Docs / Features

Email Intelligence (OSINT)

Email Intelligence (OSINT)

Laravel Mail Platform includes a built-in Email Intelligence system powered by SpiderFoot. This feature allows you to perform Open Source Intelligence (OSINT) scans on email addresses and domains to gather publicly available information about your subscribers.

Overview

Email Intelligence helps you understand your audience better by identifying:

  • Social Media Profiles: Linked accounts on external sites.
  • Data Breaches: Whether an email address has been compromised in known data leaks.
  • Affiliations: Connections to other domains or internet names.
  • Blacklists: Whether an IP address or domain associated with a subscriber is flagged for spam or malicious activity.

How it Works

The system integrates with a SpiderFoot instance (via API) to orchestrate complex scans. When you start a scan, the application:

  1. Dispatches a scan request to the SpiderFoot API.
  2. Monitors the scan status.
  3. Retrieves and categorizes the findings.
  4. Stores the results for your review within the dashboard.

Using Email Intelligence

Starting a New Scan

  1. Navigate to Intelligence in the sidebar.
  2. Click New Scan.
  3. Enter the Target (e.g., an email address like john@example.com or a domain like example.com).
  4. Click Start Scan.

The scan will now run in the background. Depending on the target and the modules enabled in your SpiderFoot instance, this can take anywhere from a few minutes to an hour.

Reviewing Results

Once a scan is complete (or while it's in progress), you can click on the scan in your list to view the results. Results are categorized into several types:

  • Entity: Direct findings like email addresses, account names, and physical addresses.
  • Descriptor: Metadata about a finding, such as "Hacked" or "Blacklisted".
  • Internal: System-level events for debugging.

Common Findings

Event ID Description
ACCOUNT_EXTERNAL_OWNED Found a social media or web account belonging to the target.
EMAILADDR_COMPROMISED This email address was found in a past data breach.
BLACKLISTED_IPADDR The subscriber's mail server or IP is on a blacklist.
AFFILIATE_EMAILADDR Found another email address linked to the target.

Configuration

To use this feature, you must have a SpiderFoot server running and accessible by your Laravel Mail application.

Docker Support

If you are using the provided docker-compose.yaml, ensure your application container has network access to your SpiderFoot instance.

Environment Variables

Add these to your .env file to configure the connection:

SPIDERFOOT_URL=http://spiderfoot:5001
SPIDERFOOT_API_KEY=your_api_key_here

Best Practices

  • Respect Privacy: Only use OSINT tools for legitimate business purposes, such as verifying leads or protecting against fraud.
  • Batch Scanning: Use the Import feature to scan multiple targets at once by uploading a CSV.
  • Monitor API Limits: If using third-party modules within SpiderFoot (e.g., HaveIBeenPwned), be aware of their respective API key limits and costs.