Subdomain Verification for Email Authentication


As people who work to stop fraud, we know that it's really important to make sure an email address is real. A good way to check email addresses helps us tell the difference between real emails and junk mail. This article suggests a simple but clever way to check email addresses by looking at their subdomains.

Problem Definition:

An inherent challenge in email validation is distinguishing real corporate emails from junk or malicious mail. Often, our conventional techniques for email verification fail to pinpoint these nuances, leading to either false negatives or positives.

One frequently overlooked characteristic is the presence of subdomains in corporate domain email addresses. A corporate domain email is highly likely to have various subdomains to facilitate various business-related services. These could range from virtual private network (VPN) endpoints, drives, email servers to other proprietary company services.

Problem Resolution:

The method to counter this issue lies in checking if a domain has subdomains. For this, we can utilize the SecurityTrails Subdomains API service. The API allows for a thorough check of subdomains related to a given email address.

In our decision flow, we can initiate the process by calling the SecurityTrails Subdomains API to check for subdomains linked to the domain. Subsequently, rules are executed based on the results of this domain check. The presence of subdomains can be a strong indicator that the domain belongs to a legitimate corporate entity, thus improving our email verification process.

Proposed Rules for the Fraud Rule Engine:

To make this solution practical, it is crucial to integrate it into the existing fraud rule engine. Here are some rules that can be implemented:

  • Data source call: Make an initial call to SecurityTrails Subdomains API to check for the presence of subdomains associated with the domain from the email address.
  • Rule 1: If no subdomains are found, the email address could be flagged as potentially fraudulent.
  • Rule 2: If subdomains are detected, run additional checks for common business-related subdomains such as 'vpn', 'email', 'drive', etc.
  • Rule 3: If none of these business-related subdomains are found, again flag the email address as potentially fraudulent.
  • Rule 4: If these business-related subdomains are present, validate the email as legitimate.

This strategic approach of using subdomains as a criterion for email validation helps us discern the genuine corporate emails from junk mail. Incorporating these rules in the fraud rule engine will significantly enhance the accuracy of our email verification process, leading to a more effective antifraud practice.

Manage antifraud rules
using Decisimo.

Published: 2023-07-06