Free Email Permutator
Generate every plausible email pattern for a name + domain, ranked by how often each pattern actually exists.
Find someone's email
Results
Results will appear here
Enter a name and domain on the left, then click Permutate. We'll generate every plausible pattern ranked by how commonly each one appears in business email.
How it works
Enter the name and domain
Type the person's first name, last name, and their company domain. If you know their middle name or nickname, expand the advanced options and add those too.
Click Permutate
We generate every email pattern that domain would actually accept. Gmail-style providers see their dot-only rules applied; corporate domains see all plausible variants. Results sort by real-world prevalence.
Verify the top 3 patterns
Don't send to all of them — use the "Verify this" link on each row to open our email verifier with the address pre-filled. The verifier tells you which mailbox actually exists. That's your answer.
What is an email permutator?
An email permutator takes a person's name and their company's domain, then generates every common email pattern that domain might use. You enter `Kevin Smith` and `acme.com`, you get back `kevin.smith@acme.com`, `ksmith@acme.com`, `kevin@acme.com`, and another 15-20 variations.
The output is a list of plausible addresses, not a single guaranteed-correct one. The next step is checking which of those plausible addresses actually exists, which is where an email verifier comes in.
How to find anyone's work email in 3 steps
Sales teams, recruiters, and journalists hit this problem all day. Someone shared a great talk, their name is in the program, the company is on LinkedIn — but the email isn't published anywhere. Here's the practical workflow that works most of the time.
Step 1: Get the domain right
The domain is the company's main email domain, not necessarily their main website. Big companies sometimes split — `microsoft.com` for corporate, `outlook.com` for consumer, `xbox.com` for support. Smaller companies often use their `.com` for both. When in doubt, look at any public email from someone at the company (press contacts, support@, founders' Twitter bios) and copy the domain from there.
Step 2: Run the permutator
Enter the first name, last name, and domain. Our tool generates every pattern that domain would actually accept. If the domain is `gmail.com`, we skip patterns with dashes (Gmail doesn't allow them). If it's a custom corporate domain, we show all plausible variations because we have no way to know which one they use.
If you know the person's middle name or nickname, fill those in too — `Robert "Bob" Smith` gives you `bob.smith@` and `bsmith@` alongside `robert.smith@`. Both forms are real, both are worth trying.
Step 3: Verify the top candidates
Don't send to all 20 candidates — that's spamming. Take the top 3-5 by likelihood (our table ranks them), then run each through our free email verifier. The verifier tells you which mailboxes actually exist by talking directly to the recipient's mail server. The one that comes back `Safe` is your answer.
Be careful with catch-all domains
Some companies configure their mail server to accept every address (`anything@company.com` is technically valid). If the verifier returns `Catch-All`, you'll need to triangulate another way — LinkedIn message, mutual connection intro, or look for the person's email in a press release.
The 10 most common business email patterns
Research across 250,000 verified business emails (Hunter.io 2024 + Adapt.io 2023) shows the patterns below dominate. If you only have time to try a handful, start at the top:
| Pattern | Example | Prevalence | Typical companies |
|---|---|---|---|
| first.last@ | kevin.smith@ | 36% | Most enterprises, mid-market |
| flast@ | ksmith@ | 22% | Tech companies, agencies |
| first@ | kevin@ | 9% | Startups under ~50 people |
| firstlast@ | kevinsmith@ | 7% | Younger startups, some agencies |
| last.first@ | smith.kevin@ | 6% | European companies, especially German |
| last@ | smith@ | 4% | Very small teams |
| f.last@ | k.smith@ | 4% | Consulting firms, law firms |
| firstl@ | kevins@ | 3% | Older systems, regional companies |
| lastf@ | smithk@ | 2% | Some healthcare, government |
| first_last@ | kevin_smith@ | 1.8% | Microsoft-era corporate, academic |
Note that these are percentages across all companies — a given company picks ONE format. Your job with the permutator is to try the most likely patterns first and confirm which one this specific company uses.
Why some patterns fail
Three things commonly make a guessed email bounce, even when the pattern would normally work:
Provider-specific character rules
Gmail only allows letters, numbers, and dots in the local part. So `kevin-smith@gmail.com` is invalid — that pattern won't deliver, even if Kevin Smith is a real person. Our tool knows this and skips invalid patterns for known providers. For unknown corporate domains, we show all plausible patterns and let the verifier filter.
Gmail's dot rule
Gmail treats dots as cosmetic. `kevin.smith@gmail.com`, `kevinsmith@gmail.com`, and `kev.in.smith@gmail.com` all deliver to the same mailbox. Our tool dedups these so you don't waste time trying "different" patterns that hit the same inbox. ProtonMail and Proton.me behave the same way.
The mailbox doesn't exist
Sometimes the pattern is right but the person uses a different first name internally (Robert vs. Bob), or they go by a middle name, or they're a contractor on a separate domain. The permutator generates plausible patterns — the verifier confirms which one is real.
How to verify which permutation is real
Trying every guessed email by sending a message is a bad idea. You burn your sender reputation, you clutter inboxes, you might trigger spam filters that flag your domain. The right approach: verify without sending.
