Domain risk data
Domain risk data includes:
- whether the domain has a reputation for high risk on the minFraud network,
- how long ago the email domain was first seen on the minFraud network,
- the relative volume of the email domain across the minFraud network,
- a classification of the domain such as whether it is associated with a business,
- and details on the status of the domain based on an automated visit.
These data points will only be returned when you pass the domain or the unhashed email address as an input to the minFraud Insights and Factors web services. Learn more about passing inputs to minFraud.
Domain reputation score
We provide a domain risk score as a percentage ranging from 0.01 to 99. A higher score is provided if an email domain is associated with risky activity across the minFraud Network. This can be helpful when assessing sign-ups or referral traffic, particularly in a business-to-business context, or other transactions where the email domain is one of reasons behind a high overall risk score.
You can read the API specifications for domain risk on our developer portal:
Domain first seen
The minFraud service retains a record of when an email domain was first seen on the minFraud Network. The minFraud services have been recording when an email domain was first seen since 2019.
The minFraud services also track how long we've seen a particular email domain (for example, gmail.com, hotmail.com, etc.). Customers with email address domains that have only recently been seen may not conduct many transactions, or the domain could be new. Alternatively, this could indicate a fraudster creating a new email domain to fake being a legitimate business or to avoid having a history of use.
You can read the API specifications for domain tenure tracking on our developer portal:
Domain volume
Domain volume shows how frequently an email domain appears in the minFraud Network. The value shows how many times per 1 million transactions we have seen that domain (rounded to 2 significant figures). For example, gmail.com might show 630,000, meaning it appears in about 63% of transactions at a point in time. A large business domain such as microsoft.com might show 6 (about 0.0006% of transactions at a point in time). Smaller business domains with less traffic will have much smaller values.
This can help with estimating how big a business is based on email domain volume. Depending on your business, high-volume business domains might signal higher or lower risk.
This data can also be helpful for B2B sales and marketing teams doing lead qualification and pipeline enrichment.
You can read the API specifications for domain volume on our developer portal:
Domain classification
We classify whether a domain is likely a business domain based on the history of its use in the minFraud Network and other checks we perform. The classification tends to be more accurate for larger businesses, which can be cross-referenced with the /email/domain/volume field. This can be helpful in screening transactions in a B2B context.
Other domain classifications include educational institutions, government institutions, and email domains provided by ISPs to their subscribers. We may add further domain classifications in the future.
You can read the API specifications for domain classification on our developer portal:
Domain visit
As part of the minFraud risk scoring analysis, we perform an automated visit of the domain to check for fake, suspicious, or non-existent domains. The date the visit was performed and a flag for whether the domain has redirect(s) set-up is also provided.
We provide a status that classifies the result of the automated visit:
|
Status |
Description |
|
live |
The domain is reachable and serving content normally |
|
dns_error |
The domain is missing, expired, or DNS is misconfigured |
|
network_error |
The domain is offline, blocked, or unreachable |
|
http_error |
The domain is reachable but the web application had a problem or denied the request |
|
parked |
The domain is live and is in a parked state |
|
pre_development |
The domain is live and is in a pre-development state |
The domain visit status can be used to assess the validity of the domain used in the transaction and flag possible suspicious domains.
We do not recommend relying on the domain visit status by itself to automatically reject or approve transactions. It is also best to check the date the domain was last visited to ensure the status is recent.
For domains that are totally new to the minFraud network, the status and related fields will be initially unavailable but should be populated shortly thereafter if the domain appears again in a future minFraud transaction.
Domains that had a redirect during the automated visit are flagged. If there is a redirect, the domain visit status applies to the last domain visited. There are many legitimate reasons for redirects, but it may also indicate an attempt at hiding the actual domain.
Automatic domain visits are made for low-volume and newly-sighted domains on the minFraud network. High volume domains such as those for email providers and large businesses will not have domain visit outputs in the response.
You can read the API specifications for domain visit fields on our developer portal: