Upload leads · classify via SPF/PTR/HTTP · filter by rules · export with per-company caps · webhook on completion
Fan out HTTP probes against likely webmail hosts; regex the body for known provider strings. The pattern with the lowest priority index wins. This phase recovers ~10% of leads MX/SPF/PTR all missed (mailnara, owa, w/cpanel, zimbra, mailenable …).
Order matters — lowest priority wins. Use ↑/↓ to reorder; saved priorities are 1..N in row order.
| # | Provider | Body regex (case-insensitive) | Bucket | Move | |
|---|---|---|---|---|---|
| 1 | Top-priority — short-circuits the parallel fan-out on hit. | mailnara | |||
| 2 | Generic 'groupware' string → `hambiro` bucket (matches Go reference). | hambiro | |||
| 3 | mailplug | ||||
| 4 | secuecloud | ||||
| 5 | smartermail | ||||
| 6 | Polish hosting. | home-pl | |||
| 7 | aruba | ||||
| 8 | mailenable | ||||
| 9 | zimbra | ||||
| 10 | Outlook Web Access — order matters; before this we already short-circuited on mailnara if applicable. | owa | |||
| 11 | Bucket `rc` matches the Go reference. | rc | |||
| 12 | Bucket `w` matches the Go reference (`w.atim`). | w |
In addition to PTR-derived hosts, we probe these subdomains and ports on the bare domain.
443 catches cases where the webmail is on the bare domain. 2096 / 2080 catch cPanel webmail and a few legacy setups.
Stuck hosts get killed at this mark.
Worker fans out this many URLs in parallel and takes the lowest-priority match.
Response bytes past this are dropped. 64KB catches every provider footer / sign-in form in our test set.
Inclusive. 401/403 caught here because OWA login pages return 403 with the regex-matchable body intact.
Sent on every probe.
Hosts that refuse / time out get cached as dead for this long, so we don't keep hammering them across leads on the same domain.
Enter a domain and hit Run to see the pipeline trace.