Skip to content

How to detect fake email addresses

G2’s Relationship Index for Fraud Protection

Get G2’s Relationship Index for Fraud Protection


Why the quality of an email name matters.

We have all stumbled across that email name which has given us pause. Aside from possibly preventing individuals from getting a job, there are several serious issues that come with a non standard email name. While a typical email account might consist of [email protected],  [email protected] or [email protected], an email account such as [email protected] or [email protected] immediately raises questions of legitimacy. While there are a few common creative tweaks to an email, such as putting a birth year or a number at the end such as Johndoe01 or johndoe1978, a randomly inserted group of numbers is highly irregular. Some might dismiss the email names as purely uncreative thinking or laziness at the time of naming, but often the answer is more insidious with potentially fraudulent results for companies as they add customers.

What goes into an email name anyway?

Most Americans have between 2-3 email accounts, and they rarely switch email services or change email account names. What this means is that the actual ‘quality’ of an email name can be factored into a fraud prevention strategy. If a customer’s user name is John Doe and the card holder name is John Doe and the email domain is [email protected], those are all consistent and strong green flags that this is a legitimate transaction. But if the email name is an odd variant, such as [email protected], one needs to take caution.

Given the longevity of a typical email account, most users put a little time into their email name to ensure that it reflects them as a person or is easily identifiable as them to individuals who might not know them. This deep analysis by the average consumer means that an email name that varies outside the norm can and should easily be identified as potential trouble. And fraudsters have plenty of tools to help generate less than meaningful names. My favorite website simply based off the bluntness from the name has to be Fake Mail, where in a matter of seconds one can set up a fake email account for whatever purpose they desire.

So I get a fake email, who cares?

Most inboxes are so inundated with unread email that many might shrug at the thought of receiving one more piece of spam mail. A fake email though is actually one of the most serious issues an business can face.  But the reality is that fraudsters most likely have stolen financial information such as credit card numbers, names, information and now are just making up email names to match their information.

For almost all ecommerce transactions, a real email address is a required part of a checkout. For an increasing number of websites, a user profile is required before a checkout can even occur. Clicking the link inside the email that an individual receives from an online store typically is the ‘verification’ that this is indeed a real account with a real user. But is that enough? Signifyd’s answer is, “No”. Known as a ‘Brute Force Attack’, hackers set up bots to generates hundreds of thousands of emails for their illegally purchased email lists to achieve an account takeover. Videos showing users how to hack even the smallest of companies for email passwords have even popped up on Youtube. Understanding how proxy servers work as well as detecting IP addresses is a critical element in safeguarding your legitimate email accounts alongside detecting fake addresses.

How can I make a trustworthy assessment of an email name?

On the surface, a name alone is enough to warrant a search but not enough to make a final decision. Through our cross merchant records, Signifyd has been able to create algorithms based off of our email databases to autodetect for merchants what names look suspicious and what names fall inside the norm based off the user name and card holder name.

Interestingly enough, another sure fire tactic to test the validity of a suspect email account is the longevity of it. Many fraudsters will create a dummy email account just as they are about to make a purchase, and often times when they use the email in their attempts to defraud a merchant online it will be the first time it was used. Once an email address is associated with a fraudulent transaction, any further attempts to use it will be in vain as Signifyd can highlight the illicit history of that particular account. This is often why merchants will see [email protected] because Johndoe01, Johndoe02 and Johndoe03 have already been flagged as fraudulent accounts. Therefore if [email protected] goes through a merchant’s system, and this is the first time it has ever been seen, the combination of the unusual email name and the fact that the email was just created highly suggests that this account is about to be used for illegal activity.

Final thoughts

Being on the lookout for suspicious email names and accounts is often one of the first steps in the fraud prevention process that a merchant can take, but it is one of the most important. A real consumer is typically adverse to change and can spend years with a single email provider, where as fraudsters are always on the move. Understanding the quick pace of how fraudsters can quickly set up shop is important when deciding what accounts to accept and what accounts to decline for your online store. If you have any further questions about email names, fraud in general or want to learn more about Signifyd please reach out to us at [email protected] or at [email protected] Thanks for reading!



Signifyd, the leading commerce protection provider to Digital Commerce 360's top 1,000 merchants, provides an end-to-end Commerce Protection Platform that leverages its Commerce Network to maximize conversion, automate customer experience and eliminate fraud and customer abuse for retailers.