But everything falls apart with ANSI off. Some spoofs can still be identified by their preceding context, but there is one class of messages where player-entered text appears as the first thing on a line without any predictable preceding context. These are messages like "Mongoose warps into the sector.", and they can spoof any prompt under 41 characters in length. For example, is that "[Pause]" really a pause, or is it the beginning of "[Pause] warps into the sector."? A real prompt lacks a trailing newline character, so without additional knowledge of the protocol there is no way to know if more text is on the way.
But there is still hope in additional knowledge of the protocol. If problematic messages like "[Pause] is hailing you!" are written to the network in a single write, then for all practical purposes it is guaranteed that they will be transmitted in a single packet. The minimum IPv4 MTU is 68 bytes (and in practice is usually much larger) so any message beginning with a spoof name would be guaranteed to have at least a few bytes of trailing context received with it. A "[Pause]" received by itself could then be safely treated as a real pause, as could all other spoofable prompts.
I've asked John Pritchett to determine whether this is the case. If it's not, then I have a few other ideas up my sleeve.