Additional factors for estimating spam activity of IP/Email addresses in Anti-Spam/Anti-Fraud API

Cloud Anti-Spam by CleanTalk in the process collects data on spam activity of IP/Email addresses. On the basis of these data, a database of spam IP/email is formed. CleanTalk provides several API methods for working with the data we have.

We have recently added new parameters to the spam activity test method and launched two new API methods:

  • the first is getting the country code letter by IP address
  • the second – checking domain for participation in spam mailings

But about everything in order.

Get the country code letter by IP address.

This API method returns a two-letter country code (US, UK, CN, etc.) or the full name of Russia by IP address. Read more on the use of the method ip_info.

Checking the domain to participate in spam mailings.

Allows you to check whether this domain has been used in spam mailings. At this point in CleanTalk database contains records of 383 1 062 domains.

For example, you have a comment, it is on the topic of the article, with a very meaningful text and does not raise suspicions, but contains a link to a third-party site. We check the links and get that the domain is listed in the database, the links were posted on other websites and the date of their placement approximately coincides with the date of the comment. It turns out that the comment was used to place a link to a third-party resource.

Using this method is useful when recognizing manual spam when all other checks are completed.

You can check the blacklist manually on the website

Read more on the use of the method backlinks_check.

Update the spam_check method.

Method allows you to bulk check IP/email against a database of blacklists CleanTalk. At the moment the database contains records about 2 808 344 IP and 990 835 Email. Also, the method allows you to make an IP check for a specific date.

In addition to the main parameter, as a result of the issuance, showing the presence or absence in the database, additional parameters have been added:

spam_rate – spam activity rating from 0 to 100%. The parameter is calculated for each IP or email record as the ratio of blocked requests to the total number of requests from a given IP or email. As an example, IP has a total of 100 requests, of which the service blocked 97 requests as spam, so spam_rate will be 97%.

Why this is important, it gives you the ability to set your own request blocking logic. As the spammers change the IP and at the moment it can be a regular user.

Following parameter:

Each parameter shows the activity of the data being checked for the last 10 minutes, 1 hour and 24 hours, respectively. That is, it shows the number of requests for a specific time from a specific IP or email. This is useful in cases where IP or email does not yet have BlackListed status in the database, but has a fairly high activity in a short time. About what other parameters you can use to protect against spam, you can read in our previous articles:

Non-visual methods of protecting the site from spam Part 1

Non-visual methods of protecting the site from spam Part 2

Non-visual methods of protecting the site from spam Part 3

Example of output of API data for test email s@cleantalk.org. This email is for tests, so the “updated” parameter: “2019-03-28 22:07:19” is the date.

{"data":
            {"s@cleantalk.org":
                      {"appears":1,
                      "frequency_time_10m":null,
                      "spam_rate":"0",
                      "frequency":"999",
                      "frequency_time_24h":null,
                      "updated":"2019-03-28 22:07:19",
                      "frequency_time_1h":null}
            }
}

Learn more about using the spam_check method.

Leave a Reply

Your email address will not be published. Required fields are marked *