Botrisks

Address botrisk check

The botrisk check evaluates the risk that the address in question represents an automated bot, not a real person.

Syntax …/svc/2.0/address/botrisk/<address>
Example …/svc/2.0/address/botrisk/foo@ichbinspam.com
Parameter An ASCII email address as last part of the URL

Result

<botriskStatus>
    <infoIds>
        <infoId>a:foo@ichbinspam.de</infoId>
    </infoIds>
    <result>10</result>
</botriskStatus>

or

{"infoIds": [a:foo@ichbinspam.de], "result": 10}

The service looks for typical naming patterns in different parts of the address and returns the sum. Additionally the mailexchangers of the domain are checked, if they are known for bot activity. The result document contains:

  • result: the evaluation result
    • 0: normal risk, nothing found
    • 10: slightly increased risk, a part of the address is suspiciuos
    • 20: medium risk, some parts of the address are suspicious
    • 30: high risk, the complete address is suspicious OR all mailexchangers of the domain are known for bot activity
  • infoIds: if the result is > 0, this contains IDs for looking up more information about a botrisk resource.

Functionality

The service tests the requested address and parts of it against different types of entries stored in the botrisk database table:

  1. the complete address against address entries
  2. the domain only against domain entries
  3. the local part only against local part entries
  4. the complete address against regex entries

If a match is found a risk result (>0) is returned. In case of multiple matches the risk increases. The IDs of the matching entries are also returned for further lookup.

If the risk isn’t already high according to the previous test, the mailexchangers are tested. The mailexchangers are looked up in the mx table. Only if all mailexchangers are found and have the botrisk flag set, a high risk is returned.

The final result is the maximum risk calculated by the tests.

Each execution of the check will be documented as a business event (database table business_event) with type 112.

Information about a botrisk resource

The botrisk info API call returns information about botrisk resources. Bots can be identified by their naming patterns, which are documented here.

Syntax .../svc/2.0/info/botrisk/<id>
Example .../svc/2.0/info/botrisk/a:foo@ichbinspam.de
Parameter An ID (number) as the last part of the URL (with prefix `a:` for an address and `m:` for a mailexchanger name)

Result

<botRiskInfo>
    <botriskType>1</botriskType>
    <id>foo@ichbinspam.de</id>
    <owner>A botrisk provider name</owner>
    <remarks>Details about the bot, its maintainer</remarks>
    <url>http://bot-maintainer.com</url>
</botRiskInfo>

or

{
  "botRiskType": 1,
  "id": "foo@ichbinspam.de",
  "owner": "A botrisk provider name",
  "remarks": "Details about the bot, its maintainer",
  "url": "http://bot-maintainer.com"
}

The structure of the result document is:

  • botRiskType: the part of the address or pattern that lead to the risk estimation
    • 1: domain name
    • 2: local part
    • 3: complete mail address
    • 4: regular expression
    • 5: botrisk mailexchanger
  • id: resource ID
  • owner: the name of the maintaining entity, if known
  • remarks: details about the resource
  • url: a URL with more informtion about the bot, its maintainer

Functionality

If no data is available for an ID the server will signal this with HTTP response code 204 (No Content) and return no result (null).

Each execution of the call will be documented as a business event (database table business_event) with type 113.