How does the anti-fraud system work?
Making sure people don't cheat the system is extremely important at Maître. While 100% protection is not possible (in technology some people will always find a way to game the system), our goal is to make sure that we are always a step ahead of cheaters.
In this article you will learn how Maître's Anti-fraud algorithms work and how they protect you.
Maître's Anti-fraud algorithm (MAFA) consists of 5 layers of security check-points.
- 1st layer. The first thing we do is to check whether the email address entered is formatted properly and it is not an alias. Why not? Because aliases are the easiest way to create unlimited free email addresses. If we allowed aliases people could just refer themselves forever.
- 2nd layer. After that, Maître does a MX records check-up to make sure the domain exists. For example, if the email entered is "firstname.lastname@example.org", our system will make sure that the domain myamazingwebsite.com actually exists and is not associated with malicious activity.
- 3rd layer. If the domain exists, we check if the domain is in our database of over 8,000 known disposable domains. We use a combination of third parties and an internal database, to make sure it's always up to date.
- 4th layer. If the email looks legit we compare it against subscribers who have signed up before with the same IP address. Whilst having the same IP address is not necessarily a sign of cheating (read more below), it's one of the markers that we use to flag a potential cheater.
- 5th layer. If the email has been flagged as potentially fraudulent, we then do a behavioural analysis on the similar emails. A behavioural analysis aims to seek a specific set of patterns used by cheaters. For example, cheaters tend to sign up with fake emails over a short period of time. Genuine referrals usually take some time to pile up.
Do you block subscribers that use the same IP address?
No, we don't. IP address is only one of the many factors that we analyse. However alone it’s not enough. The simple reason is that a lot of offices or co-working spaces use a single IP address.
Is your algorithm perfect?
As you can see, the system is not perfect and never it will be. New websites and disposable domain services are created every day and sometimes it will happen that a few of them are used before we catch them.
Can I see which emails have been flagged?
We currently don't allow that, but we might add this feature in the future.
Does your algorithm work when I use your APIs?
The first 3 layers will work, but not the 4th and 5th.