We compare many providers but they are the only one providing us a 3rd party evaluation report. The accuracy reported is very good and thus it makes the selection process easier.
]]>It uses a lot of services in 1 go.
BotScout, FSpamList, SFS, Project Honey Pot, AHBL, APEWS, DroneBL, EFnetrbl, SORBS, SpamCop, Spamhaus, SPEWS, Tornevall, UBL, IPInfoDB, blocklist.de
I couldn't get v4 to work but v3.2.8 still works for some of the services.
When I am checking a spammer, I use the tool and a few manual checks with OSINT services
Shodan, Pulsedive and MyIP which will tell me useful info about the IP address and email domain.
If it looks like the spam is coming from a dedicated server doing nothing else, then it makes it easy deciding if the email domain is worth blocking.
If it is a VPN then you also have a better idea if it is worth blocking.
Some extra tools worth using
sucuri
mx-toolbox
ip-void - url-void - tools-void
grey-noise
spider-foot
Currently we are using:
- ip-quality-score
- get-ip-intel
- mon-api
- stopforumspam
- TOR exit node detection
We started with get-ip-intel 1.5 years ago. It seems like a one-man company, the admin is very limited / non-existant, but the risk detection is actually pretty good. We started with this option because there were no monthly commitments. I also tried a few of our spammer IPs and they all showed red scores on get-ip-intel site. After using them for about a year or so, the 2 main problems were:
- all VPNs were always getting a max risk score of "1".
- didn't show high risk scores for some groups of spammers. I used to have some spammers come back 20 times per day and get-ip-intel showed very low risk scores for them.
Our next approach was to send 2 parallel queries to get-ip-intel and SFS, and use the higher score to estimate IP risk. That worked pretty well, but didn't solve "all VPNs are bad" problem.
Out of curiosity I decided to try ip-quality-score. Their plans started at $50 or so, and we didn't need so many queries, so I emailed them and they agreed with a custom / cheaper deal.
Pros:
- Certainly more reliable risk scores than get-ip-intel for our user/spammer base.
- A VPN gets a score of 0.75, and a VPN with a spam record gets a score up to 1.0.
- Their API tells more info about the IP, such as recent abuse, what type of server it is etc.
- looks like a bigger company, less chances to see their site disappear one day.
Cons:
- need to commit to monthly fees
- admin area is kind of a mess, bloated with a zillion of other services we don't currently need.
I haven't found any better service yet, so we are still using them for now in combination with SFS.
We have also tried mon-api, but unfortunately it is lagging quite far behind the competition atm.
Cons:
- generally slower API response times
- sometimes goes down for a day or 2
- only reports 20-30% of our spammer IPs as high risk
- also looks like a 1 man company
Pros:
- their API shows what blacklist the IP was found on.
I know I am posting some links to other sites on this thread, but I think these might be interesting to the readers of this forum. Hope this doesn't violate the terms here. I am also looking for recommendations/links to other similar services.
thanks
]]>