Skip to content

feat(heuristics): add Fake Email analyzer to validate maintainer email domain #1106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(heuristics): add Fake Email analyzer to validate maintainer email domain #1106

wants to merge 1 commit into from
+273 −0

Conversation

AmineRaouane
Copy link
Member

@AmineRaouane AmineRaouane commented Jun 16, 2025
edited
Loading

Summary

This PR adds a new heuristic analyzer called FakeEmailAnalyzer. It verifies the validity of maintainer email addresses listed in a PyPI package by checking both the format and the existence of MX records for their domains. This helps detect packages with fake or throwaway emails, which are often indicative of malicious intent.

Description of changes

  • Implemented FakeEmailAnalyzer that:
    • Validates email format using a regex.
    • Verifies the existence of MX records for the email domain via DNS resolution.
  • Updated detect_malicious_metadata_check.py to include and invoke this new analyzer.
  • The analyzer handles DNS errors and skips analysis if no email is present.
  • The logical reason for combining quickUndetailed with a failed(Heuristics.FAKE_EMAIL.value) is that a package that is rushed onto a platform by someone using a fake email address points to an actor who may be trying to quickly distribute a package while obscuring their identity and avoiding being investigated.

Related issues

None

Checklist

  • I have reviewed the contribution guide.
  • My PR title and commits follow the Conventional Commits convention.
  • My commits include the "Signed-off-by" line.
  • I have signed my commits following the instructions provided by GitHub. Note that we run GitHub's commit verification tool to check the commit signatures. A green verified label should appear next to all of your commits on GitHub.
  • I have updated the relevant documentation, if applicable.
  • I have tested my changes and verified they work as expected.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Jun 16, 2025
@AmineRaouane AmineRaouane force-pushed the fake-emails-heuristic branch from c6f35f7 to 8d29103 Compare June 16, 2025 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@behnazh-w behnazh-w Awaiting requested review from behnazh-w behnazh-w is a code owner

@tromai tromai Awaiting requested review from tromai tromai is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AmineRaouane