For fun one day, I was helping a friend research a market niche within the Defense industry (as one does with friends). Being the resident internet bloodhound, I was tasked with hunting down the email addresses of Execs in various companies. I plugged into the matrix and took-off like Jerome Powell and his money printer.
At first this proved to be challenging. It's not like the CEO is going to post his email on the website. Sifting through the socials wasn't any better. Most social media companies hide email addresses.
That is when I came to an obvious realization. Most employees of a company get the same type of email address, [email protected].
Easy right? However before you start sending random emails into the vast emptiness of the internet, it would probably be a good idea to verify that those are indeed real email addresses.
It would be pretty awkward if you sculpted the perfectly worded intro email all for it to never reach its destination.
That brings up the question.
How do you validate an email address?
I tried everything; sketchy websites, shady Github projects, quantitative easing. Okay maybe not that last one. Even I am not that crazy.
Stumped, I pondered further options.
Then it hit me like inflation on Black Friday. Most emails have been involved in some security breach over the years. If they have been involved in a security breach they should appear on have I been pwnd
Sure enough it worked. Valid emails will show up as having been breached and typically invalid email addresses will show up clean.
In addition to validating email addresses you also get a look into some of the products and services they use.
TLDR
Step 1.
Find the name of the person whose email you want.
Step 2.
Plug that name into haveibeenpwnd.com. If it shows up as having been breached you know it is legit. If it appears as clean, try a different email.
Step 3.
Profit.