HomepageDashboard

Deep Email Check signals

List of the fraud checks we perform with our Deep Email Check product.

🚧

Advice

We strongly advise reading our introduction to fraud prevention before seeking in-depth information on the specifications of our deep fraud checks.

Each email address analysis we perform goes beyond simplistic deliverability or temporary domain checks.

Here is the up-to-date overview of all the email fraud checks we perform to uncover risk & trust signals:

  • Email Disposable check (code: EMAIL_DISPOSABLE)
    • This check goes above and beyond the standard checks to detect if the email address or its domain is present on any temporary email website by aggressively crawling hundreds of temp email websites and storing the data found.
    • Risk outcome example: Email is disposable and was found on https://temp-mail.org/en/
    • Trust outcome example: This email address is not disposable
  • Email Name Consistency check (code: EMAIL_NAME_CONSISTENCY)
    • This check verifies that the various online profile names linked to this email are consistent or not. For example, a risky email might have a 'Matthew' name on its Google account, but 'Simon' on Airbnb and 'Nicholas' on Skype. However, when the names match, it can be considered a powerful trust signal.
    • Risk outcome example: This email social footprint naming is not consistent: 'Matthew Pearson' on Google, 'Anita Bren' on Airbnb.
    • Trust outcome example: This phone number social footprint naming is consistent: Skype name is 'Fred', Airbnb name is 'Frederic', Google name is 'Fred Dickson'.
  • Email Deliverability check (code: EMAIL_DELIVERABILITY)
    • This check performs a deliverability check to see if the email address is valid and deliverable.
    • Risk outcome example: Email is invalid and is not deliverable
    • Trust outcome example: Email is deliverable
  • Email Alias check (code: EMAIL_ALIAS)
    • This check analyzes the email address format to detect techniques of abusive aliasing.
    • Risk outcome example: Email address is abusing common form of aliasing: [email protected]
    • Trust outcome example: This email address is not an alias and its format is clean
  • Email Blacklisted check (code: EMAIL_BLACKLISTED)
    • This check leverages OSINT to see if an email address has been blacklisted (banned) by 3rd party services such as social media websites. Many fraudsters share email addresses from primary providers (such as Gmail) to create fake accounts on various platforms such as Twitter, Instagram, etc. When one of these fake profiles gets caught and blacklisted, we gather that intelligence to flag the email as risky. This is a very effective test against any temporary email. Learn more here.
    • Risk outcome example: Email address was blacklisted by an online service.
    • Trust outcome example: This email was not blacklisted by any 3rd party services
  • Email Position Consistency check (code: EMAIL_POSITION_CONSISTENCY)
    • This check verifies that the various online profile countries and cities linked to this email are consistent or not. For example, a risky email might have an Airbnb account with United Kingdom (GB) country, but Nigeria (NG) on Google Maps reviews. However, when the country or better yet the cities match, it can be considered a very strong trust signal.
    • Risk outcome example: This email online presence location is not consistent: United-Kingdom (GB) on Airbnb, Nigeria (NG) on Google Maps, Canada (CA) on Skype.
    • Trust outcome example: This phone number online presence location is consistent: Airbnb city is Cleveland (US), Skype city is Cleveland (US).
  • Email Data Breach check (code: EMAIL_DATA_BREACH)
    • This check searches through all existing data breaches to see if the email was involved in a reasonable number of data breaches. A common mistake many fraud analysts make is to believe that the more data breach the better, but a high degree of data breach presence strongly indicates a fake email (such as [email protected], [email protected]). This check verifies that the number of data breaches the email was involved in is reasonable and a safe average.
    • Risk outcome example: Email is present in a much larger number of data breaches than usual (287 when the average is 15), indicating a shared email
    • Trust outcome example: Email is involved in 20 data breaches which is within the safe average, the first appearance being 15 years ago.
  • Email Domain check (code: EMAIL_DOMAIN)
    • If the domain is unknown (not from a mail provider such as gmail.com or outlook.com), this check, in addition to our primary Email Disposable check, will drill deep and verify that the age of the domain is appropriate, the MX records are not suspicious, the IP address is clean. Note that no trust signal will be derived from this check.
    • Risk outcome example: Email domain was registered 4 days ago, indicating a possible disposable email configuration
    • No trust signals are derived from this check.
  • Email Main Provider check (code: EMAIL_MAIN_PROVIDER)
    • Many advanced fraud rings use trustworthy email providers such as Gmail or Outlook to appear legitimate. This check verifies that the email is actually linked to an account with the provider. For example, if an email is from Gmail, we check if it is registered on Google and linked to a valid Google account. This check is compatible with all the major providers such as Gmail, Outlook, Yahoo, etc. Learn more here.
    • Risk outcome example: Email is Gmail (Google) but has no account on Google, indicating it is either fake or has been banned by Google
    • Trust outcome example: Email is Gmail (Google) and is linked to a Google account named 'Maria Thomas'.
  • Email Online Velocity check (code: EMAIL_ONLINE_VELOCITY)
    • This check verifies that the number of profiles linked to the email address is safe or unusual. For example, an email linked to 70 online profiles out of the 100+ we checked is a very suspicious pattern that indicates that the email is shared or uses a common form of random fake email such as [email protected], [email protected]... An email with an empty social footprint is also very suspicious and indicates it was freshly created. This check will return a trust signal if the email has an average and trustable number of online profiles, not too high or too low. Learn more here.
    • Risk outcome example: This email is linked to 76 online profiles, which indicates this email is shared. It is much higher than the average of 9.
    • Trust outcome example: This email is linked to 8 online profiles, a safe and reasonable number of online profiles.

Updated over 1 year ago