Email fingerprinting


I’ve had a lot of people ask me about what I mean by email fingerprinting. It means that I’m able to tell these 4 emails were all sent by the same entity. The domains are (mostly) different, the To: addresses are different, but I get hundreds of these emails a day.

Image of one email advertising email marketing

Image of 2nd email advertising nursing school
Image of email advertising letters to Santa
Email advertising business cash advance

Different domains, different products, different to: addresses, different sending IPs. But clearly the same sender for all of them. The domains rotate every few hours, so I get a set from the same domain. Sometimes they are reused. The domain “” was used for 17 mails on April 5, 2011, 4 emails on August 23, 2011 and 28 mails on December 1.
It’s all spam. I never signed up to receive offers from this mailer. And ISPs are as good as identifying patterns in sending as I am. This spammer knows that, hence the large amounts of text hidden inside the emails trying to fool the filters.
Fingerprinting is a way of identifying that the above four emails (and their 10s of thousands of friends) are all from the same entity and are all spam. The ISPs don’t need to rely on the domains or the links in the emails. There doesn’t need to be any consistency in the content of the mail, the structure is enough to let filters know it’s all spam.

About the author

1 comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By laura

Recent Posts


Follow Us