email-finder

Find email addresses for a domain by combining website scraping, search dorking, pattern guessing, DNS analysis, and SMTP verification. Use when prospecting leads, finding contact emails for outreach, or building contact lists from a company domain. Optionally provide a person's name to generate and verify common email patterns.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "email-finder" with this command: npx skills add psyduckler/openclaw-sales-skills/psyduckler-openclaw-sales-skills-email-finder

Email Finder

Discover email addresses associated with a domain using multiple methods.

How It Works

  1. Website Scraping — Fetches homepage, /contact, /about, /team pages and extracts emails via regex
  2. Search Dorking — Searches for published emails in directories and search engines
  3. Pattern Guessing — If a name is provided, generates common patterns (first@, first.last@, flast@, etc.)
  4. DNS Hints — Checks MX/SPF/DMARC records to identify the email provider
  5. SMTP Verification — Verifies all found/guessed emails using RCPT TO

Dependencies

pip3 install dnspython

Usage

Basic domain search

python3 scripts/find_emails.py example.com

With name for pattern guessing

python3 scripts/find_emails.py example.com --name "John Smith"

Skip SMTP verification

python3 scripts/find_emails.py example.com --no-verify

Options

  • --name "First Last" — Enable pattern guessing for a specific person
  • --no-verify — Skip SMTP verification step
  • --timeout SECONDS — Connection timeout (default: 10)

Output

JSON to stdout:

{
  "domain": "example.com",
  "provider": "Google Workspace",
  "mx": ["aspmx.l.google.com"],
  "spf": "v=spf1 include:_spf.google.com ~all",
  "dmarc": "v=DMARC1; p=reject; rua=mailto:dmarc@example.com",
  "emails_found": 2,
  "emails": [
    {
      "email": "info@example.com",
      "source": "scraped",
      "deliverable": "yes",
      "smtp_detail": "2.1.5 OK"
    },
    {
      "email": "john.smith@example.com",
      "source": "guessed",
      "deliverable": "catch-all",
      "smtp_detail": "2.1.5 OK"
    }
  ]
}

Source values

ValueMeaning
scrapedFound on the domain's website
searchedFound via search/directory lookup
guessedGenerated from name patterns
dnsFound in DNS records (DMARC reports, etc.)

Deliverable values

ValueMeaning
yesServer accepted the recipient
noServer rejected the recipient (invalid)
catch-allServer accepts all addresses
unknownCould not determine
not_checkedVerification was skipped

Rate Limiting

The script includes built-in rate limiting at every stage to protect your IP:

# Defaults: 0.5s between page fetches, 2s between SMTP checks, max 15 SMTP checks
python3 scripts/find_emails.py example.com --name "John Smith"

# Conservative settings for sensitive environments
python3 scripts/find_emails.py example.com --scrape-delay 1.0 --smtp-delay 4 --max-smtp-checks 8

# Just scrape, no SMTP (zero risk)
python3 scripts/find_emails.py example.com --no-verify

Options

  • --scrape-delay SECONDS — Pause between website page fetches (default: 0.5)
  • --smtp-delay SECONDS — Pause between SMTP verification checks (default: 2.0)
  • --max-smtp-checks N — Max SMTP verifications per run (default: 15). Remaining emails get not_checked status.

Why rate limiting matters

This tool hits both web servers and mail servers. Without rate limiting:

  • Web scraping — Aggressive crawling gets your IP blocked by WAFs (Cloudflare, etc.) and makes you look like a bot. Respectful delays avoid this.
  • SMTP verification — Mail servers flag IPs making rapid RCPT TO requests. Your IP can get blacklisted, affecting your ability to send real email.
  • Residential IPs are fragile — Unlike datacenter IPs, your home/office IP is shared across all your internet activity. Getting it blacklisted affects everything.

Guidelines for agents

ScenarioRecommended approach
Single domain lookupDefaults are fine
Domain + name pattern guessingDefaults are fine (15 SMTP checks covers all patterns)
Multiple domains in sequenceAdd 5-10s pause between domains. Don't run more than 20 domains/day
Just need the email providerUse --no-verify — DNS-only, zero risk
Bulk prospecting (50+ domains)Use a paid service (Hunter.io, Apollo) or spread across multiple days

Key principle: The script is designed for targeted lookups, not mass scraping. If you need to process hundreds of domains, use a dedicated service with proper IP reputation management.

Limitations

  • Website scraping depends on emails being visible in page source (won't find obfuscated/JS-rendered emails)
  • Search engines may block automated queries
  • SMTP verification requires outbound port 25 access
  • Catch-all domains accept all addresses — can't confirm real inboxes
  • Be respectful: the script adds delays between requests but don't run it in tight loops

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

lead-scorer

No summary provided by upstream source.

Repository SourceNeeds Review
4-psyduckler
General

email-verifier

No summary provided by upstream source.

Repository SourceNeeds Review
3-psyduckler
Coding

email-finder

No summary provided by upstream source.

Repository SourceNeeds Review
82-shipshitdev
Research

holiday

Research public holidays, bank holidays, observed days, school breaks, and make-up workdays for any country or region. Use when the user asks whether a speci...

Registry SourceRecently Updated
130jvy