Fraud Prevention Response Object

This object represents a fraud prevention response that can be recovered from the Fraud Prevention API.

📘
Click on each object for more information.

risk object

AtData risk fields leverage our historical database and the billions of email events we process each month to assess the input email's correlation with fraud.

score integer
A machine learning-based score from 0 to 100 that uses AtData's metadata to identify high-risk and fraudulent profiles. A score of 0 indicates low risk, while 100 indicates very high risk. Typical risk thresholds range from 70 to 80, depending on customer requirements.
Example: 50

tumbling_risk integer
A score from 0 to 3 indicating multiple variations of the same email address (e.g. [email protected] and [email protected] are identical to gmail). Tumbling is evaluated across AtData's entire network, not just your own activity. Use this score to identify repeated signup patterns tied to the same mailbox.
Possible values:

0: no tumbling detected

1, 2 and 3: linear risk of tumbling

sequencing_risk integer
A score from 0 to 3 indicating multiple variations of the email address where the address varies by just numeric characters (e.g. [email protected] and [email protected]). Email Sequencing is evaluated across AtData's entire network, not just your own activity. Use this score to detect sequential account creation patterns that can indicate fraud.
Possible values:

0: no sequencing detected

1, 2 and 3: increasing sequencing prominence

query_id string
AtData's unique identifier for the response provided. Can be used with our Feedback API or for troubleshooting.
Example: 2744dd5d0acb475b81687d366fff4c48

ip object

Information related to the IP address associated with the email query.
⚠️ Provide an IP address to receive the ip object. ⚠️

routing_type string
The IP Routing Type (IPRT) specifies how the connection is routed through the Internet.
IP Routing Types:

fixed: The user is connecting through a fixed-line connection, such as cable, DSL, T1, and fiber. The user is likely to be at or near the location assigned to the IP.
aol, aolpop, aoldialup, aolproxy: The user is part of the AOL network. AtData can identify the user country in most cases. However, establishing the user location below country is not possible.
pop: The user is dialing into a regional ISP (Internet Service Provider) and is likely to be near the IP location.
satellite: The user is connecting to the Internet through a consumer satellite or a backbone satellite provider, where no information about the terrestrial connection is available. The user can be anywhere within the beam pattern of the satellite, which can span a continent or more.
cache proxy: The user is using a proxy connection, either through an Internet accelerator or a content distribution service. It is possible the user is located in a different country from the IP location.
international proxy: The user is connecting through a proxy (not an anonymizer) that routes traffic from multiple countries. It is possible the user is located in a different country from the IP location.
regional proxy: The user is connecting through a proxy (not an anonymizer) that routes traffic from multiple states within a single country. It is possible the user is located in a different state from the IP location.
corp proxy: The user is connecting through a proxy (not an anonymizer) that routes traffic through edge nodes, or nexus points for traffic entering and exiting a corporate network.
mobile gateway: The user is using a gateway to connect mobile devices to the public Internet. Many mobile operators, especially in Europe, serve more than one country and backhaul traffic through centralized network hubs. Therefore, it is possible the user is located in a different country from the IP location.

organization string
Registering Organizations include many types of entities, including corporate, government, or educational entities, and ISPs managing the allocation and use of network blocks.
Example: atdata

proxy_type string
The network or protocol utilized by the server to proxy the user connection is identified. Proxy type classifications include the use of http, Tor, web and SOCKS.
Possible results:

http

service

socks

socks http

tor

unknown

web

privacy proxy

hosting_facility boolean
Hosting facility includes the following type of service providers: colocation, cloud computing, dedicated hosting, virtual private servers and web hosting. A value of true indicates that the IP address is associated with a hosting facility; otherwise the value is false.
Possible results:

true

false

latitude float or string
Latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South.
Example: 38.89768
⚠️Invalid IP addresses return a value of "null".⚠️

longitude float or string
Longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West.
Example: -77.03651
⚠️Invalid IP addresses return a value of "null".⚠️

domain_risk_score integer
The Domain Risk Score ranges from 0 (no risk) to 10 (high risk) and helps you identify high-risk email domains as soon as they appear, without waiting for industry classification. It incorporates multiple risk signals and behaviors observed across the AtData network.
Example: 7

postal object

Contains information related to the postal data provided in the API request and its validation results.
⚠️ Provide name or postal fields to receive the postal object. ⚠️

first_name_match string
Indicates if the first name matches with previously known data.
⚠️ If first field is not provided in the request, first_name_match will return no_data. ⚠️
Possible results:

match: First name supplied matches first name previously associated with email.

no_match: First name supplied does NOT match first name previously associated with email.

no_data: No first name records associated with that email.

last_name_match string
Indicates if the last name matches with previously known data.
⚠️ If last field is not provided in the request, last_name_match will return no_data. ⚠️
Possible results:

match: Last name supplied matches last name previously associated with email.

