Enter a name and a company domain. Every combination is generated instantly, right in your browser. Nothing is uploaded or stored.
What is an email permutator, exactly?
An email permutator does not know anyone's real email address. It takes the two or three pieces of information you already have, a person's name and their company's domain, and mechanically builds every address pattern a company might plausibly use: john.doe@, jdoe@, doe.john@, and so on. The output is a list of candidates, not a confirmed result.
That distinction matters. A permutator is a generator. An email finder, like the one built into Overloop, is a verifier that checks each candidate against real mailbox and deliverability signals across a 450M-contact database and returns the one that is actually live. Treating a permutator's output as verified is the single most common way outbound teams end up with a bounce-heavy list.
If you are starting with nothing but a name, no domain and no company, a permutator will not help yet. See our guide to finding anyone's email address for the broader set of methods, of which pattern guessing is only one.
How does an email permutator work?
Under the hood, a permutator does three things in order:
- Sanitize the inputs. Strip spaces and accents, drop anything that is not a letter, and lowercase everything, since email local-parts are effectively case-insensitive in practice and companies rarely publish an address with a hyphenated middle name intact.
- Build combinations. Recombine the first name, last name, and their initials using the handful of separators companies actually use: a dot, an underscore, a hyphen, or nothing at all. That is where the "25+ patterns" in the tool above come from: it is not 30 random guesses, it is every realistic building block applied systematically.
- Append the domain and deduplicate. Each local-part gets combined with the domain, per the local-part@domain structure defined in RFC 5321, and duplicates are removed.
What a permutator cannot do is tell you which pattern the company actually uses, whether the mailbox exists, or whether the person left the company six months ago. It also cannot handle edge cases like nicknames (Bill for William), married names, or a domain that uses a completely nonstandard scheme. For all of that, you need a verification step, which is what the rest of this guide covers.
One shortcut worth knowing: if you can find one confirmed address at a company, from an email signature, a press release, or a LinkedIn profile that lists a contact email, every other person at that domain almost certainly follows the exact same pattern. You only need to crack the format once per company.
The most common corporate email formats
There is no public registry of who uses which format. But the patterns below are the ones email-finding tools like Overloop see most often when checking millions of verified domains, listed in roughly descending order of how frequently they show up. Use this as a starting point, not a guarantee, since any individual company can and does deviate.
| Pattern | Example (Ada Lovelace @ company.com) | How common |
|---|---|---|
| first.last | ada.lovelace@company.com | Most common, the default at most mid-size and large companies |
| flast | alovelace@company.com | Very common, especially at larger organizations with shorter mailbox conventions |
| firstlast | adalovelace@company.com | Common |
| first | ada@company.com | Common at startups and small teams |
| first_last | ada_lovelace@company.com | Occasional, more common in tech and engineering-heavy cultures |
| f.last | a.lovelace@company.com | Occasional |
| last | lovelace@company.com | Occasional, common in some European and government domains |
| first-last | ada-lovelace@company.com | Rare |
| lastf | lovelacea@company.com | Rare |
| fl (initials only) | al@company.com | Rare outside of very large enterprises |
If a company sits in a regulated or government-adjacent sector, or has a strong internal IT policy, format consistency tends to be higher, which is exactly why the pattern-crack-once approach above works so well there.
How the dominant format shifts by company size
Pattern popularity is not static, it moves in a predictable direction as headcount grows. Solo operators lead with a first-name-only address, mid-size companies shift to first-initial-plus-last-name, and anything past 1,000 employees standardizes on first.last:
| Company size | Dominant pattern | Share |
|---|---|---|
| 1 to 10 employees | first@ | 71.5% |
| 11 to 50 employees | first@ | 41.9% |
| 51 to 200 employees | flast@ | 41.8% |
| 201 to 500 employees | flast@ | 44.8% |
| 1,001 to 5,000 employees | first.last@ | 48.1% |
| 10,001+ employees | first.last@ | 56.3% |
Email permutator vs email finder: which should you use?
They solve different problems, and honestly, most people reach for the wrong one. A permutator is free and instant but produces guesses. A finder like Overloop's costs credits (or comes with a plan) but returns a verified result, checked against a live database instead of pattern logic alone.
| Aspect | Email permutator | Email finder (Overloop) |
|---|---|---|
| Cost | Free | Uses credits, part of a paid plan |
| Output | 20-35 unverified candidates | One verified address, or none if it cannot confirm |
| Bounce risk | High if you send to the guess directly | Low, addresses are checked before you get them |
| Best for | A single contact, when you plan to verify manually before sending | Lists, campaigns, and anything going through a sequence at scale |
| Speed at scale | Slow, one person at a time, then manual verification | Fast, built for finding and verifying hundreds of contacts |
Use a permutator when you have one person to email, some tolerance for manual double-checking, and no budget. Use a finder the moment you are sending to more than a handful of people, since the bounce cost of guessing wrong scales with your list size, and a damaged sender reputation is far more expensive to fix than a few verification credits.
How to verify a guessed email address
Once the tool above hands you a shortlist, do not send to all of it. Narrow it down first.
- Check the domain itself. Confirm it resolves and has valid MX records; a domain typo kills every pattern built on top of it before you even start.
- Run an SMTP-level check. This is what verification tools do under the hood, a low-level handshake with the mail server that confirms whether a specific mailbox exists without actually sending a message. Our email verification API guide covers how this works if you want to build the check yourself.
- Cross-reference a known pattern. If you can confirm one person's real address at the company, from a signature, a press page, or their LinkedIn profile, apply that exact same pattern to everyone else at the domain.
- Work backward from an address you already have. If you are unsure who owns an address rather than what a person's address is, a reverse email lookup answers the opposite question and can confirm a guess indirectly.
- If you must send without full verification, send small first. Test a handful of contacts and watch the bounce rate before scaling to the rest of the list.
The reason step five matters more than people think: bounces are not a neutral outcome, they are a signal mailbox providers actively track. Google's bulk sender guidelines, in effect since February 2024, require senders of 5,000+ daily messages to keep their spam-complaint rate below 0.3%, and undeliverable addresses are one of the fastest ways to trigger spam filtering and, eventually, blocklisting. A list built entirely from unverified permutations, sent without checking, is one of the more reliable ways to get there. For the fuller picture on protecting sender reputation, see our guide to improving email deliverability.
Stop guessing. Start verifying.
Overloop's email finder checks a name and domain against a 450M-contact database and returns the one address that is actually live, no permutation list required.
Try Overloop free →See features