The Do’s and Don’ts of IP Address Abuse Observability  

6 min read
7 December 2022
Gustavas Davidavičius

As the IPXO Abuse Prevention team continues to improve services and ensure high abuse observability at the Marketplace, let's take a look at the do's and don'ts that every IP address user should remember.

A laptop with a red X and a green checkmark on opposite sides and a magnifying glass in front.

The IPXO Abuse Prevention team is at the core of the Marketplace, making sure that we can offer top-notch services to our clients. Every day, we work hard to ensure that IP address abuse incidents are handled professionally and that both IP holders and IP lessees can trust the platform.  

Do you know how to recognize IP address abuse? Do you know whom to contact if abuse occurs and how much it costs to tackle the problem? Keep reading to find answers to all your burning questions.  

Key takeaways: 

  • The IPXO Abuse Prevention team solves 95%+ of IP abuse cases automatically while the remaining portion is handled manually. 
  • There are various types of IP address abuse that can harm IP reputation – some of most common being phishing, spam and copyright infringement – which is why abuse observability can be complex. 
  • IPXO has introduced an abuse incident handling fee that ensures optimized abuse-handling practices and functions as an incentive to communicate and solve abuse more effectively. 

IP address abuse and incident handling at the IPXO Marketplace  

As AbuseIPDB revealed, the number of IP address abuse reports over the last few years has grown significantly. From 5.6 million in 2017 to 162 million in 2021. An increased number of reports correlates with rapid IP abuse growth.

Fortunately, the sophisticated abuse observability mechanisms at IPXO can ensure that over 95% of abuse incidents are handled automatically for our clients. In fact, in early December 2022, that number climbed to 99.75%.

A pie chart representing manual and automated IP abuse handling at IPXO.
Automatic vs. manual IP address abuse incident handling at the Marketplace (December 7, 2022) 

Of course, some IP address abuse cases are simply more complex to handle than others. Due to current system limitations, these cases need to be reviewed manually so that we could take appropriate action in time. Moreover, abuse incidents with responses from the abuser must be reviewed by a team member of the Abuse Prevention team.  

In November 2022, we introduced the abuse incident handling fee for the cases our Abuse Prevention team must approach manually. The incident handling fee of $20 is applied for manually handled IP address abuse cases. Two unique incidents per customer are solved for free; however, if the threshold is exceeded, we charge for the first two incidents as well. 

The abuse incident handling fee serves as an incentive to improve communication with the clients and solve IP abuse more effectively. Moreover, the fee disincentivizes potential abusers, making IP lease too expensive for them. Simultaneously, this ensures better Marketplace health overall. Especially knowing that the illegal actions of one IP space holder can influence the well-being of another. 

Most common types of IP address abuse 

According to the internal data from our Abuse Prevention team, the most common types of manually handled IP address abuse at the IPXO Marketplace that are charged with an incident fee are: 

  • Phishing/Fraud – illegal attempt to retrieve confidential information, such as passwords or credit card numbers 
  • Spam – unsolicited e-mail messages, varying from harmless to criminal 
  • Trademark/Copyright Infringement – unlawful use of another person’s or brand’s copyrighted/trademarked work 
  • Malware – malicious software, encompassing such cyberthreats as viruses, Trojans and ransomware, that intentionally causes damage 
  • Hacking/Brute-Force attack – unauthorized intrusions designed to compromise computers and networks or violate privacy 
  • DDoS – attacks that aim to cause servers or web services to fail by flooding them with heavy traffic from multiple different sources 
  • Port Scanning – a method of querying the status of ports and the applications behind them, with the goal to exploit sensitive information 
A pie chart representing types of IP address abuse handled manually at IPXO.
Most common types of IP address abuse handled manually at IPXO (2022 Q3) 

Needless to say, different abuse types require different approaches and actions. Unfortunately, each type of IP address abuse has the potential to leave a long-lasting mark on IP reputation. This can paralyze hosting, marketing and cybersecurity companies. 

How IP address abuse affects IP address reputation 

When IP addresses are misused, they can end up on IP blocklists – like Barracuda or Spamhaus – that filter and block malicious or suspicious traffic. This can help ensure that potentially unreliable mail does not reach the intended recipients. For example, the Spamhaus Block List helps filter out over 3 billion mailboxes from spam, which, as you now know, is one of the dominating types of IP address abuse on the Marketplace. 

When it comes to phishing, IPs that are misused can also be blocklisted. Thus, easily accessible knowledge of fake domains that are exploited for phishing can protect users against abuse. 

Malware is another threat to IP reputation because it might enable cybercriminals to use infected computers to send spam or ransomware, launch DDoS attacks, commit e-banking or click fraud, or siphon off cryptocurrencies. Unfortunately, IP addresses of infected devices usually get blocklisted. 

Of course, much more sinister types of abuse exist. The distribution of child pornography, violence, hate speech and other heinous acts are especially damaging to IP reputation. What’s even worse is that abusers tend to jump from one hosting provider to another, discarding compromised IPs behind. Therefore, these are the types of abuse we prioritize dealing with.  

