Fraud Prevention

Fraud Prevention Response Object

This object represents a fraud prevention response that can be recovered from the Fraud Prevention API.

📘

Click on each object for more information.

risk object

The AtData risk fields leverage our historical database and the billions of email events we see each month to assess the correlation of the input email to fraud.

score integer
A machine learning-based score from 0 to 100 using AtData's metadata, of which the API response is only a part, to identify high risk and fraudulent profiles. A score of 0 being low risk and 100 being very high risk. The average risk threshold is from 70 to 80 but depends on customer requirements.
Example: 50

tumbling_risk integer
A score from 0 to 3 indicating multiple variations of the same email address (e.g. [email protected] and [email protected] are identical to gmail). Tumbling is evaluated across AtData's entire network, not just your own activity.
Possible values:

  • 0: no tumbling detected
  • 1, 2 and 3: linear risk of tumbling

query_id string
AtData's unique identifier for the response provided. Can be used with our Feedback API or for troubleshooting.
Example: 2744dd5d0acb475b81687d366fff4c48

ip object

Information related to the IP address associated with the email query.
⚠️ IP object will appear in response only if IP address is provided. ⚠️

routing_type string
The IP Routing Type (IPRT) specifies how the connection is routed through the Internet and can be used to determine how close the user is to the public IP address. For example, a user connecting through a fixed connection is likely very close to the connection. A user connecting through a regional proxy is probably in the same country as the connection, whereas a user connecting through a satellite connection could be anywhere.
IP Routing Types:

  • fixed: The user is connecting through a fixed-line connection, such as cable, DSL, T1, and fiber. The user is likely to be at or near the location assigned to the IP.
  • aol, aolpop, aoldialup, aolproxy: The user is part of the AOL network. AtData can identify the user country in most cases. However, establishing the user location below country is not possible.
  • pop: The user is dialing into a regional ISP (Internet Service Provider) and is likely to be near the IP location.
  • satellite: The user is connecting to the Internet through a consumer satellite or a backbone satellite provider, where no information about the terrestrial connection is available. The user can be anywhere within the beam pattern of the satellite, which can span a continent or more.
  • cache proxy: The user is using a proxy connection, either through an Internet accelerator or a content distribution service. It is possible the user is located in a different country from the IP location.
  • international proxy: The user is connecting through a proxy (not an anonymizer) that routes traffic from multiple countries. It is possible the user is located in a different country from the IP location.
  • regional proxy: The user is connecting through a proxy (not an anonymizer) that routes traffic from multiple states within a single country. It is possible the user is located in a different state from the IP location.
  • corp proxy: The user is connecting through a proxy (not an anonymizer) that routes traffic through edge nodes, or nexus points for traffic entering and exiting a corporate network.
  • mobile gateway: The user is using a gateway to connect mobile devices to the public Internet. Many mobile operators, especially in Europe, serve more than one country and backhaul traffic through centralized network hubs. Therefore, it is possible the user is located in a different country from the IP location.

organization string
Registering Organizations include many types of entities, including corporate, government, or educational entities, and ISPs managing the allocation and use of network blocks.
Example: atdata

proxy_type string
The network or protocol utilized by the server to proxy the user connection is identified. Proxy type classifications include the use of http, Tor, web and SOCKS.
Possible results:

  • http
  • service
  • socks
  • socks http
  • tor
  • unknown
  • web
  • privacy proxy

hosting_facility boolean
Hosting facility includes the following type of service providers: colocation, cloud computing, dedicated hosting, virtual private servers and web hosting. A value of true indicates that the IP address is associated with a hosting facility; otherwise the value is false.
Possible results:

  • true
  • false

latitude float
Latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South.
Example: 38.89768

longitude float
Longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West.
Example: -77.03651

domain_risk_score integer
The domain risk score ranges from 0 (no risk associated with the domain) to 10 (significant threat due to multiple variables) and allows users to identify high risk email domains the moment they first appear rather than waiting for industry classification. It encompasses different types of risky domains and their behaviour derived from the AtData network.
Example: 7

postal object

Contains information related to the postal data provided in the API request and its validation results.
⚠️ Postal object will appear in response only if name or postal fields are provided. ⚠️

first_name_match string
Indicates if the first name matches with previously known data.
⚠️ If first field is not provided in the request, first_name_match will return no_data. ⚠️
Possible results:

  • match: First name supplied matches first name previously associated with email.
  • no_match: First name supplied does NOT match first name previously associated with email.
  • no_data: No first name records associated with that email.

last_name_match string
Indicates if the last name matches with previously known data.
⚠️ If last field is not provided in the request, last_name_match will return no_data. ⚠️
Possible results:

