Threat intelligence API Docs Pricing Solutions Resources Contact us


Read other articles

Do You Know Your Domain’s Reputation Score?

Posted on August 28, 2018

In early 2017, a San Francisco-based online recruitment company blasted an email out to the 20,000 contacts it had accumulated on its list for years. It was the first delivery in several years. Most of the emails did not reach their intended readers. Later, system administrators determined that the Internet Service Provider (ISP) that supported the company’s domain name had blacklisted the domain name – without even the company knowing it!

Reputation Scoring API

Domain names and IP addresses

IP addresses identify individual devices attached to the internet. Domain names can be based on a single IP address or several addresses. The adoption of the IPv6 information packet transfer protocol created an explosion of IP addresses. Mailbox providers found the rapid growth of IP addresses too difficult to monitor, so they referred to domain-based authentication to make filtering decisions about the reputation of emails.

The approach that mailbox providers took also enabled them to more easily see email traffic across multiple IP addresses. They could then identify legitimate versus junk or “spoofed” emails. They could also more readily determine if the domains were responsible for spreading malware to computer users.

It’s up to you, then, to ensure ISPs are authenticating your domain with the high reputational level you’re expecting. They must keep up a good domain reputation. Domain level certification benefits you by providing a boost to your domain reputation. The promotion aids the filtering and deliverability of emails and keeps your domain name off malware blacklists.

Threat Intelligence Platform’s Domain Reputation API can proactively aid you in determining if your ISPs consider your domain of high or low reputation. It considers a domain’s website content, malware threat level, the underlying IP infrastructure, and more to assure you your message is getting through to current and potential customers.

IP Reputation

Domain and IP reputations are different concepts but they are interrelated. For instance, if you send an email from a low reputation IP, the service provider may not be able to deliver all the emails because the IP has a low reputation. However, a high-reputation IP has a much better chance of ensuring the emails reach recipients.

However, if your domain’s reputation is low, then even the emails sent from high-reputation IPs will probably not make it to potential readers.

The specific server from which you send emails dictates the IP reputation. ISPs offer dedicated and shared IPs; however, check the reputation of the ISP before you commit to sending emails through the service.

No matter the IP from which you’re sending emails, the domain reputation remains unique to the domain. You have to keep in mind though that the IP reputation can help or harm domain reputation. Users sometimes make the mistake of switching to low reputation ISPs that offer low reputation IPs, which can lower domain reputation.

A Case of Mistaken Identity

Sometimes without your knowledge you are associated with IP addresses that have a poor reputation. It may also be that you sent emails to the wrong recipient. Either way, the ISPs in their diligence against spoofing are watching domain level activity. In the event ISPs tar your domain as illegitimate, there are ways to shake off the label.

Domain reputation is portable. You can add new IP addresses to a domain, and you can move the domain to other IP addresses. You can also configure the domain to send emails from different systems, too, and shift from one Email Service Provider (ESP) to another. As long as your domain reputation is high, you have a great margin of flexibility. However, low domain reputations may result in emails categorized as spam. In other words, domains with good reputations have increased deliverability of your emails.

It’s important, then, for users to check the reputation of your domain regularly. You should take the opportunity before your domain has been blacklisted to repair outstanding issues that reduce the domain’s reputation in the filters of ISPs.

Do You Know Your Domain’s Reputation Score?

DIY Domain Reputation Building

The ISP’s infrastructure, the email distribution practices of companies and the content on websites and whether the domain has been involved in distributing malware tend to dictate the reputation of a domain.

How to Build Domain Reputation

Domain reputation is based on how consistent email messaging as well as the reputation of the IPs that send the emails. Domain reputation, however, takes time to build.

Warming Up Your Domain

It’s important to recall that ISPs have been shifting from filtering for reputation based on IPs to domain-based reputation. However, ISPs may assume that a new domain could be untrustworthy because the domain does not have a reputation yet. ISPs can’t readily trust the emails sent from the domain.

You can send small quantities of messages from a new domain to recipients already following your messaging. The high level of reader engagement builds domain reputation more readily than if you just sent out emails to a random sampling of recipients. Subsequently, you can send more messages with a broader scope of reader engagement. However, you should do this in a consistent, systematic fashion so the ISP does not call your domain out for suspicious activity.

Be Sure of Your Domain Classification

ISPs typically ask registrants to classify the industry in which the registrant operates. ISPs then ensure the emails sent from the domain are consistent with the industry you chose at registration. For example, you’ve registered your domain under the “accounting” category; however, you are sending emails associated with the “IT services” category. There’s a great likelihood your ISP will flag your domain as less reputable than they would be if you had been more accurate in your email targeting.


Subdomains (like can sway domain reputation considerably. Subdomains provide ISPs with an easier way to track reputation than top-level domains (like Subdomains have a uniqueness that separates them from other domains and subdomains your company may be using.

For instance, if someone in your company sends out emails that contains broken links, the email will probably generate a great many complaints from recipients about spam. The ISP then tags the top-level domain as suspicious and will subsequently demote the reputation of the domain and any emails the domain generates. Subdomains solve that problem by isolating the potential damage that poorly executed email campaigns may cause for the top-level domain.

A History of Malware

Hackers move from domain-to-domain and IP-to-IP in the blink of an eye. They even have software that harvests IPs and domains specifically to use for malevolent ends. They create fake websites based on legitimate company sites to obtain user credentials. They also make websites whose sole purpose is to drop malware onto the machines of suspecting users.

ISPs keep track of this sort of behavior and blacklist domains in the same way they blacklist domains for sending out spam. When you acquire a previously owned domain, then, it is of paramount importance to investigate the provenance of a website from a cyber security perspective. The insights you gain from your research into the domain can benefit your business immeasurably.

Final Thoughts

While it can take some time to build the reputation of your domain, it’s important to first make sure the domain you’ve bought or one you’ve been using for some time has a high reputation among ISPs. A tool like Threat Intelligence Platform’s Domain Reputation API can go a long way towards ensuring that ISPs consider your domain and the emails you send from the source are of a high reputation level.

The API can tell you things impacting the reputation your domain that you may never have considered before. It collects and evaluates over 120 parameters to determine the domain’s reputation. You’ll find out whether it’s been flagged in the past as a source of malware. You can determine the IP infrastructure supporting the domain and whether there are suspect IPs you should address.

You can even discover previous owners of the domain through its WHOIS record to see how reputable they were. Taking the initiative in determining whether your domain is reputable may spare you months of frustration and potentially lost revenue from ISPs that consider your domain and the emails you send harmful.

Read the other articles
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.