no_match: Last name supplied does NOT match last name previously associated with email.

no_data: No last name records associated with that email.

street_match string
Indicates if street data is available and matches with known records.
⚠️ If street field is not provided in the request, street_match will return no_data. ⚠️
Possible results:

match: Street supplied matches street previously associated with email.

no_match: Street supplied does NOT match street previously associated with email.

no_data: No Street records associated with that email.

city_match string
Indicates if city data is available and matches with known records.
⚠️ If no postal fields are provided in the request, city_match will return no_data. ⚠️
Possible results:

match: City supplied matches city previously associated with email.

no_match: City supplied does NOT match city previously associated with email.

no_data: No City records associated with that email.

zip_match string
Indicates if zip code data is available and matches with known records.
⚠️ If no postal fields are provided in the request, zip_match will return no_data. ⚠️
Possible results:

match: Zip supplied matches zip previously associated with email.

no_match: Zip supplied does NOT match zip previously associated with email.

no_data: No Zip records associated with that email.

address_type string
Indicates the type of address, such as Street, PO Box, etc.
⚠️ The address_type field will appear in response only if a valid US postal address is provided. ⚠️
Possible results:

Alias

Firm

General Delivery

Highrise

PO Box

Rural Route

Street

deliverability string
Indicates the deliverability status of the postal address according to the US Postal Service.
⚠️ The deliverability field will appear in response only if US postal fields are provided. ⚠️
Possible results:

deliverable

undeliverable

possibly_deliverable

probably_deliverable

deliverability_substatus string
Provides more details on the primary reason for the deliverability status.
⚠️ The deliverability_substatus field will appear in response only if US postal fields are provided. ⚠️
Possible results:

value	Description
deliverable	Deliverable
invalid_secondary	Invalid Secondary Address
missing_secondary	Missing Secondary Address
missing_pmb	Missing PMB
usps_only	USPS Only
maildrop_or_inactive	Maildrop or Inactive
military_zip	Military Zip
unique_zip	Unique Zip
general_delivery	General Delivery
not_accessible	Not Accessible
vacant	Vacant
pbsa	PO Box with Street Style Address
cmra	Commercial Mail Receiving Agency
invalid_box	Invalid Box
invalid_country	Invalid Country
invalid_data	Invalid Data
invalid_location	Invalid Location
invalid_primary	Invalid Primary Number
invalid_street	Invalid Street
invalid_unclear	Multiple Matches
invalid_zip	Invalid Zip code
missing_box	Missing Box
missing_primary	Missing Primary
ews_match	Early Warning System Match
error	Error

ip_postal_distance string
Distance in miles between the IP location and the postal address.
ip_postal_distance will appear in response only if ip and zip fields are provided.
Possible results:

< 5 miles

5-100 miles

100-500 miles

500-1000 miles

> 1000 miles

phone object

Contains information related to the phone number provided in the API request.
⚠️ Provide a phone number and use an account configured for phone data to receive the phone object. ⚠️

line_type string
The type of phone line.
Possible values:

mobile
landline
voip
toll_free
other

carrier string
Telephone number network operator.
Example: AT&T Wireless

status string
The status of the phone number.
Possible Values:

valid: structure/syntax of number is valid but AtData could not determine if it is in use.

invalid: Structure/syntax of number is invalid.

dead: Phone number structure is valid but number is disconnected/not in use.

live: Number is currently connected to a network and in use.

unknown: The status of the phone number could not be determined.

prepaid boolean
Telephone number is for a prepaid phone (US only).
Example: false

owner object

Details of the phone number owner.

first_name_match string
Indicates if the first name matches with previously known data.
Possible results:

match: First name supplied matches first name previously associated with phone number.

no_match: First name supplied does NOT match first name previously associated with phone number.

no_data: No first name records associated with that phone number.

last_name_match string
Indicates if the last name matches with previously known data.
Possible results:

match: Last name supplied matches last name previously associated with phone number.

no_match: Last name supplied does NOT match last name previously associated with phone number.

no_data: No last name records associated with that phone number.

street_match string
Indicates if street data is available and matches with known records.
Possible results:

match: Street supplied matches street previously associated with phone number.

no_match: Street supplied does NOT match street previously associated with phone number.

no_data: No street records associated with that phone number.

city_match string
Indicates if city data is available and matches with known records.
Possible results:

match: City supplied matches city previously associated with phone number.

no_match: City supplied does NOT match city previously associated with phone number.

no_data: No city records associated with that phone number.

zip_match string
Indicates if ZIP/postal code data is available and matches with known records.
Possible results:

match: ZIP supplied matches ZIP previously associated with phone number.

no_match: ZIP supplied does NOT match ZIP previously associated with phone number.

