How IP quality score sites actually work
So, there’s been a lot of debate recently around IP quality/fraud score sites and whether they can be trusted or not. And I thought I’d chime in and share some of my experience.
First of all, how do IP quality sites work? Well, there are 4 public methods these sites use to determine the “quality” of an IP, those being:
- Email Sending Reputation
This is the simplest way to determine if an IP has been spammed before, though it’s ancient and not as reliable as it used to be. And it’s whether it has sent mass email spam before or not. This works because a lot of ISPs and email providers work with something called the Spamhaus project where they report all IPs that send spam. You can check your IPs directly using the link https://www.spamhaus.org/ip-reputation/
- Malicious or Abusive Activity History
Malicious or abusive activities include attempting to bruteforce SSH or similar logins, spreading malware, port scanning and similar. This is detected by hundreds of honeypot operations around the web that detect when an IP tries to bruteforce or interact maliciously with a server. You can check if your IP has any abuse history via the website https://www.abuseipdb.com/ which many honeypots report to.
- Proxy Honeypot Sites
This, allegedly, includes sites like ipqualityscore which use the number of times an IP has been checked on their network as a way to determine whether an IP is a proxy or not. Since rarely does anyone other than proxy users actually scan their IPs.
- Scraping Proxy Providers
This is the newest and most sophisticated way proxy IPs are detected, and they’re used by IP quality providers like Spur. They basically buy access into proxy networks using anonymous accounts and scrape all the IPs inside the network. Fortunately, this only detects shared proxy pools, and they can’t, AFAIK, detect dedicated/private datacenter, residential or mobile pools.
Most IP quality providers actually use a combination of the above or all. The most infamous and reliable one in my opinion is Scamalytics as they’re open about how they source their IP data, though I wouldn’t trust it too much for the reasons below.
The Problem With These Tools
While it may be enticing for us to just scan our IPs on these tools, in reality, the actual quality of an IP or a proxy is much more nuanced and these tools are full of false positives. If you’re Meta or Amazon, the last thing you want is to affect the user experience of a real human user just because some online IP database tells you an IP can’t be trusted. Plus, in my experience, all the large services like Cloudflare, Google, Meta, Amazon, etc. maintain their own IP quality database and I highly doubt they use public services.
In reality, even if IP quality sites were 100% accurate, they’re still only one signal out of dozens, and chances are, if you have a perfect fingerprint and browser environment, I doubt the IP quality will matter much. For example, look at VPNs. The IP score of the average VPN IP is horrible, yet they’re used by tens of millions of real people every day with no problem.
The bottom line is that while IP quality scores may be valid for some types of proxies and use cases, it’s hard to take them seriously in any professional capacity. If you really care about the supposed quality score, use Scamalytics, but in practice, the only way to tell if an IP is going to work for you or not is to actually test it with your specific use case inside your actual environment.