IP risk scoring is a way of assessing the likelihood that a given IP address will deliver malicious attacks to your infrastructure. It is based on a number of data points relating to the IP, network and user context of the transaction, including geolocation, proxy and VPN use, abuse velocity and other similar indicators.
Reputation & Location
The first key piece of information that can be gleaned from a user’s IP address is their location. This is usually derived from a tagged geolocation if available, or by checking a user’s originating IP address against a database of addresses associated with known fraudsters.
IP Risk Scoring: What It Is and How It Can Improve Your Cybersecurity Defenses
Fraudsters use proxies to mask their location and connect from a different country or area code than they are physically located. Good risk scoring tools will utilize proxy detection, which will negatively score transactions made from a connected device behind a proxy.
Reputation
The reputation of a given IP address is derived from a combination of factors, such as recent behavior, IP behavior, geolocation and network setup. A high reputation means that the IP has been used by humans for legitimate activities, while a low reputation indicates that it has been used by bots and other non-human activity.
Reputation is essential for email deliverability – it influences whether a given email is delivered to a recipient’s inbox or discarded as spam. A lower reputation means that your server IP will likely be blocked or blacklisted by email service providers.