Alerts and Alerts API
Alerts are created when a sign-up or lead score has a significant increase in risk after the initial vetting API call. We track IPs, emails, phones, and fingerprints for new risks every few minutes.
Alerts are created from community data as well as data feeds. If new data is found that matches past API calls, we notify via Alerts. Our goal is to keep you informed when the risk levels of your data changes. Some examples of when Alerts are created:
- an email that scored good yesterday is now reporting as sending phishing emails
- a phone is now linked with several different emails and different names
- an IP associated with new Bot emails is detected. Emails/IPs will be added to alerts
- an emaildomain has changed to use a disposable email service, and all emails are now disposable
- an email that looked OK and did not score as High Risk on your API call now has many moving periods and different names. The emails will then be reported as a Bot emails in Alerts. An example:
dayfingh@gmail.com (API call on Day 1)
da.yfingh@gmail.com (API call on Day 3)
day.fingh@gmail.com (API call on Day 3)
d.ayfingh@gmail.com (API call on Day 3)
dayfin.g.h@gmail.com (API call on Day 3)
When are Alerts created?
Our system creates Alerts when the risk hit on new data points is equal or higher than your Alert Score Threshold settings. For example, if you have Alert Score Threshold set at -50, then any risk hit matches after the fist API call on that data that you also have set to score -50 or worse will create an alert. Risk hits/labels set to score at -25 will not create alerts. If the initial score was -100 then no alerts are created.
Each Alert lists all the information from the original API call along with username, lead ID, and reason (such as Phishing, Disposable, Botnet) so you can understand the risk impact. Alerts can be configured in the Portal under API Key Settings. You can get Alerts via email or using our Alerts API, even integrate the data into Slack. Other settings include what data to track and the threshold for alerts.
Undeliverable Emails
Emails that will hard bounce are returned with Email: Undeliverable and Email: Invalid TLD (TLD invalid so no email will be delivered). We suggest scoring both of these labels the same to ensure non-working emails are scored properly.
The test/label of Email: MX Record Bad (no MX so email might not be delivered) is usually associated with issues but DNS does not require a defined MX. Our system will still check for Email: Undeliverable on MX Record Bad. Keep an eye on these and score accordingly.
Domains for Sale
We have seen a large spike in domains that are for sale (such as adrid.com, gkil.com) and used by high risk leads. Detection of services that offer domains for sale have been improved. Please adjust scoring of Domain: Parked For Sale to match your risk levels.
Email: Disposable
Disposable emails are often emails that are throw away addresses, many of them lasting just a short time. We consider these as high risk. We have over 50,000 domains on the disposable lists and add many new domains every day. Most we catch at the first API call, but those we miss are also added to Alerts as Disposable so you can remove them from your systems.