tools around to achieve these objectives for the purposes of today’s article we’ll focus on two specifically. This is because both of these tools provide multiple ways to request and receive our information. While we can look at and obtain reputation information easily via a browser we can just as easily perform the same search via the command line using a simple curl request. This gives us further flexibility in how we’re able to use these tools to access our information. We’ll look at email first. 

Email:
Today we’ll be using emailrep.io for our intial searches. While it has a good interface and a simple billing structure with a free account, you’ll need to be aware that you’ll be rate limited to 10 searches a day or 250 per month. While this may not be enough for some researchers, it should typically be enough for an average user or freeware focused analyst to conduct enough searches to get a feel for how it works. You can even run your own information and see what you come back with. 
emailrep.io can cater to most peoples needs. 

Searching:
In the interests of keeping this at a tolerable length we’ll simply use the provided examples from each relevant provider to examine the information we can get. For email, we can use the test address of bill@microsoft.com and analyse the return we are provided. While we expect most readers to use the browser, terminal users should remember we can access it via the command line with the following command. 

curl emailrep.io/bill@microsoft.com

Our provided response gives us this information in return
Breaking it down, we see it has a reputation of HIGH, with 79 references and a ranking of “Not Suspicous”. We also see no levels of malicous activity or indication of any blacklisting. However interestingly enough we see that it has been part of a Databreach at some point. We’ll give Bill a break today and not pursue that any further. Maybe there’s a reader who’s up for a challenge??

Lastly we see that we can cross check the email information with certain forms of social media. While there are better sources for performing these types of linking searches some of this information can still be useful to us. If you’re interested in some of these linking searches, we will be covering them later on however starting your search with Sherlock or Social Scan is probably a good place to begin. 
Spamhaus is one option for domain checking. 

Domains:
For domains we’ll be looking at infomation by The Spamhaus Project. This not for profit provider gives a clean, simple web interface for users to access information. Let’s check out Bill’s company and see what we find. 
As we’d expect all is clear. 

While we’d expect to see no issues with a domain like microsoft.com you may have noticed that while Spamhaus’s returns are extremely simplistic. This is ideal for those who are new to this type of thing however if you’re more of an experienced user you may wish to obtain additional information from your search. So with that said, let’s go further and take another quick look at another common tool for achieving the same purposes. EasyDmarc.com
EasyDmarc provides far greater insight. 

Easy Dmarc also provides plans that cater to all levels of need, including a useful free tier. 
We can immediately see that EasyDmarc provides us with a far greater level of insight compared to Spamhaus, including a far wider array of search parameters. Running our new tool against Bill’s domain again gives a clean bill of health.
Our “Bill”ion dollar test company

It’s important to realize however that unlike our emailrep.io test this is predominantly optimised to work through its browser interface. This shouldn’t be too much of an issue however as it’s well designed and simple to use. 

A Quick word about IP Addresses:
Despite not being touched on in today’s article we’d be remiss to talk about reputation analysis and not provide insight into the fact that reputation can be conducted by IP addresses as well. This means that searches can be conducted in further detail against servers, web hosts and other infrastructure tools and assets that are in use. If you’re interested in this then read on as we have one last tool for you to add to the chest.

Talos is a great source of information to continue your journey.

A Clearer Picture:
While we mentioned earlier that we’d be trying to keep things like this reasonably beginner focused, it’s important to realize that like anything in life reward is based on effort. So if you’re interested in continuing the dive down the rabbit hole in regards to this type of topic, you should also be aware that there are far greater lengths that can be explored in regards to this, in both offensive and defensive capacities. 
Probably two of the clearest advantages of this would be things such as live domain and reputation monitoring. While this may be outside the scope of a typical user and more the domain of companies and specialists there are tools that allow this to be enabled in real time, providing insight on risk levels as well as attack vectors and sources. 
Probably one of the best all in one tools for continuing or startingto develop your skills around this topic would be the talos intelligence suite.
Provided by Cisco this tool is an all in one solution for many things, with everything from incident response, to live monitoring to vulnerability information. There’s also an active blog and support center, allowing users to jump in and get a further level of insight into assets and infrastructure. 

🌟 Enjoyed this article? Support our work and join the community! 🌟

💙 Support us on Ko-fi: Investigator515

📢 Join our Telegram channel for exclusive updates or.

🐦 Follow us on Twitter

🔗 Articles we think you’ll like:

1. Eye Spy with My Tineye: Reverse Image Searching
2. What the Tech?!: Satellite Linking

✉️ Want more content like this? Sign up for email updates here