spammers, I give up

Other Mainframe related questions which attracts you and there is no suitable Forum you find for it and related FAQs.
Forum rules
Post Reply Previous topicNext topic
User avatar
enrico-sorichetti
Global Moderator
Global Moderator
Posts: 855
Joined: Wed Sep 11, 2013 3:57 pm
Greenland

spammers, I give up

Post by enrico-sorichetti »

it is quite distressing to see that NOTHING is being done about spammers

here is the answer I got from chatgpt
Checking whether an email address is **fake, disposable, or risky** can be done in several ways depending on how deep you want to go. Here are the most common and reliable methods. 📧🔍

---

## 1. Check the Email Domain

Look at the part **after the @**.

Example:
`john123@mailinator.com` → domain = `mailinator.com`

Some domains are **known disposable email providers**, often used for fake sign-ups.

Common ones include:

* `mailinator.com`
* `10minutemail.com`
* `guerrillamail.com`
* `tempmail.com`
* `yopmail.com`

You can:

* Google the domain (e.g., *“mailinator.com disposable email”*)
* Check lists of disposable domains on GitHub or security sites.

---

## 2. Verify the Domain Exists (DNS / MX Records)

Real email domains must have **MX records** (Mail Exchange servers).

Ways to check:

* Online tools like:

  * MXToolbox
  * DNSChecker
* Command line:

```
nslookup -type=mx domain.com
```

If **no MX records exist**, the email likely cannot receive messages.

---

## 3. Use Email Verification Services

These services test whether the mailbox is valid and detect disposable addresses.

Popular tools:

* NeverBounce
* ZeroBounce
* Hunter
* VerifyEmailAddress
* Kickbox

They check things like:

* mailbox existence
* disposable domains
* spam traps
* role accounts (`admin@`, `support@`)

---

## 4. Check for Disposable Email Providers

Disposable emails are often used for fake registrations.

You can check against databases such as:

* Disposable email domain lists
* Temp email provider databases
* APIs like:

  * Kickbox API
  * Abstract Email Validation API

These compare the domain against **thousands of known temporary services**.

---

## 5. Send a Verification Email

The simplest method for many systems.

Steps:

1. User enters email
2. System sends verification link
3. Account activates only if the link is clicked

Fake or temporary emails usually:

* expire quickly
* never get verified

---

## 6. Look for Suspicious Patterns

Fake emails often look like:

```
asdkj123123@test.com
test123456789@mail.com
qwerty987@gmail.com
```

Signs:

* random characters
* extremely long numbers
* unusual domains

---

## 7. SMTP Mailbox Check (Advanced)

Some verification tools connect to the **SMTP server** to test if the mailbox exists without sending email.

Example logic:

* connect to mail server
* simulate sending
* check if server accepts the address

⚠️ Not always reliable because many servers block this.

---

✅ **Best real-world approach:**
Use a combination of:

1. Disposable domain check
2. MX record check
3. Email verification API
4. Email confirmation link

---

💡 If you want, I can also show:

* **How websites detect fake emails automatically**
* **How to validate emails in Python / JavaScript**
* **A list of 50+ disposable email domains to block**.Websites usually don’t rely on just one method to detect fake emails. Instead, they combine several automated checks to score whether an email is valid, disposable, suspicious, or risky. Here’s how most modern systems do it. 🔍📧1. Email Format ValidationThe first step is checking whether the email follows the correct structure.Typical format rule:

Code: Select all

username@domain.com
Most sites use a regex check to filter obvious fakes.Example JavaScript validation:

Code: Select all

const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
emailRegex.test(email);
This detects:
  • missing

    Code: Select all

    @
  • missing domain
  • invalid characters
⚠️ This only checks syntax, not whether the email exists.2. Disposable Email DetectionMany fake accounts use temporary email services.Examples:
  • 10minutemail
  • Mailinator
  • GuerrillaMail
  • TempMail
  • YOPmail
Websites keep large blocklists of thousands of disposable domains.Example check:

Code: Select all

if (domain in disposableDomainList) {
    rejectEmail();
}
Large services maintain 100k+ disposable domains.3. DNS / MX Record CheckA real email domain must have mail servers (MX records).Automated systems check DNS:

Code: Select all

gmail.com → has MX records
fake-domain-12345.com → no MX records
If no MX records exist, the email cannot receive mail.This removes many fake domains instantly.4. SMTP Mailbox VerificationSome services simulate sending an email without actually delivering it.Steps:
  1. Connect to mail server
  2. Pretend to send message
  3. Ask server if mailbox exists
Example flow:

Code: Select all

HELO
MAIL FROM:test@test.com
RCPT TO:user@example.com
If the server responds "user not found", the email is invalid.⚠️ Many providers (like Gmail) block this to prevent abuse.5. Email Reputation ScoringAdvanced systems calculate a risk score.They analyze:
  • domain age
  • domain reputation
  • spam trap lists
  • known abusive domains
Example scoring:CheckResult
Disposable domainHigh risk
Newly registered domainSuspicious
Corporate domainLow risk
6. Behavior AnalysisWebsites also look at user behavior.Suspicious patterns include:
  • hundreds of accounts from same IP
  • signups in seconds
  • same email pattern (

    Code: Select all

    test1
    ,

    Code: Select all

    test2
    ,

    Code: Select all

    test3
    )
  • VPN or proxy usage
Many platforms combine this with:
  • IP reputation
  • device fingerprinting
  • geolocation
7. Verification EmailsThe most reliable method is email confirmation.Process:
  1. User enters email
  2. Site sends verification link
  3. User must click link
Example:

Code: Select all

https://site.com/verify?token=abc123
If not verified → account remains inactive.8. AI / Machine Learning DetectionLarge platforms use machine learning to detect fake accounts.Signals used:
  • signup speed
  • typing patterns
  • IP reputation
  • device fingerprint
  • email domain risk
Companies like Google, Meta, and Stripe use these systems.9. Catching Role-Based EmailsSome websites block generic emails such as: These often belong to shared mailboxes rather than real users.Example: Typical Real Website PipelineA modern signup system might check:

Code: Select all

1. Email format
2. Disposable domain
3. MX record
4. Domain reputation
5. IP reputation
6. Behavior analysis
7. Email verification link
Only after passing these does the account activate.✅ Most accurate detection stack used by companies:
  • Email validation library
  • Disposable email database
  • DNS / MX check
  • Verification email
  • Behavior analysis
💡 If you're curious, I can also show you:
  • How big platforms like Google detect fake accounts
  • How to build your own fake-email detector
  • How scammers bypass email verification systems (very interesting).
 
cheers
enrico
When I tell somebody to RTFM or STFW I usually have the page open in another tab/window of my browser,
so that I am sure that the information requested can be reached with a very small effort 8-)
Top
Post Reply Previous topicNext topic

Create an account or sign in to join the discussion

You need to be a member in order to post a reply

Create an account

Not a member? register to join our community
Members can start their own topics & subscribe to topics
It’s free and only takes a minute

Register

Sign in

Return to “Other Mainframe Topics, Off-Topics, FAQs.”