no_data: No ZIP records associated with that phone number.

type string
Type of entity assigned to the phone number.
Possible results:

person: An individual person.

business: A business entity.

gibberish object

Indicates whether the supplied text appears randomly generated or nonsensical, based on AtData’s gibberish-detection model.
Use this result to flag email addresses that may be bot-generated or fake.

gibberish_email string
Classification of the email username (local-part). One of:

gibberish : Highly likely to be randomly generated or nonsensical.
possibly gibberish : Shows some characteristics of gibberish.
not gibberish : Looks like a normal human-generated username.

eam object

The origin of AtData's fraud solution is our Email Activity Metrics, which are used by all the leading antifraud solutions that evaluate email addresses. Through our broad client base, our extensive partner network and our 20-year history, AtData has the highest recognition rate of U.S. email addresses in the market, over 98%.

Forty percent of fraudsters use new email addresses. If AtData has not seen an email before or has only seen it recently, treat it as higher risk.

date_first_seen string
The date on which AtData first observed the email address. If the email address is new, the API returns now.
Example: 2016-08-09

longevity integer
A score from 0 to 3 indicating how long the email has been known, with 3 representing a longer period.
Possible values:

0: AtData has not encountered this email address before.

1: AtData first encountered this email within the last month.

2: AtData first encountered this email within the last year.

3: AtData first encountered this email over a year ago.

velocity integer
A score from 0 (no activity) to 10 (most active), reflecting the activity of the email address over the last 6 months.
Example: 10

popularity integer
A score from 0 (no sources in 12 months) to 10 (most sources) gauging the popularity of the email address over the last 12 months based on the number of sources from which AtData has received the address.
Example: 10

dam object

Similar to the EAM fields, the Domain Activity Metrics reflect activity at the domain level. Again, new or recent domains are more risky.

date_first_seen string
The date the domain first appeared in AtData's records.
Example: 2002-11-09

longevity integer
A score from 0 to 3 indicating when AtData first encountered the domain.
Example: 3

velocity integer
A score reflecting the activity of the domain over the last 6 months, from 0 (no activity) to 10 (most active).
Example: 10

popularity integer
A score gauging the popularity of the domain over the last 12 months based on the number of sources from which AtData has received the address, from 0 (no sources in 12 months) to 10 (most sources).
Example: 10

safe_to_send object

AtData's SafeToSend Email Verification service checks whether an address can receive email and whether sending to that address could hurt your ability to reach customer inboxes. It helps you identify invalid, misspelled, fake, and risky addresses, including spam traps.

If an email address is flagged returns an invalid status, reject it.

address string
Contains the input email address.
Example: [email protected]

status string
The summary status of the SafeToSend Email Verification result. These values describe deliverability and mailing risk.
Possible values:

safetosend: The email address passed all SafeToSend checks. It is safe to mail and is backed by AtData's deliverability guarantee.

valid: The email address passed most SafeToSend checks, but mailbox deliverability could not be confirmed. The address appears valid, but it may still bounce.

invalid: The email address is not safe to send to. It has incorrect syntax, an inactive domain, or a mailbox that does not exist. Do not send email to this address.

trap: The email address is valid, but mailing it could cause delivery issues, such as triggering spam filters. Examples include spam traps, honeypots, disposable addresses, and complainers. Do not send email to these addresses.

unknown: AtData could not complete the checks for this email address, so it carries a higher bounce risk.

corrected: This status applies only to files submitted through InstantData or the List API. The original address contained a syntax or spelling error, but AtData corrected it. Find the corrected address in your results file's "Valid Email" column.

status_code integer
A range from 5-999 will always be returned and describes the detailed results of the validation within the status categorization. For a full list of possible values, go to the SafeToSend Email Validation Status Codes page.
Example: 50

domain_type string
An optional field, indicates the type of the domain.
Possible values:

biz: The domain of a corporation or business.

disposable: The domain is used to create temporary email addresses. AtData assigns these domains an “invalid” status.

edu: An educational institution.

freeisp: A free Internet Service Provider.

gov: A governmental institution.

org: A non-profit organization.

paidisp: An Internet Service Provider that requires a paid subscription to create an email address.

parked: The domain does not have an active website.

privacy: The domain is used to protect the privacy of the user, e.g., Apple's Mail Privacy Protection.

wireless: Domains for wireless devices that must not be sent unsolicited emails, as per the FCC.

role_account boolean
An optional field, role_account is returned when the email address is identified as a role-based account. A role-based account represents a business function or group (e.g. sales, info, support, marketing or customer service), such as [email protected].
Example: true

email_corrections array
An optional field, if your API key is configured for corrections, and the input address has a syntax or spelling error, we may suggest one or more corrected forms of the address. The returned value is a JSON array of possible corrected email addresses.
Example: ['[email protected]']