Seven email patterns that signal double brokering before you book.

Most double-brokering attempts are detectable from the email before you ever pick up the phone. The signals are there — mismatched domains, MC numbers that do not resolve to the company name in the signature, rates too good for the lane, dispatcher language that reads like a script rather than a carrier who knows the load. This piece catalogs seven of them with illustrative examples of what each looks like in practice.

Why the inbox is where fraud enters

When you post a load on DAT or Truckstop, you get replies. Typically 20–50 of them for a well-priced lane during normal market conditions, more during loose capacity periods. Those replies arrive in your email inbox, and in most SMB brokerages, a coordinator reads them manually and books from the best combination of price and familiarity.

A fraudulent carrier knows this. They reply fast, quote a competitive rate, and count on the broker being busy enough to skip the verification steps. The booking window on a spot load is 2–4 hours. The fraudulent actor's entire strategy is to close within that window.

The patterns below are derived from documented fraud incidents, FMCSA enforcement actions, and the specific signals that Keelway's carrier trust score uses to flag suspicious replies before the broker opens them. None of them are conclusive in isolation — use them as a checklist, not a verdict.

Pattern 1: MC number does not match the email domain

This is the single highest-signal indicator in the reply inbox. When a carrier emails from dispatch@fastfreight-logistics.com but the MC number in their signature resolves in FMCSA SAFER to a completely different company name — say, "Rodriguez Trucking LLC out of Laredo" — something is wrong.

Legitimate carriers have consistent identities: the company name in the email matches the registered company name on the MC, which matches the domain name of the email address. Fraudulent actors often use MC numbers from real carriers and layer a fake company identity on top. The MC number is the anchor — always verify it independently.

Example pattern: Subject line: "RE: DAT Load #[ID] — Atlanta to Chicago, available at $1,850". From: dispatch@premiumcarriergroup.com. Signature: Premium Carrier Group, MC #847321. FMCSA lookup on MC #847321: Ortega Brothers Transport Inc., authority active, Laredo TX. Domain premiumcarriergroup.com registered 11 days ago.

Pattern 2: Sender domain is generic or recently registered

Carriers with real operating businesses have email domains that match their company name. A carrier emailing from a Gmail, Yahoo, Hotmail, or similar consumer address is not automatically fraudulent — many small owner-operators use personal email — but it is a signal that should trigger the next layer of checks.

More conclusive: a domain that was registered within the last 30–60 days. Domain registration history is publicly queryable via WHOIS lookups. Fraudulent actors frequently register plausible-sounding company domains (fasthaul-logistics.net, premiumdispatch.co) for a specific fraud wave and then abandon them. A carrier with a 12-day-old domain is a different risk profile than a carrier with a 4-year-old domain.

Pattern 3: Dispatcher who cannot verify the driver or truck

When you call to confirm a booking, ask the dispatcher for the driver's name, cell number, and the truck's VIN or license plate. A legitimate carrier dispatch desk can provide all three in under two minutes. A double broker — who is themselves trying to find a carrier after you book them — cannot. They will stall, say the driver will be assigned "shortly," or give you a name and number that does not answer.

This is not an email signal, strictly speaking — it requires a phone call. But it is the fastest human confirmation step after the email flags. If the email raised questions (patterns 1 or 2) and the phone call cannot produce a driver and VIN, do not book.

Pattern 4: Rate too good for the lane by more than 15%

Fraudulent actors win bookings partly by being the cheapest reply in the inbox. They do not need to carry the load profitably — they are going to re-tender it to the cheapest available carrier and pocket the spread. That means they can quote below market and still profit from the spread.

A rate more than 15% below the current DAT spot rate for the lane is worth pausing on. Not every below-market rate is fraud — an owner-operator repositioning to a home terminal will genuinely take a lower rate — but combined with any other signal on this list, it elevates the risk profile.

For context on how to benchmark offered rates against lane data, see our piece on automating carrier quote responses.

Pattern 5: Generic dispatcher language that reads like a template

Legitimate carrier dispatchers write emails that reflect specific knowledge of the load: the pickup city and date, the equipment type, sometimes the commodity or weight. Fraudulent replies often read as templated: "We have capacity available for your lane. Please send the rate confirmation to [email]. Our MC is [number]."

The tell is when the reply could have been sent for any load on any lane on any day. Real dispatchers are busy; they write tersely but specifically. A reply that is non-specific to your load details is more likely a mass reply from a fraudulent actor who scraped load-board postings.

Generic pattern example: "Good afternoon, we are interested in the above-referenced load. Please forward rate confirmation to this email. We look forward to doing business. — Dispatch Team." No mention of the lane, equipment, or pickup date.

Specific pattern (legitimate): "Hi — saw your Atlanta-Chicago 53' van for Monday the 6th on DAT. Driver coming off a load in Chattanooga Sunday night, can make a 6am pickup Monday. $1,900 all-in, no layover needed. — Carlos, Dispatch, Ortega Transport"

Pattern 6: Sudden company name change in dispatch communication

This one appears after booking. You book "Premier Logistics LLC," then receive a call from someone identifying themselves as from "FastHaul Transportation." When you ask why the name is different, the explanation is that it is a "sister company" or "DBA." Sometimes it is true — carrier operating structures are genuinely complicated. But an undisclosed name change between booking and dispatch is a double-brokering signal that warrants immediate verification.

Run the new company name through FMCSA immediately. If it comes back as a different MC number with a different authority profile than what you booked, you are almost certainly looking at a double-brokered load.

Pattern 7: Refusal to sign a carrier-broker agreement with no-re-brokering clause

If a carrier pushes back on signing your standard carrier-broker agreement — specifically the no-re-brokering clause that prohibits them from tendering the load to a third party — that is a direct signal. Legitimate carriers sign these agreements routinely; it is standard in the industry. A carrier that balks at the no-re-brokering language either has a policy of re-brokering or is planning to on this specific load.

Make no-re-brokering consent explicit in your agreement and make refusal a hard stop in your booking process. The legal framework for why this matters is covered in our piece on the true cost of carrier fraud.

How to operationalize these checks at scale

Reading 40 carrier replies per posted load and checking each against all seven patterns is not realistic for a coordinator handling multiple active loads simultaneously. The math does not work: at 40 replies per load and three active loads at a time, that is 120 emails requiring individual pattern analysis within a 2–4 hour booking window.

The operational answer is automated pre-screening. An inbox triage tool running FMCSA verification, domain age checks, MC-to-domain matching, and rate benchmarking on every reply before the broker opens it turns the 120-email problem into a 5-email decision. The broker still makes the final call — the tool just removes the 115 replies that do not need human attention and flags the ones that do.

For a full walkthrough of how automated triage works in practice, see Keelway carrier email automation. For the broader context of where email triage fits in the SMB broker workflow, see why brokers live in their inbox.

A note on false positives

Any fraud-detection system generates false positives: legitimate carriers flagged because they use a personal email, have a recently incorporated entity, or work under a DBA that does not match their MC name. The right response to a flag is not automatic rejection — it is a second-level check. A flagged carrier who can provide driver and VIN information on the phone is probably legitimate. A flagged carrier who cannot is not.

Build a two-stage process: automated flags reduce the field from 40 to 5; human verification on any flagged reply before booking. This is faster than full manual review and more accurate than purely automated rejection.

For more on the operational playbook for double brokering prevention, see the prevent double brokering guide.