An email verifier opens an SMTP connection to the recipient's mail server and asks (essentially) "does this mailbox exist?" without actually delivering anything. The mail server responds yes/no. You learn which permutation is real before any email leaves your account.
Our free email verifier gives you 3 verifications per day with no signup. For higher-volume work, the 200 free credits on signup cover most permutator follow-ups.
Email permutator vs email finder
Both tools target the same problem ("what's this person's email?") but solve it differently. Knowing which to reach for saves time.
An email permutator generates plausible patterns and hands you a list to verify. It works for anyone — no database lookup, no API key. Free, instant, unlimited.
An email finder queries a third-party database (Hunter, Apollo, Snov, RocketReach) that's already scraped or sourced the person's email. When it has the record, you get a direct answer. When it doesn't (which is most cases for niche industries, smaller companies, or recent hires), you're back to permutating.
Practical rule: try the permutator + verifier first. It's free and fast. Fall back to a paid email finder only when you've exhausted plausible patterns or you're chasing someone whose company has a non-obvious format.
Is guessing emails legal?
Generating a permutation is just doing math on a name — completely legal everywhere. Sending unsolicited email to the resulting addresses is where regulation kicks in.
In the US, CAN-SPAM allows unsolicited B2B outreach if you include a clear sender identity, a real physical address, and a working unsubscribe link. In the EU and UK, GDPR + PECR require either explicit opt-in or a "legitimate interest" justification that holds up under scrutiny. Canada's CASL is the strictest — you generally need express consent before the first message.
What's universally OK: looking up a publicly-listed business contact (CEO, head of sales, press), generating their email, verifying it exists, and sending one personalized, opt-out-respecting message. What's not OK anywhere: bulk-blasting unverified generated addresses with generic copy.
Related Free Tools
Email Verifier
Same engine paying customers use. 3 free verifications a day.
Open toolEmail Syntax Checker
Catch invalid email syntax with RFC 5322 validation, typo detection, and per-email error reasons. Bulk-paste up to 10,000 addresses.
Open toolEmail Format Checker
Audit an email list against your expected format pattern. Flag who doesn't conform, see the dominant pattern, export the report.
Open toolEmail Extractor
Paste a document, webpage, or any text — pull out every email address inside. Dedup, sort, filter by domain.
Open toolFrequently Asked Questions
Common questions about email permutation, verification, and outreach laws.
A tool that takes a person's name + company domain and generates every common email pattern that domain might use. You get a list of plausible addresses (e.g. first.last@, flast@, first@), ranked by how often each pattern is the real one across all business emails. It's the fast way to narrow down someone's email when their address isn't published.
On its own, a permutator doesn't tell you THE answer — it gives you 15-20 candidates. The accuracy comes from pairing it with a verifier. Hunter's research shows roughly 75% of business emails use one of the top 4 patterns (first.last@, flast@, first@, firstlast@). Try those four through our verifier and you'll find the real address most of the time.
Gmail treats dots in the local part as cosmetic. The mailboxes kevin.smith@gmail.com, kevinsmith@gmail.com, and kev.in.smith@gmail.com all deliver to the same Gmail account. Other providers (Yahoo, Outlook, Hotmail) keep dots as significant — different dot placement equals different mailbox. Our permutator dedups Gmail patterns automatically so you don't waste time trying "different" addresses that hit the same inbox.
Generating a permutation is legal — it's just string concatenation on a name. Sending unsolicited messages to the result is where laws kick in. CAN-SPAM (US) requires sender ID, physical address, and working unsubscribe. GDPR + PECR (EU/UK) want explicit consent or documented legitimate interest. CASL (Canada) requires express consent before the first message. Practically: looking up a publicly-listed business contact and sending one personalized message is fine almost everywhere. Bulk-blasting generated addresses is not.
Most companies use one of the top 10 patterns. The exceptions are usually mid-sized firms that chose something unusual (e.g. department prefixes like sales.kevin@, or full-name underscored like kevin_smith@). For those, your best path is to find ONE confirmed email at the company (LinkedIn, press release, support page), reverse-engineer the format, then apply that format to your target. The permutator is great for top-90%-format companies; below that you need a sample.
Use our [Email Verifier](/tools/email-verifier). Paste the top candidates one at a time. The verifier opens an SMTP conversation with the recipient mail server and asks whether the mailbox exists, without actually delivering any email. The address that comes back `Safe` is the real one. Three free verifications per day with no signup, or sign up free for 200 credits.
Yes, with the right discipline. Generate patterns, verify them, send to the verified address with a clear sender identity and unsubscribe option. Don't send to all 20 generated patterns — that's not cold outreach, that's spamming. Verify first, send to the one real address, follow the relevant law for your geography (CAN-SPAM, GDPR, CASL).
Hunter and similar tools query a database of emails they've scraped or sourced from third parties. When they have a record, they hand it to you. When they don't (which is often), they fall back to permutation — same as us. We skip the database step and go straight to permutation, which means we work for anyone whose name + domain you have, without paid lookups. The trade-off: you verify the candidates yourself rather than getting a single direct answer.
Still have questions?
Contact our support team →Found a likely email?
Verify it before you send.
Our free Email Verifier confirms which permutation is the real address — without sending anything. 200 free credits with no card on signup.
3 free verifications/day · No signup required