Additional factors for evaluating spam activity of IP / Email addresses in the Anti-Spam / Anti-Fraud API

Published on February 27, 2018

Additional factors for evaluating spam activity of IP / Email addresses in the Anti-Spam / Anti-Fraud API

    CleanTalk Cloud Anti-Spam in progress, collects data on spam activity of IP / Email addresses. Based on this data, an IP / email spam database is generated. CleanTalk provides several API methods for working with the data we have.

    Recently, we added new parameters in the spam activity checking method and launched two new API methods:

    • the first is getting the country code by IP address
    • the second is checking the domain for participation in spam mailings

    But first things first.

    Getting the country code by IP address .
    This API method returns a two-letter country code (US, UK, CN, etc.) or the full name of Russia by IP address. Learn more about using the ip_info method .

    Checking the domain for participation in spam mailings .
    Checks if this domain has been used in spam mailings. Currently, the CleanTalk database contains entries for 1,383,062 domains.

    For example, you have a comment, it is on the topic of the article, with quite meaningful text and does not cause suspicion, but contains a link to a third-party site. We do a link check and get that the domain is listed in the database, the links were posted on other web sites and the date of their placement approximately coincides with the comment date. It turns out that the comment was used to post a link to a third-party resource.

    Using this method is useful in recognizing manual spam when all other checks have passed.

    You can check the blacklists manually on the website for

    details on using the backlinks_check method .

    Update for spam_check method .
    The method allows bulk checking of IP / email based on CleanTalk blacklist database. at the moment the database contains records of 2 808 344 IP and 9 990 835 Email. The same method allows you to check IP for a specific date.

    In addition to the main parameter, as a result of output showing the presence or absence of the database, additional parameters were added:

    spam_rate - spam activity rating from 0 to 100%. The parameter is calculated for each IP or email record as the ratio of blocked requests to the total number of requests from a given IP or email. As an example, IP has a total of 100 requests, of which the service blocked 97 requests as spam, so spam_rate will be 97%.

    Why this is important, it gives you the ability to set your own request blocking logic. Since IP spammers are changing, and at the moment it can belong to a regular user.

    The following parameters: Each parameter shows the activity of the data being checked for the last 10 minutes, 1 hour and 24 hours, respectively. Those. shows the number of requests for a certain time from a specific IP or email. This is useful in cases where IP or email do not yet have BlackListed status in the database, but have a fairly high activity in a short time. You can read about what other parameters you can use to protect against spam in our previous articles: Non-visual methods of protecting a site from spam Part 1 Non-visual methods of protecting a site from spam Part 2

    frequency_time_10m
    frequency_time_1h
    frequency_time_24h






    Non-visual methods of protecting the site from spam. Part 3

    Sample API data output for test email s@cleantalk.org. This email address is for testing purposes, so there is such a date in the "updated" parameter: "2019-03-28 22:07:19"

    {"data":
                {"s@cleantalk.org":
                          {"appears":1,
                          "frequency_time_10m":null,
                          "spam_rate":"0",
                          "frequency":"999",
                          "frequency_time_24h":null,
                          "updated":"2019-03-28 22:07:19",
                          "frequency_time_1h":null}
                }
    }

    Learn more about using the spam_check method .