| entity | object | Contains the email risk profile data |
| entity.email | string | The email address that was screened |
| entity.reputation | string | Overall email reputation rating (e.g., βhighβ, βmediumβ, βlowβ) |
| entity.suspicious | boolean | true if the email is flagged as suspicious based on combined risk signals |
| entity.references | integer | Number of online references or appearances found for this email |
| entity.details | object | Detailed breakdown of email risk signals |
| entity.details.blacklisted | boolean | true if the email appears on known blacklists |
| entity.details.malicious_activity | boolean | true if the email has been associated with malicious activity |
| entity.details.malicious_activity_recent | boolean | true if malicious activity was detected recently |
| entity.details.credentials_leaked | boolean | true if the emailβs credentials have appeared in known data leaks |
| entity.details.credentials_leaked_recent | boolean | true if credential leaks were detected recently |
| entity.details.data_breach | boolean | true if the email was found in known data breaches |
| entity.details.first_seen | string | Date the email was first observed online (MM/DD/YYYY) |
| entity.details.last_seen | string | Date the email was last observed online (MM/DD/YYYY) |
| entity.details.domain_exists | boolean | true if the emailβs domain exists and resolves |
| entity.details.domain_reputation | string | Reputation score of the emailβs domain, or βn/aβ if unavailable |
| entity.details.new_domain | boolean | true if the domain was recently created, which can indicate fraud |
| entity.details.days_since_domain_creation | integer | Number of days since the email domain was registered |
| entity.details.suspicious_tld | boolean | true if the domain uses a top-level domain commonly associated with abuse |
| entity.details.spam | boolean | true if the email has been associated with spam activity |
| entity.details.free_provider | boolean | true if the email is from a free provider (e.g., Gmail, Yahoo) |
| entity.details.disposable | boolean | true if the email belongs to a disposable or temporary email service |
| entity.details.deliverable | boolean | true if the email address can receive messages |
| entity.details.accept_all | boolean | true if the mail server accepts all incoming emails regardless of address |
| entity.details.valid_mx | boolean | true if the domain has valid MX (mail exchange) records |
| entity.details.primary_mx | string | Primary mail exchange server hostname for the domain |
| entity.details.spoofable | boolean | true if the domain can be spoofed due to lacking anti-spoofing protections |
| entity.details.spf_strict | boolean | true if the domain has strict SPF (Sender Policy Framework) records |
| entity.details.dmarc_enforced | boolean | true if the domain enforces DMARC authentication |
| entity.details.profiles | array | List of online platforms where the email address has registered accounts |