  • match: Last name supplied matches last name previously associated with email.
  • no_match: Last name supplied does NOT match last name previously associated with email.
  • no_data: No last name records associated with that email.

street_match string
Indicates if street data is available and matches with known records.
⚠️ If street field is not provided in the request, street_match will return no_data. ⚠️
Possible results:

  • match: Street supplied matches street previously associated with email.
  • no_match: Street supplied does NOT match street previously associated with email.
  • no_data: No Street records associated with that email.

city_match string
Indicates if city data is available and matches with known records.
⚠️ If no postal fields are provided in the request, city_match will return no_data. ⚠️
Possible results:

  • match: City supplied matches city previously associated with email.
  • no_match: City supplied does NOT match city previously associated with email.
  • no_data: No City records associated with that email.

zip_match string
Indicates if zip code data is available and matches with known records.
⚠️ If no postal fields are provided in the request, zip_match will return no_data. ⚠️
Possible results:

  • match: Zip supplied matches zip previously associated with email.
  • no_match: Zip supplied does NOT match zip previously associated with email.
  • no_data: No Zip records associated with that email.

address_type string
Indicates the type of address, such as Street, PO Box, etc.
⚠️ The address_type field will appear in response only if a valid US postal address is provided. ⚠️
Possible results:

  • Alias
  • Firm
  • General Delivery
  • Highrise
  • PO Box
  • Rural Route
  • Street

deliverability string
Indicates the deliverability status of the postal address according to the US Postal Service.
⚠️ The deliverability field will appear in response only if US postal fields are provided. ⚠️
Possible results:

  • deliverable
  • undeliverable
  • possibly_deliverable
  • probably_deliverable

deliverability_substatus string
Provides more details on the primary reason for the deliverability status.
⚠️ The deliverability_substatus field will appear in response only if US postal fields are provided. ⚠️
Possible results:

    value Description
    deliverable Deliverable
    invalid_secondary Invalid Secondary Address
    missing_secondary Missing Secondary Address
    missing_pmb Missing PMB
    usps_only USPS Only
    maildrop_or_inactive Maildrop or Inactive
    military_zip Military Zip
    unique_zip Unique Zip
    general_delivery General Delivery
    not_accessible Not Accessible
    vacant Vacant
    pbsa PO Box with Street Style Address
    cmra Commercial Mail Receiving Agency
    invalid_box Invalid Box
    invalid_country Invalid Country
    invalid_data Invalid Data
    invalid_location Invalid Location
    invalid_primary Invalid Primary Number
    invalid_street Invalid Street
    invalid_unclear Multiple Matches
    invalid_zip Invalid Zip code
    missing_box Missing Box
    missing_primary Missing Primary
    ews_match Early Warning System Match
    error Error

ip_postal_distance string
Distance in miles between the IP location and the postal address.
ip_postal_distance will appear in response only if ip and zip fields are provided.
Possible results:

  • 5 miles
  • 5-100 miles
  • 100-500 miles
  • 500-1000 miles
  • > 1000 miles

phone object

Contains information related to the phone number provided in the API request.
⚠️ Phone object will appear in response only if phone number is provided and your account is configured for it. ⚠️

line_type string
The type of phone line.
Possible Values:

  • mobile
  • landline
  • voip
  • toll_free
  • other

carrier string
Telephone number network operator.
Example: AT&T Wireless

status string
The status of the phone number.
Possible Values:

  • valid: structure/syntax of number is valid but AtData could not determine if it is in use.
  • invalid: Structure/syntax of number is invalid.
  • dead: Phone number structure is valid but number is disconnected/not in use.
  • live: Number is currently connected to a network and in use.
  • unknown: The status of the phone number could not be determined.

prepaid boolean
Telephone number is for a prepaid phone (US only).
Example: false

owner object

Details of the phone number owner.

first_name_match string
Indicates if the first name matches with previously known data.
Possible results:

  • match: First name supplied matches first name previously associated with phone number.
  • no_match: First name supplied does NOT match first name previously associated with phone number.
  • no_data: No first name records associated with that phone number.

last_name_match string
Indicates if the last name matches with previously known data.
Possible results:

  • match: Last name supplied matches last name previously associated with phone number.
  • no_match: Last name supplied does NOT match last name previously associated with phone number.
  • no_data: No last name records associated with that phone number.

street_match string
Indicates if street data is available and matches with known records.
Possible results:

  • match: Street supplied matches street previously associated with phone number.
  • no_match: Street supplied does NOT match street previously associated with phone number.
  • no_data: No street records associated with that phone number.

city_match string
Indicates if city data is available and matches with known records.
Possible results:

  • match: City supplied matches city previously associated with phone number.
  • no_match: City supplied does NOT match city previously associated with phone number.
  • no_data: No city records associated with that phone number.

