Spammers often spoof fake email addresses when sending email, eg "[EMAIL PROTECTED]". It's easy to tell this address is fake:
host -t mx lycos.com
lycos.com mail is handled by 10 rmail-alt2.lycosmail.lycos.com. lycos.com mail is handled by 5 rmail.lycosmail.lycos.com. lycos.com mail is handled by 10 rmail-alt1.lycosmail.lycos.com.
telnet rmail-alt2.lycosmail.lycos.com 25
Trying 209.202.208.36... Connected to rmail-alt2.lycosmail.lycos.com. Escape character is '^]'. 220 bos-mail-rmail16.bos.lycos.com ESMTP welcome to Lycos(tm) ready HELO gmail.com 250 bos-mail-rmail16.bos.lycos.com Hello [...], pleased to meet you MAIL FROM: <[EMAIL PROTECTED]> 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok RCPT TO: <[EMAIL PROTECTED]> 550 5.1.1 68.54.9.190: No such user: <[EMAIL PROTECTED]> QUIT 221 2.0.0 bos-mail-rmail16.bos.lycos.com closing connection Connection closed by foreign host. But this is network-intensive to do for *every* incoming email (and no one supports "VRFY" anymore). Has someone compiled a list of "fake addresses used by spammers"? Something like what joewin.de's done for 419 scammers and spamvertised domains?: http://www.joewein.de/sw/bl-text.htm#urls