arrow left facebook twitter linkedin medium menu play circle

Digital Fraud Wiki

Email Reputation Service

What is an Email Reputation Service?

An email reputation service typically provides a risk score for an email address. The risk score is based on attributes such as the age of the email address, email frequency, and domain. Some email reputation services also validate identities using email-based information such as name, email address, IP address, and geolocation. Most email reputation services provide an API that organizations can use to integrate email risk scores with their existing fraud models. An email risk score can be used along with other attributes to assess the risk of a transaction.

What Should Organizations Know About Email Reputation Services?

Email reputation services rely on attributes related to an email address. And fraudsters constantly find ways to use email addresses and email domains so that they look like authentic, reputable users. While in the past, email reputation services were a reliable means of assessing the risk of an email address, that is no longer the case- fraudsters have figured out how to circumvent email risk scores. The ability to detect a fraudulent email address and analyze shared attributes across all transactions is critical for successfully managing transaction risk and preventing fraud. 

Email reputation services reference blacklists along with email metadata to assign a reputation score to an email address. Many fraudsters have email addresses and domains that are included on multiple blacklists, so they use throwaway email domains to bypass blacklists. A throwaway email domain is a temporary, disposable email address that expires in a short period. Disposable emails are created and used by fraudsters so quickly that few blacklists can keep up. And fraudsters make these disposable email addresses look authentic by adding custom domains. Fraudsters use custom domains primarily for email spoofing, creating email messages with a falsified sender address.

There are legitimate reasons why businesses and individuals would want a temporary email domain or a custom domain. Some consumers want to ensure their privacy. For example, if a well-known tech executive wants to avoid marketers, they might set up a temporary email domain. And a new business would need a new custom domain to send business emails. If a platform uses an email reputation service that starts to crack down on throwaway email domains and custom domains, it will likely lead to a higher number of false positives. More false positives would mean that more legitimate customers would encounter friction and have negative user experiences.

Contextual detection is critical when it comes to fraud detection. Data must be assessed with the benefit of context in order to understand what is and isn’t fraudulent.

Prevent Email Spam and Fraud with DataVisor

With all the cutting-edge technology currently available to modern fraudsters, it has become altogether too easy to impersonate legitimacy of virtually any kind. Fraudulent emails that seem perfectly authentic, sent from email addresses that appear totally normal, send us to fake websites that look 100% legitimate, where we enter our credentials into form fields that raise no suspicions whatsoever. This is just one example of activities that take place across the web every day, and even as technologies continue to advance, comparatively “traditional” techniques like phishing continue to simultaneously wreak havoc. Dealing with these issues on an incident-by-incident basis is a recipe for failure. The only solution that works is to address the problem holistically, relying on comprehensive data analysis performed at big data scale, and deploying proactive detection and prevention strategies that can track and identify the fraudster behind the fraud.

Additional References

Webinar: DataVisor Webinar – Dumb & Dumber vs. Oceans 11 The Sophistication Spectrum of Fraud

Solution: Transactional Risk Detection

Source: What Are Email Blacklists and How to Avoid Them, SendGrid

Source: Email spoofing, Malwarebytes