Skip to content

feat(heuristics): add Fake Email analyzer to validate maintainer email domain #1106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Aug 5, 2025
Merged

feat(heuristics): add Fake Email analyzer to validate maintainer email domain #1106

merged 7 commits into from
Aug 5, 2025

Conversation

@AmineRaouane
Copy link
Member

@AmineRaouane AmineRaouane commented Jun 16, 2025
edited
Loading

Summary

This PR adds a new heuristic analyzer called FakeEmailAnalyzer. It verifies the validity of maintainer email addresses listed in a PyPI package by checking both the format and the existence of MX records for their domains. This helps detect packages with fake or throwaway emails, which are often indicative of malicious intent.

Description of changes

  • Implemented FakeEmailAnalyzer that:
    • Validates email format using a regex.
    • Verifies the existence of MX records for the email domain via DNS resolution.
  • Updated detect_malicious_metadata_check.py to include and invoke this new analyzer.
  • The analyzer handles DNS errors and skips analysis if no email is present.
  • The logical reason for combining quickUndetailed with a failed(Heuristics.FAKE_EMAIL.value) is that a package that is rushed onto a platform by someone using a fake email address points to an actor who may be trying to quickly distribute a package while obscuring their identity and avoiding being investigated.

Related issues

None

Checklist

  • I have reviewed the contribution guide.
  • My PR title and commits follow the Conventional Commits convention.
  • My commits include the "Signed-off-by" line.
  • I have signed my commits following the instructions provided by GitHub. Note that we run GitHub's commit verification tool to check the commit signatures. A green verified label should appear next to all of your commits on GitHub.
  • I have updated the relevant documentation, if applicable.
  • I have tested my changes and verified they work as expected.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Jun 16, 2025
@AmineRaouane AmineRaouane force-pushed the fake-emails-heuristic branch from c6f35f7 to 8d29103 Compare June 16, 2025 21:26
@AmineRaouane AmineRaouane force-pushed the fake-emails-heuristic branch 5 times, most recently from f945882 to a7103e4 Compare July 5, 2025 18:59
benmss
benmss reviewed Jul 9, 2025
View reviewed changes
benmss
benmss reviewed Jul 9, 2025
View reviewed changes
benmss
benmss reviewed Jul 9, 2025
View reviewed changes
@AmineRaouane AmineRaouane force-pushed the fake-emails-heuristic branch from 759ab97 to d99495c Compare July 12, 2025 15:55
benmss
benmss reviewed Jul 14, 2025
View reviewed changes
benmss
benmss reviewed Jul 14, 2025
View reviewed changes
@AmineRaouane AmineRaouane force-pushed the fake-emails-heuristic branch from d99495c to a8d373b Compare July 15, 2025 09:40
benmss
benmss previously approved these changes Jul 15, 2025
View reviewed changes
behnazh-w
behnazh-w requested changes Jul 18, 2025
View reviewed changes
art1f1c3R
art1f1c3R reviewed Jul 21, 2025
View reviewed changes
@behnazh-w behnazh-w added this to the Release version 0.17.0 milestone Jul 21, 2025
@AmineRaouane AmineRaouane force-pushed the fake-emails-heuristic branch from 95aa0cc to 468d67e Compare July 21, 2025 22:04
art1f1c3R
art1f1c3R reviewed Jul 22, 2025
View reviewed changes
@AmineRaouane AmineRaouane force-pushed the fake-emails-heuristic branch from 468d67e to 80db475 Compare July 29, 2025 21:27
behnazh-w
behnazh-w previously approved these changes Jul 31, 2025
View reviewed changes
art1f1c3R
art1f1c3R previously approved these changes Jul 31, 2025
View reviewed changes
@AmineRaouane AmineRaouane force-pushed the fake-emails-heuristic branch from 80db475 to 036af0a Compare August 4, 2025 05:50
@AmineRaouane
chore: add minor code improvements to the typosquatting heuristic (or…
a185d6a 
…acle#1122)

Signed-off-by: Amine <amine.raouane@enim.ac.ma>
@AmineRaouane
feat(heuristics): add Fake Email analyzer to validate maintainer emai…
e6dd105 
…l domains

Signed-off-by: Amine <amine.raouane@enim.ac.ma>
@AmineRaouane
refactor: remove redundant package download
602a923 
Signed-off-by: Amine <amine.raouane@enim.ac.ma>
@AmineRaouane
docs: update documentation
bbd2a00 
Signed-off-by: Amine <amine.raouane@enim.ac.ma>
@AmineRaouane
refactor(fake-email): replace dns_resolver with email-validator for e…
a1355b7 
…mail domain validation

Signed-off-by: Amine <amine.raouane@enim.ac.ma>
@AmineRaouane
refactor(config): move check_deliverability setting to defaults.ini
4dfae43 
Signed-off-by: Amine <amine.raouane@enim.ac.ma>
@AmineRaouane AmineRaouane force-pushed the fake-emails-heuristic branch from e0e8067 to 4dfae43 Compare August 4, 2025 21:43
@behnazh-w
Merge branch 'main' into fake-emails-heuristic
09abfd0 
Signed-off-by: Behnaz Hassanshahi <behnaz.hassanshahi@oracle.com>
@behnazh-w behnazh-w merged commit c323ddd into oracle:main Aug 5, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benmss benmss benmss approved these changes

@behnazh-w behnazh-w behnazh-w approved these changes

@art1f1c3R art1f1c3R art1f1c3R left review comments

@tromai tromai Awaiting requested review from tromai

Assignees

@AmineRaouane AmineRaouane

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

Release version 0.17.0

Development

Successfully merging this pull request may close these issues.

4 participants

@AmineRaouane @benmss @behnazh-w @art1f1c3R