- Registered: 2019-09-19
- Posts: 12
Share experience about IP reputation services
I was wondering what your experiences are with different ip reputation services (an API that tells fraud risk for a given IP). I will share mine below. I am not affiliated with any of these, just want to share my experiences and get recommendations from other users on this forum. We have been fighting with lots of spammers during the last couple of years and knowing IP risk upfront has been a huge help.
Currently we are using:
- TOR exit node detection
We started with getipintel 1.5 years ago. It seems like a one-man company, the admin is very limited / non-existant, but the risk detection is actually pretty good. We started with this option because there were no monthly commitments. I also tried a few of our spammer IPs and they all showed red scores on getipintel site. After using them for about a year or so, the 2 main problems were:
- all VPNs were always getting a max risk score of "1".
- didn't show high risk scores for some groups of spammers. I used to have some spammers come back 20 times per day and getipintel showed very low risk scores for them.
Our next approach was to send 2 parallel queries to getipintel and SFS, and use the higher score to estimate IP risk. That worked pretty well, but didn't solve "all VPNs are bad" problem.
Out of curiosity I decided to try ipqualityscore.com. Their plans started at $50 or so, and we didn't need so many queries, so I emailed them and they agreed with a custom / cheaper deal.
- Certainly more reliable risk scores than getipintel for our user/spammer base.
- A VPN gets a score of 0.75, and a VPN with a spam record gets a score up to 1.0.
- Their API tells more info about the IP, such as recent abuse, what type of server it is etc.
- looks like a bigger company, less chances to see their site disappear one day.
- need to commit to monthly fees
- admin area is kind of a mess, bloated with a zillion of other services we don't currently need.
I haven't found any better service yet, so we are still using them for now in combination with SFS.
We have also tried monapi.io, but unfortunately it is lagging quite far behind the competition atm.
- generally slower API response times
- sometimes goes down for a day or 2
- only reports 20-30% of our spammer IPs as high risk
- also looks like a 1 man company
- their API shows what blacklist the IP was found on.
I know I am posting some links to other sites on this thread, but I think these might be interesting to the readers of this forum. Hope this doesn't violate the terms here. I am also looking for recommendations/links to other similar services.
- From: Kernow, UK
- Registered: 2017-10-12
- Posts: 20
Re: Share experience about IP reputation services
There is a useful tool here called Forum Spamlist Checker (seems abandoned)
It uses a lot of services in 1 go.
BotScout, FSpamList, SFS, Project Honey Pot, AHBL, APEWS, DroneBL, EFnetrbl, SORBS, SpamCop, Spamhaus, SPEWS, Tornevall, UBL, IPInfoDB, blocklist.de
I couldn't get v4 to work but v3.2.8 still works for some of the services.
When I am checking a spammer, I use the tool and a few manual checks with OSINT services
Shodan, Pulsedive and MyIP.ms which will tell me useful info about the IP address and email domain.
If it looks like the spam is coming from a dedicated server doing nothing else, then it makes it easy deciding if the email domain is worth blocking.
If it is a VPN then you also have a better idea if it is worth blocking.
(These 3 have browser extensions for convenience).
Some extra tools worth using
https://www.ipvoid.com - https://www.urlvoid.com - https://www.toolsvoid.com
Last edited by Dr.Flay (2020-10-10 5:23 am)
"I am a genius trapped inside an idiot"