7

My team is discussing how we can improve the fraud prevention algorithms on a customer's platform. It's not surprising that email addresses used in fraudulent activities are often registered with free mail providers such as Gmail.

One criterion that we are missing as an input to our fraud prevention system, which would give us very valuable information, is the age of an account.

Is there an API method (or any other way) that would allow us to query when a Gmail account was registered?

Something like https://api.gmail.com/age-of-account/email.address@gmail.com, which returns the date of or timespan since creation, would be very useful.

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Lukas Winzenried
  • 1,919
  • 1
  • 14
  • 22
  • 7
    I'd be surprised if they gave out this information publicly. It seems like this would/should be protected information – Pekka Jan 16 '16 at 19:19
  • I would be surprised as well. But on the other hand I think the should take responsibility for the fact that a very high percentage of the email addresses in our carder database is registered at gmail! – Lukas Winzenried Jan 16 '16 at 19:32
  • 1
    There are paid services like Rapleaf that sell that data. Its from data they aggregate and buy from whoever will sell it to them. – Cyph Feb 09 '16 at 06:18

1 Answers1

2

You cannot get when an account was created through any existing Google API. You could probably get rid of a lot of low hanging fruit with something along these lines though, using the Gmail API:

  1. List message ids until there is no nextPageToken in the response. Then you will have gotten the last page of message ids.
  2. Get the last message and check if the internalDate is lower than some cut-off value.

This is no great solution, since a targeted attacker could just insert a message with a custom Date-header, but might be worth having as a metric of many others in your algorithm.

Tholle
  • 108,070
  • 19
  • 198
  • 189
  • I'am aware of the api. But not talking about the age of my own account ;-) – Lukas Winzenried Jan 19 '16 at 22:11
  • @LukasWinzenried I get that :) But if you ask for read access of your users' email when you authorize them, you can use their `access_tokens`, and not your own. That would be silly indeed ;) – Tholle Jan 19 '16 at 22:17