28 October 2022 | 4 min read

Abuse Incident Handling Process at the IPXO Marketplace 

Learn how IPXO handles abuse incidents and ensures best-in-class security standards.

Why is it important? 

Abuse observability and incident prevention are at the center of all IPXO operations. Ensuring trust in and integrity of our services is a big priority. Thus, we employ best-in-market tools and security solutions to face the most common security challenges head-on.  

Constantly improving practices applied by our Abuse Desk – including KYC, automated risk controls and report processing – and providing ongoing support keeps the Marketplace safe. 

If IP addresses are used for unsolicited/malicious/criminal activities, they will end up on blocklists – lists of malicious or untrusted IPs. In the best-case scenario, this could result in a temporarily unusable IP resource. In the worst-case scenario, the IP holder could suffer reputational damage. Or even lose asset value both in the selling and lease markets. 

Note that Some IP blocklists have a more severe impact on IP usability than others. For example, the Spamhaus Don’t Route or Peer (DROP) blocklist lists stolen IPs or IPs used in spam hosting operations. Another example is the UCEProtect Level 3 blocklist that denotes the so-called worst ASNs (autonomous system numbers). 

What are the common types of IP address abuse? 

  • Spam: Unwelcome emails sent to numerous recipients during large-scale campaigns 
  • Malware/Ransomware: Malicious code installed on a device without the user’s knowledge and/or consent to gain access to personal data, add a device to an illegal botnet, damage it or encrypt data and demand a ransom 
  • Fraud/Phishing: Deceptive links introduced to internet users via misleading messages, like emails, or deceptive domains that may resemble or look identical to reputable domains to gather login credentials and personal information illegally 
  • Hacking/Brute-Force attack: Exploits of software code vulnerabilities and configuration errors that help gain unauthorized access to private data or take over control of the resource 
  • DDoS attack: An attempt to make online services unavailable by overwhelming them with heavy traffic from multiple sources 
  • Port scanning: Series of activities targeted to covertly or openly enumerate listening to active services and their ports on the targeted system/network 
  • Trademark/Copyright infringement: An illegal use of copyrighted or trademarked material without explicit consent from its rightful owner 
  • Unacceptable/illegal materials: Any material that is considered illegal, including hate speech, violence, illegal/offensive activities, child abuse, sexual abuse, etc.  
  • Other: A category that clients can use to report abuse that does not fit into the categories listed above 

How do we handle the process? 

The IPXO Abuse Prevention team employs 80+ reputation engines to check for malicious or untrusted IP resources. This helps maintain the reputation of leased IP addresses and simultaneously enables predicting IP abuse. 

All IP addresses are checked before they are added to the Marketplace. This helps prevent disreputable IPs from entering the platform in the first place. Once IPs are in the Marketplace, IPXO assumes the responsibility to handle all abuse reporting and dispute resolution with abusers. 

The repercussions can be profound, and those interested in selling or monetizing IPv4 addresses via leasing should be especially motivated to keep their IP assets off important blocklists. Otherwise, the assets could lose monetary value, and selling or leasing them could become extremely difficult. 

Cybersecurity checks and mitigation 

The main mission of the IPXO Abuse Prevention team is to perform client background checks when they first join the platform and also maintain the reputation of the IP resources that are put up for lease. These essential tasks would not be possible without the following mechanisms: 

  • KYC checks: IPXO Marketplace clients go through strict KYC checks so we can disable potentially unreliable parties from joining the platform and catch existing IP reputation issues before IP addresses are put up for lease 
  • Direct reporting: Automated IP reputation checks and direct reporting ensure that IPXO clients can freely access information about the reputation of the leased IPs 
  • IP address monitoring: IP monitoring helps maintain the reputation of the leased resources. 80+ reputation engines are employed to help cross-check IP addresses and catch any abuse incidents 
  • Professional abuse prevention team: The IPXO Abuse Prevention team is trained to evaluate clients who want to join the IPXO Marketplace, handle all abuse incidents and maintain IP address reputation 
  • Automated abuse reporting system: An automated abuse reporting system enables quick processing of templated abuse reports, so that the Abuse Prevention team can focus on cases that require manual handling 

More than 90% of all abuse reports received by the IPXO Abuse Prevention team are handled automatically. Only a fraction requires manual handling, which ensures that the team can address all abuse incidents quickly and efficiently. 

Manual incident mitigation

Handling irregular/untemplated reports, law enforcement subpoenas, escalated automated case sequences requires manual intervention from the Abuse Prevention team. It is done to ensure coverage, timely response and effective abuse mitigation. A higher level of abuse reporting is more common in certain verticals (e.g., hosting, marketing, cybersecurity) due to the higher risk profile of their business operations.

We offer services to help customers assess their risk areas and minimize abuse incidents. 

If you have any questions about abuse incident handling procedures at IPXO or need assistance with cybersecurity challenges, please contact us via the Support Helpdesk. 

Note: Starting November 1, 2023, the application of the Manual Incident Handling Fee is suspended.

Contact Customer Solutions

If you have any questions, contact our Customer Solutions Team