Security researchers have comeup with a new tool that can verify email account existance/genuineness for people at businesses, even if the address hasn’t been published online and lies in a closed private company.
Peepmail assures the delivery of emails to everyone from Apple’s Steve Jobs and Microsoft’s Steve Ballmer to the random guy whose business card you lost. It uses the knowledge of the mail protocol to verify email delivery. Simply stated, its based on the fact that many email servers will inform the email sender whether the address is valid, even before the message is actually sent.
Peepmail does a great job at finding the email address for any person in the world using his first, second name. Peepmail tests permutations of the name until the company’s email server responds with a message that indicates the address is valid. However, peepmail tricks the server, and doesn’t actually sends the email, so the person being looked up has no idea about it.
We tried peepmail to actually locate email addresses of business corporates. With our tests, the app did a good job by giving the right email 50 percent of the time.
For cetain searches, the tool failed to return any email address, thats because some mail servers don’t actually reply back whether an address is valid before getting the email. They just digest every incoming email and later send back an error message only after the offending email is sent.
The developer of the tool claims that the tools is not intended to hurt privacy of the corporates, but its a Proof of concept that shows how vulnerable our email servers are, and how bad our Email security is, “I created the tool to demonstrate what has been possible for years but very few people know,” he said.