Share experience about IP reputation services

I was wondering what your experiences are with different ip reputation services (an API that tells fraud risk for a given IP). I will share mine below. I am not affiliated with any of these, just want to share my experiences and get recommendations from other users on this forum. We have been fighting with lots of spammers during the last couple of years and knowing IP risk upfront has been a huge help.

Currently we are using:

- ip-quality-score
- get-ip-intel
- mon-api
- stopforumspam
- TOR exit node detection

We started with get-ip-intel 1.5 years ago. It seems like a one-man company, the admin is very limited / non-existant, but the risk detection is actually pretty good. We started with this option because there were no monthly commitments. I also tried a few of our spammer IPs and they all showed red scores on get-ip-intel site.  After using them for about  a year or so, the 2 main problems were:

- all VPNs were always getting a max risk score of "1".
- didn't show high risk scores for some groups of spammers. I used to have some spammers come back 20 times per day and get-ip-intel showed very low risk scores for them.

Our next approach was to send 2 parallel queries to get-ip-intel and SFS, and use the higher score to estimate IP risk. That worked pretty well, but didn't solve "all VPNs are bad" problem.

Out of curiosity I decided to try ip-quality-score. Their plans started at $50 or so, and we didn't need so many queries, so I emailed them and they agreed with a custom / cheaper deal.

- Certainly more reliable risk scores than get-ip-intel for our user/spammer base.
- A VPN gets a score of 0.75, and a VPN with a spam record gets a score up to 1.0.
- Their API tells more info about the IP, such as recent abuse, what type of server it is etc.
- looks like a bigger company, less chances to see their site disappear one day.

- need to commit to monthly fees
- admin area is kind of a mess, bloated with a zillion of other services we don't currently need.

I haven't found any better service yet, so we are still using them for now in combination with SFS.

We have also tried mon-api, but unfortunately it is lagging quite far behind the competition atm.

- generally slower API response times
- sometimes goes down for a day or 2 smile
- only reports 20-30% of our spammer IPs as high risk
- also looks like a 1 man company

- their API shows what blacklist the IP was found on.

I know I am posting some links to other sites on this thread, but I think these might be interesting to the readers of this forum.  Hope this doesn't violate the terms here. I am also looking for recommendations/links to other similar services.



Re: Share experience about IP reputation services

There is a useful tool here called Forum Spamlist Checker (seems abandoned)

It uses a lot of services in 1 go.
BotScout, FSpamList, SFS, Project Honey Pot, AHBL, APEWS, DroneBL, EFnetrbl, SORBS, SpamCop, Spamhaus, SPEWS, Tornevall, UBL, IPInfoDB,

I couldn't get v4 to work but v3.2.8 still works for some of the services.

When I am checking a spammer, I use the tool and a few manual checks with OSINT services
Shodan, Pulsedive and MyIP which will tell me useful info about the IP address and email domain.
If it looks like the spam is coming from a dedicated server doing nothing else, then it makes it easy deciding if the email domain is worth blocking.
If it is a VPN then you also have a better idea if it is worth blocking.

Some extra tools worth using
ip-void - url-void - tools-void

Re: Share experience about IP reputation services

I use IP2Proxy API to detect proxy and VPN IP address since 2018. It is not the cheapest but it has been working very well so far.

We compare many providers but they are the only one providing us a 3rd party evaluation report. The accuracy reported is very good and thus it makes the selection process easier.


Re: Share experience about IP reputation services

