Blog

The capability to verify email addresses / accounts by username is undoubtedly a key must-have for Digital Investigators. However, this process is often time-consuming when attempting to verify usernames and accounts against individual email service providers. One very effective tool that Digital Investigators can use to accomplish this task and save lots of time is ‘MailCat’. This tool is an ultra-lightweight Python script that checks usernames across a substantially large range of email providers including:

  • GMail
  • Yandex
  • ProtonMail – Including protonmail.com, protonmail.ch and pm.me
  • iCloud – Including icloud.com, me.com, and mac.com
  • tut.by – A Belarus-based independent news, media and service internet portal, one of the five most popular websites in Belarus, and the most popular news web portal and email service providers in the country
  • mail.ru – A popular Russian email service provider that also owns the VKontakte social media network
  • Rambler – A Russian search engine and email service provider owned by the Rambler Media Group
  • Tutanota – A German end-to-end encrypted email software and hosted secure email service
  • Yahoo
  • Outlook
  • Zoho – An Indian cloud-based and service-as-a-standard (SaaS) provider for businesses
  • Lycos
  • Eclipso – A German cloud and email service provider
  • Posteo – A German email service provider for individuals and businesses
  • mailbox.org – A German email service provider
  • FireMail – A German email service provider
  • FastMail – An Australian email hosting company
  • StartMail – An encrypted email service provider based in the Netherlands
  • KolabNow – A Swiss web-based email and groupware service
  • bigmir)net – A Russian email service provider
  • XMail – A British Virgin Islands-incorporated secure email service provider
  • Ukr.net – A Ukrainian search portal and email service provider
  • Runbox – A Norwegian e-mail and web hosting provider
  • DuckDuckGo
  • HushMail – A Canadian web-based email service offering PGP-encrypted e-mail and vanity domain service
  • CTemplar – An Icelandic anonymous encrypted email service provider

The verification method used by the tool understandably varies depending on which email service provider it is querying. For GMail and Yandex, the tool uses SMTP verification. Verification of ProtonMail usernames / accounts is achieved through the use of the open API whilst iCloud emails are verified through the access recovery method. The remaining email service providers are verified via the registration method.

Overall, we had a very successful test of ‘MailCat’. Installation and deployment of the script were seamless with no issues detected, running the search is achieved by invoking the argument python mailcat.py within the command-line interface. The overall search process can take between one to five minutes depending on the number of email accounts identified on each of the email service providers.

Link to GIT: https://github.com/sharsil/mailcat