[londons_explore]

There are commercial services to verify email address age: https://www.ipqualityscore.com/email-age-checker

They generally look at data leaks and partner with big companies to see when that email address first signed up to any online service.

[account42]

That doesn't seem remotely compatible with modern privacy laws like the GDPR. And it certainly ads even more false negatives of people locked out because they didn't have their email leaked long enough ago.

[londons_explore]

GDPR has a massive carve-out for fraud prevention...

[account42]

Which doesn't include collecting information about your email and then handing it off to random third parties just because they want to use it for that.