>> >> Spammers often spoof fake email addresses when sending email, eg >> "[EMAIL PROTECTED]@lycos.com". It's easy to tell this address is fake: >> >> > host -t mx lycos.com >> lycos.com mail is handled by 10 rmail-alt2.lycosmail.lycos.com. >> lycos.com mail is handled by 5 rmail.lycosmail.lycos.com. >> lycos.com mail is handled by 10 rmail-alt1.lycosmail.lycos.com. >> >> > telnet rmail-alt2.lycosmail.lycos.com 25 >> Trying 209.202.208.36... >> Connected to rmail-alt2.lycosmail.lycos.com. >> Escape character is '^]'. >> 220 bos-mail-rmail16.bos.lycos.com ESMTP welcome to Lycos(tm) ready >> HELO gmail.com >> 250 bos-mail-rmail16.bos.lycos.com Hello [...], pleased to meet you >> MAIL FROM: <[EMAIL PROTECTED]> >> 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok >> RCPT TO: <[EMAIL PROTECTED]> >> 550 5.1.1 68.54.9.190: No such user: <[EMAIL PROTECTED]> >> QUIT >> 221 2.0.0 bos-mail-rmail16.bos.lycos.com closing connection >> Connection closed by foreign host. >> >> But this is network-intensive to do for *every* incoming email (and no >> one supports "VRFY" anymore). Has someone compiled a list of "fake >> addresses used by spammers"? >>
Hi, this sort of looks like an artificial intelligence problem to me..... Have a look at which names people choose for their email accounts: a) personal name, trying to follow schemes like firstletterlastname firstletter.lastname firstname.lastname b) nickname, releated to occupation, role while occasionally names of celebrities appear in that category, I would expect mostly words found in a common dictionary, or at least parts of the name in a common dictionary Either of these may be modified, often by adding digits at the end. The "suggest a name" algorithms at some mail sites could be used c) company emails: some companies actually assign "gibberish" names to their employees. These names would be all of about the same length, which in turn would be somehow related to the size of the company. Now, if a mail arrives from "Michelle Sinclair" <[EMAIL PROTECTED]> the first step would be to determine that lycos emails dont fall into category c, but that adding digits at the end would be normal. Then, none of the schemes in a, even without adding extra stuff at the end, would match the email ... and it is not in a dictionary of common words either. Special attention should be given to situations where the display name ane email address belong to different languages. While it is possible for a person with an english name to have an account at, e.g., posta.ru, an english display name along with a russian sounding mailbox name seems odd. BTW: if it were not for some mail clients to show the display name more prominently (or even hide the mail address), mail recipients would probably consider mails with display name inconsistencies as trash themselves.... Wolfgang Hamann
