IP address reputation
Every device connected to the Internet has an IP address assigned to it. This means vast amounts of IP activity, with huge volumes of rich data output. Through rigorous analysis, our researchers provide unbiased intelligence on the complex nature of IP reputation. This unique, actionable insight has broad application across the Internet industry.Check an IP addresses reputation
What is IP address reputation?
An assessment of the trustworthiness of an IP. Reputation data captures the who, what, where, and when of an IP or IP range. All this signal is analyzed to indicate if, when, and how users should engage and take action.
How is IP address reputation calculated?
Spamhaus leverages both Signals Intelligence (SIGINT) and Open-Source Intelligence (OSINT) techniques to assess the reputation of IPs. This includes machine learning, heuristics, and manual investigation.
Vast volumes of data are analyzed, assessing specific signals, defined and tracked by experienced researchers. This does not require the evaluation of personally identifiable information (PII).
To accurately understand IP reputation, a diverse range of data points, from a diverse range of data sources, is critical. For over 25 years, Spamhaus has developed trusted data partnerships for data and intelligence sharing, important for visibility and coverage. The output is robust and reliable reputation data.
What impacts an IP addresses reputation?
All internet communications involve IPs, leaving behind a trail of online "fingerprints”. From this, signal can be extracted to determine reputation. Evaluation is variable, but some factors include:
- Who is the service provider
- What is the IP neighborhood
- What infrastructure is it associated with
- What upstream infrastructures are connecting to Internet backbones
- When was it used
- When was it first seen
- How was it used
This diverse data is generated to manage and maintain a more secure Internet. Internet users should be aware of this, and understand that all online behavior affects reputation and the ability to operate with trust.
How can IP address reputation data be utilized?
- Reporting - e.g. can I trust this operator to provide my IP?
- Investigating - e.g. what malware is associated with this IP
- Vetting - e.g. can I trust this IP on my network?
- Blocking - e.g. blocking users from accessing malicious websites.
- Filtering - e.g. filtering potentially malicious emails
- Log-in defence - e.g. via authentication systems to only admit valid users
- Auditing - e.g. to monitor changes being made to accounts