Mainframe, MVS and zOS Discussion

Checking whether an email address is **fake, disposable, or risky** can be done in several ways depending on how deep you want to go. Here are the most common and reliable methods.

---

## 1. Check the Email Domain

Look at the part **after the @**.

Example:
`john123@mailinator.com` → domain = `mailinator.com`

Some domains are **known disposable email providers**, often used for fake sign-ups.

Common ones include:

* `mailinator.com`
* `10minutemail.com`
* `guerrillamail.com`
* `tempmail.com`
* `yopmail.com`

You can:

* Google the domain (e.g., *“mailinator.com disposable email”*)
* Check lists of disposable domains on GitHub or security sites.

---

## 2. Verify the Domain Exists (DNS / MX Records)

Real email domains must have **MX records** (Mail Exchange servers).

Ways to check:

* Online tools like:

  * MXToolbox
  * DNSChecker
* Command line:

```
nslookup -type=mx domain.com
```

If **no MX records exist**, the email likely cannot receive messages.

---

## 3. Use Email Verification Services

These services test whether the mailbox is valid and detect disposable addresses.

Popular tools:

* NeverBounce
* ZeroBounce
* Hunter
* VerifyEmailAddress
* Kickbox

They check things like:

* mailbox existence
* disposable domains
* spam traps
* role accounts (`admin@`, `support@`)

---

## 4. Check for Disposable Email Providers

Disposable emails are often used for fake registrations.

You can check against databases such as:

* Disposable email domain lists
* Temp email provider databases
* APIs like:

  * Kickbox API
  * Abstract Email Validation API

These compare the domain against **thousands of known temporary services**.

---

## 5. Send a Verification Email

The simplest method for many systems.

Steps:

1. User enters email
2. System sends verification link
3. Account activates only if the link is clicked

Fake or temporary emails usually:

* expire quickly
* never get verified

---

## 6. Look for Suspicious Patterns

Fake emails often look like:

```
asdkj123123@test.com
test123456789@mail.com
qwerty987@gmail.com
```

Signs:

* random characters
* extremely long numbers
* unusual domains

---

## 7. SMTP Mailbox Check (Advanced)

Some verification tools connect to the **SMTP server** to test if the mailbox exists without sending email.

Example logic:

* connect to mail server
* simulate sending
* check if server accepts the address

Not always reliable because many servers block this.

---

**Best real-world approach:**
Use a combination of:

1. Disposable domain check
2. MX record check
3. Email verification API
4. Email confirmation link

---

If you want, I can also show:

* **How websites detect fake emails automatically**
* **How to validate emails in Python / JavaScript**
* **A list of 50+ disposable email domains to block**.Websites usually don’t rely on just one method to detect fake emails. Instead, they combine several automated checks to score whether an email is valid, disposable, suspicious, or risky. Here’s how most modern systems do it. 1. Email Format ValidationThe first step is checking whether the email follows the correct structure.Typical format rule:

Code: Select all

username@domain.com

Most sites use a regex check to filter obvious fakes.Example JavaScript validation:

Code: Select all

const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
emailRegex.test(email);

This detects:

• missing

  Code: Select all

  @

• missing domain
• invalid characters

This only checks syntax, not whether the email exists.2. Disposable Email DetectionMany fake accounts use temporary email services.Examples:

• 10minutemail
• Mailinator
• GuerrillaMail
• TempMail
• YOPmail

Websites keep large blocklists of thousands of disposable domains.Example check:

Code: Select all

if (domain in disposableDomainList) {
    rejectEmail();
}

Large services maintain 100k+ disposable domains.3. DNS / MX Record CheckA real email domain must have mail servers (MX records).Automated systems check DNS:

Code: Select all

gmail.com → has MX records
fake-domain-12345.com → no MX records

If no MX records exist, the email cannot receive mail.This removes many fake domains instantly.4. SMTP Mailbox VerificationSome services simulate sending an email without actually delivering it.Steps:

1. Connect to mail server
2. Pretend to send message
3. Ask server if mailbox exists

Example flow:

Code: Select all

HELO
MAIL FROM:test@test.com
RCPT TO:user@example.com

If the server responds "user not found", the email is invalid. Many providers (like Gmail) block this to prevent abuse.5. Email Reputation ScoringAdvanced systems calculate a risk score.They analyze:

• domain age
• domain reputation
• spam trap lists
• known abusive domains

Example scoring:CheckResult

Disposable domain	High risk
Newly registered domain	Suspicious
Corporate domain	Low risk

6. Behavior AnalysisWebsites also look at user behavior.Suspicious patterns include:

• hundreds of accounts from same IP
• signups in seconds
• same email pattern (

  Code: Select all

  test1

  ,

  Code: Select all

  test2

  ,

  Code: Select all

  test3

  )
• VPN or proxy usage

Many platforms combine this with:

• IP reputation
• device fingerprinting
• geolocation

7. Verification EmailsThe most reliable method is email confirmation.Process:

1. User enters email
2. Site sends verification link
3. User must click link

Example:

Code: Select all

https://site.com/verify?token=abc123

If not verified → account remains inactive.8. AI / Machine Learning DetectionLarge platforms use machine learning to detect fake accounts.Signals used:

• signup speed
• typing patterns
• IP reputation
• device fingerprint
• email domain risk

Companies like Google, Meta, and Stripe use these systems.9. Catching Role-Based EmailsSome websites block generic emails such as:

• Code: Select all

  admin@

• Code: Select all

  support@

• Code: Select all

  info@

• Code: Select all

  sales@

These often belong to shared mailboxes rather than real users.Example: Typical Real Website PipelineA modern signup system might check:

Code: Select all

1. Email format
2. Disposable domain
3. MX record
4. Domain reputation
5. IP reputation
6. Behavior analysis
7. Email verification link

Only after passing these does the account activate. Most accurate detection stack used by companies:

• Email validation library
• Disposable email database
• DNS / MX check
• Verification email
• Behavior analysis

If you're curious, I can also show you:

• How big platforms like Google detect fake accounts
• How to build your own fake-email detector
• How scammers bypass email verification systems (very interesting).