IP reputation is especially important when IP addresses are shared. Let’s say, a hosting provider allocates a /24 block to 254 clients and one of them sends spam. Unfortunately, that leads to the blocklisting of the entire block. In this case, the hosting provider experiences the greatest impact. That is because the reputation of the remaining 253 clients, who had nothing to do with spamming, is also affected.  

Abuse do’s 

While getting a hold of IP address abuse is not always easy, there are countermeasures that can help prevent abuse from occurring and IP reputation from deteriorating. Here’s how to reduce your risks of harming IP address reputation and avoid complicated abuse cleanup procedures. 

  • Employ legitimate software: Choose trustworthy installers to evade programs or plugins that could be bundled with malware  
  • Run updates: Update your software regularly to make sure it is up to date; otherwise, safety backdoors could appear 
  • Use multiple layers of security: Employ several layers of defense against potential security breaches in the network as the risks can occur on various levels 
  • Use proper security practices: Ensure proper network security by implementing complex passwords, SSH keys that secure connection to the server and consistent backups  
  • Prevent abuse from happening: Outsource the responsibility to professional abuse teams that can mitigate IP address abuse if you do not have internal resources 
  • Educate employees: Teach your staff about IP address abuse and how to cope when incidents occur to help tackle abuse cases faster and more efficiently 
Three people at a desk and one standing in front of a board giving a presentation.
IP address abuse awareness training 

Abuse don’ts 

If you take one piece of advice from this article, we hope it’s this one:

Do NOT avoid communication

One of the biggest problems we encounter as a service provider is the clients’ refusal to communicate. Needless to say, iIf we do not get a quick response, problems arise. If we get ignored, the only enforcement measure we have is to terminate services. This usually works as a communication starter with those who are unwilling to cooperate. That said, if the client deals with a problem, we gladly provide time for an investigation. 

Once we receive an IP address abuse report, we forward it to the responsible client. Each report is viewed individually, but, of course, it is crucial to remain cautious when it comes to potentially deceitful customer responses. The paradox is that, sometimes, abusers are the ones who are quick to cooperate. Why? Because they need time or seek to avoid consequences and possible lease agreement termination. 

Admittedly, sometimes our customers don’t read reports, which is crucial for effective communication. If the problem is unclear – contact us. If you do not understand what the report is about – rely on us to find out. 

Of course, how you deal with an abuse incident mostly depends on your business model. Even if the type of abuse is the same. We can take Virtual Private Networks (VPNs) as an example. VPNs stand in the middle between an internet service provider (ISP) and an internet end-user but do not host content. Therefore, it is not the VPN provider’s responsibility if someone engages in illegal activity. 

On the other hand, if you are a hosting provider, the situation is a little bit different. Let’s say you receive a copyright infringement claim, in which case it is crucial to remove the hosted content. Otherwise, copyright holders can sue you for illegal hosting. 

A person with a headset working in front of a computer with numbers 24/7 above.
Successful communication ensures faster IP address abuse case resolution

As abuse evolves, IPXO continues to innovate and learn 

At IPXO, we do our best to resolve abuse-related problems, improve our abuse handling mechanisms and invest in new abuse prevention measures to guarantee comprehensive abuse observability. We continue to apply the best practices to ensure the best in the market IP address abuse handling procedures, regardless of the type of abuse.  

Our work is paying of, and, today, more than 95% of all IP address abuse cases on the Marketplace are handled automatically. The issues that cannot yet be resolved automatically are swiftly and professionally resolved by our Abuse Prevention experts. And they keep advancing their knowledge of abuse every single day to provide services you can trust.  

Do you have any questions about minimizing the risks of IP address abuse or abuse incident handling procedures? Don’t hesitate to contact us via the IPXO Helpdesk

About the author

Gustavas Davidavičius

Senior Abuse Prevention Specialist

Gustavas is a Senior Abuse Prevention Specialist at IPXO. He specializes in the abuse desk policies, as well as IP reputation upkeep on the IPXO’s IP leasing and monetization platform.
Table of contents

Related reading

An open laptop with envelopes around it representing emails.
15 September 2022   •   Internet Protocol, IP Reputation

IP Warming for Email Campaigns: What Is It and Why Is It Important?

What is IP address warming? How does it work? What kinds of challenges can you face when warming IPs? How can you benefit from this practice? We've got all…

Read more
How to remove IPs from the Barracuda blocklist.
20 December 2021   •   IP Reputation

How To Remove IP From Barracuda Blocklist? A Comprehensive Guide

The Barracuda blocklist serves an important role, but how does it block IP addresses? And what steps must be taken to remove IPs from BRBL?

Read more
Spamhaus IP blocklist.
17 December 2021   •   IP Reputation

How To Remove IP From Spamhaus Blocklist: Step by Step Guide 2023

Have you found your IP address in a Spamhaus blocklist? Learn what that means and what steps you should take next.

Read more

Subscribe to the IPXO email and don’t miss any news!