The botrisk check evaluates the risk that the address in question represents an automated bot, not a real person.

ParameterAn ASCII email address as last part of the URL




{"infoIds": [], "result": 10}

The service looks for typical naming patterns in different parts of the address and returns the sum. Additionally the mailexchangers of the domain are checked, if they are known for bot activity. The result document contains:

  • result: the evaluation result
    • 0: normal risk, nothing found
    • 10: slightly increased risk, a part of the address is suspiciuos
    • 20: medium risk, some parts of the address are suspicious
    • 30: high risk, the complete address is suspicious OR all mailexchangers of the domain are known for bot activity
  • infoIds: if the result is > 0, this contains IDs for looking up more information about a botrisk resource


The service tests the requested address and parts of it against different types of entries stored in the botrisk database table:

  1. the complete address against address entries
  2. the domain only against domain entries
  3. the local part only against local part entries
  4. the complete address against regex entries

If a match is found a risk result (>0) is returned. In case of multiple matches the risk increases. The IDs of the matching entries are also returned for further lookup.

If the risk isn’t already high according to the previous test, the mailexchangers are tested. The mailexchangers are looked up in the mx table. Only if all mailexchangers are found and have the botrisk flag set, a high risk is returned.

The final result is the maximum risk calculated by the tests.

Each execution of the check will be documented as a business event (database table business_event) with type 112.