zip_match string
Indicates if ZIP/postal code data is available and matches with known records.
Possible results:

  • match: ZIP supplied matches ZIP previously associated with phone number.
  • no_match: ZIP supplied does NOT match ZIP previously associated with phone number.
  • no_data: No ZIP records associated with that phone number.

type string
Type of entity assigned to the phone number.
Possible results:

  • person: An individual person.
  • business: A business entity.

eam object

The origin of AtData's fraud solution is our Email Activity Metrics, which are used by all the leading antifraud solutions that evaluate email addresses. Through our broad client base, our extensive partner network and our 20-year history, AtData has the highest recognition rate of U.S. email addresses in the market, over 98%.

Forty percent of fraudsters use new email addresses. If AtData does not recognize an email address or only recently encountered it, beware.

date_first_seen string
The date the email address first appeared in AtData's records. The value now will be returned if the email address is new to AtData
Example: 2016-08-09

longevity integer
A score from 0 to 3 indicating how long the email has been known, with 3 representing a longer period.
Possible values:

  • 0: AtData has not encountered this email address before.
  • 1: AtData first encountered this email within the last month.
  • 2: AtData first encountered this email within the last year.
  • 3: AtData first encountered this email over a year ago.

velocity integer
A score from 0 (no activity) to 10 (most active), reflecting the activity of the email address over the last 6 months.
Example: 10

popularity integer
A score from 0 (no sources in 12 months) to 10 (most sources) gauging the popularity of the email address over the last 12 months based on the number of sources from which AtData has received the address.
Example: 10

dam object

Similar to the EAM fields, the Domain Activity Metrics reflect activity at the domain level. Again, new or recent domains are more risky.

date_first_seen string
The date the domain first appeared in AtData's records.
Example: 2002-11-09

longevity integer
A score from 0 to 3 indicating when AtData first encountered the domain.
Example: 3

velocity integer
A score reflecting the activity of the domain over the last 6 months, from 0 (no activity) to 10 (most active).
Example: 10

popularity integer
A score gauging the popularity of the domain over the last 12 months based on the number of sources from which AtData has received the address, from 0 (no sources in 12 months) to 10 (most sources).
Example: 10

email_validation object

AtData's industry-leading email validation service is used by retailers, data companies and marketing platforms to verify whether an address can receive email or not and whether mailing to that address will affect the sender's ability to deliver email messages into the inboxes of its customers. AtData email validation stops invalid, misspelled and fake emails as well as emails that put your email marketing program at risk, such as spam traps.

Email Validation has a different purpose than fraud prevention, but if an email address is flagged with an “invalid” status, it should be rejected. However, a validation status of “risky” indicates that the email presents risk to your email marketing program, not that it presents risk of fraud. Full documentation of our validation API, including multiple examples, is located at the Examples page of the docs.

address string
Contains the standardized email address.
Example: [email protected]

status string
The summary status of the email validation result.
Possible values:

  • valid: The email address passed all checks and is safe to mail.
  • invalid: Do not mail. The email does not have proper syntax, the domain is dead or the mailbox doesn't exist.
  • risky: The email address is valid but it may cause delivery issues (e.g. spamtrap, honeypot or complainer). If you're having deliverability issues, don't send email to risky addresses.
  • unverifiable: The domain doesn't support a mailbox level check. Also known as an "accept all" or "catch all" domain. Expect some bounces from these addresses should you choose to mail them.
  • unknown: The syntax and the domain of the email are valid, but we could not confirm the mailbox in the time allowed. Messages to these addresses may see bounces. Repeating the query later may deliver a valid/invalid status.

status_code integer
A range from 5-999 will always be returned and describes the detailed results of the validation within the status categorization. For a full list of possible values, go to the Email Validation Status Codes page.
Example: 50

domain_type string
An optional field, indicates the type of the domain.
Possible values:

  • biz: The domain of a corporation or business.
  • disposable: The domain is used to create temporary email addresses. AtData assigns these domains an “invalid” status.
  • edu: An educational institution.
  • freeisp: A free Internet Service Provider.
  • gov: A governmental institution.
  • paidisp: An Internet Service Provider that requires a paid subscription to create an email address.
  • parked: The domain does not have an active website.
  • privacy: The domain is used to protect the privacy of the user, e.g., Apple's Mail Privacy Protection.
  • wireless: Domains for wireless devices that must not be sent unsolicited emails, as per the FCC.

role_account boolean
An optional field, role_account is returned if the email address is identified as the role related email account. A role account is an email address for a business job role or a group of people in a company such as sales, info, support, marketing or customer service (e.g. [email protected]).
Example: true