Re: List of fake email addresses spammers use?

[ha...@t-online.de]

>> 
>> Spammers often spoof fake email addresses when sending email, eg
>> "Patrycjaeaoeqse@lycos.comPatrycjaeaoeqse@lycos.com". It's easy to tell this address is fake:
>> 
>> > host -t mx lycos.com
>> lycos.com mail is handled by 10 rmail-alt2.lycosmail.lycos.com.
>> lycos.com mail is handled by 5 rmail.lycosmail.lycos.com.
>> lycos.com mail is handled by 10 rmail-alt1.lycosmail.lycos.com.
>> 
>> > telnet rmail-alt2.lycosmail.lycos.com 25
>> Trying 209.202.208.36...
>> Connected to rmail-alt2.lycosmail.lycos.com.
>> Escape character is '^]'.
>> 220 bos-mail-rmail16.bos.lycos.com ESMTP welcome to Lycos(tm) ready
>> HELO gmail.com
>> 250 bos-mail-rmail16.bos.lycos.com Hello [...], pleased to meet you
>> MAIL FROM: <te...@gmail.com>
>> 250 2.1.0 <te...@gmail.com>... Sender ok
>> RCPT TO: <Pa...@lycos.com>
>> 550 5.1.1 68.54.9.190: No such user: <Pa...@lycos.com>
>> QUIT
>> 221 2.0.0 bos-mail-rmail16.bos.lycos.com closing connection
>> Connection closed by foreign host.
>> 
>> But this is network-intensive to do for *every* incoming email (and no
>> one supports "VRFY" anymore). Has someone compiled a list of "fake
>> addresses used by spammers"?
>> 

Hi,

this sort of looks like an artificial intelligence problem to me.....
Have a look at which names people choose for their email accounts:
a) personal name, trying to follow schemes like
firstletterlastname
firstletter.lastname
firstname.lastname
b) nickname, releated to occupation, role
while occasionally names of celebrities appear in that category, I would expect mostly words found
in a common dictionary, or at least parts of the name in a common dictionary
Either of these may be modified, often by adding digits at the end. The "suggest a name"
algorithms at some mail sites could be used
c) company emails: some companies actually assign "gibberish" names to their employees.
These names would be all of about the same length, which in turn would be somehow related
to the size of the company.

Now, if a mail arrives from
"Michelle Sinclair" <Pa...@lycos.com>
the first step would be to determine that lycos emails dont fall into category c, but that adding
digits at the end would be normal.
Then, none of the schemes in a, even without adding extra stuff at the end, would match the email ...
and it is not in a dictionary of common words either.

Special attention should be given to situations where the display name ane email address
belong to different languages. While it is possible for a person with an english name to have
an account at, e.g., posta.ru, an english display name along with a russian sounding mailbox name
seems odd.

BTW: if it were not for some mail clients to show the display name more prominently (or even hide
the mail address), mail recipients would probably consider mails with display name
inconsistencies as trash themselves....

Wolfgang Hamann