Channels
The four ScamVerify™ verification channels, what data each returns, when to use them, and how cross-channel intelligence works.
ScamVerify™ provides four verification channels. Each is designed for a specific type of threat and returns a tailored set of signals. All four channels share the same risk score scale (0 to 100) and verdict system.
Phone
The phone channel verifies U.S. phone numbers against FTC/FCC complaint databases, carrier infrastructure data, robocall detection systems, and community reports.
Request
{
"phone_number": "+12125551234"
}Signals Object
The signals object in a phone response contains:
{
"signals": {
"ftc_complaints": 47,
"ftc_most_recent": "2026-01-15",
"ftc_categories": ["Robocalls", "Reducing your debt"],
"fcc_complaints": 3,
"carrier": "Bandwidth.com",
"line_type": "nonFixedVoip",
"caller_name": null,
"robocall_flagged": true,
"high_risk_carrier": true,
"community_reports": 12,
"community_scam_rate": 0.83
}
}| Field | Type | Description |
|---|---|---|
ftc_complaints | number | Total FTC Do Not Call complaints on record |
ftc_most_recent | string or null | Date of the most recent FTC complaint (YYYY-MM-DD) |
ftc_categories | string[] | Complaint categories reported (e.g., "Robocalls", "Warranties") |
fcc_complaints | number | Total FCC consumer complaints on record |
carrier | string or null | Telecom carrier name |
line_type | string or null | Line type: mobile, landline, voip, nonFixedVoip, tollFree |
caller_name | string or null | Registered CNAM (caller ID name) |
robocall_flagged | boolean | Whether the number is flagged in robocall detection databases |
high_risk_carrier | boolean | Whether the carrier is on the proprietary high-risk VoIP list |
community_reports | number | Total user-submitted community reports |
community_scam_rate | number or null | Ratio of scam reports to total reports (0.0 to 1.0) |
When to Use
Use the phone channel when you need to evaluate the risk of an incoming call, verify a phone number provided by a user, or screen phone numbers in a contact database. Common use cases include caller ID apps, CRM enrichment, and fraud screening for financial transactions.
URL
The URL channel verifies websites and domains against threat intelligence feeds, domain registration data, SSL certificates, and brand impersonation detection.
Request
{
"url": "https://secure-login.example.com/verify"
}Signals Object
The signals object in a URL response contains:
{
"signals": {
"domain_age_days": 12,
"registrar": "Namecheap, Inc.",
"ssl_issuer": "Let's Encrypt",
"ssl_age_days": 10,
"redirect_count": 3,
"brand_impersonation": {
"detected": true,
"brand": "Chase Bank",
"confidence": 0.92
},
"google_web_risk": "SOCIAL_ENGINEERING",
"urlhaus_listed": false,
"threatfox_listed": true,
"ipqs_risk_score": 88,
"community_reports": 0
}
}| Field | Type | Description |
|---|---|---|
domain_age_days | number or null | Days since the domain was registered |
registrar | string or null | Domain registrar name |
ssl_issuer | string or null | SSL certificate issuer |
ssl_age_days | number or null | Days since the SSL certificate was issued |
redirect_count | number | Number of HTTP redirects when accessing the URL |
brand_impersonation | object or null | Brand impersonation detection result |
google_web_risk | string or null | Google Web Risk threat type (e.g., SOCIAL_ENGINEERING, MALWARE) |
urlhaus_listed | boolean | Whether the domain appears in the URLhaus malware URL database |
threatfox_listed | boolean | Whether the domain appears in the ThreatFox IOC database |
ipqs_risk_score | number or null | IP Quality Score reputation score (0 to 100) |
community_reports | number | Total user-submitted community reports |
When to Use
Use the URL channel when you need to verify a link before a user clicks it, scan URLs in user-generated content, or evaluate domains during web scraping. Common use cases include link scanners, content moderation, browser extensions, and phishing detection in chat platforms.
Text
The text channel analyzes SMS and text messages for scam indicators. It combines AI-powered language analysis with automated sub-lookups of embedded URLs and phone numbers.
How Extraction Works
When you submit a text message, the pipeline:
- Extracts URLs from the message body (up to 3 URLs)
- Extracts phone numbers from the message body (up to 3 phone numbers)
- Runs sub-lookups on each extracted URL and phone number through the URL and phone pipelines
- Sends everything to AI analysis, which sees both the message text and the sub-lookup results
- Computes a unified risk score by combining the AI analysis (60% weight) with sub-lookup results (40% weight)
If you provide a from_number parameter, that sender's phone number is also verified through the phone pipeline and included in the sub-lookup results.
Request
{
"message": "URGENT: Your bank account has been compromised. Visit secure-verify.example.com or call 1-800-555-0199 to restore access immediately.",
"from_number": "+12125559876"
}Response Structure
{
"id": "txt_4821",
"message_hash": "a1b2c3d4e5f6...",
"risk_score": 78,
"verdict": "high_risk",
"confidence": 0.84,
"explanation": "This message exhibits multiple scam indicators...",
"red_flags": [
"Creates urgency with 'URGENT' and 'immediately'",
"Claims account compromise to provoke fear",
"Contains a suspicious URL on a 12-day-old domain",
"Includes a phone number for social engineering"
],
"scam_type": "bank_impersonation",
"extracted": {
"phone_numbers": ["+18005550199"],
"urls": ["https://secure-verify.example.com"]
},
"sub_lookups": {
"phones": [{ "...phone result..." }],
"urls": [{ "...url result..." }]
},
"unified_risk_score": 78,
"sources_checked": ["language_analysis", "phone_lookup", "url_lookup", "ai_analysis"]
}The sub_lookups object contains full phone and URL results for each extracted entity, using the same response format as standalone phone and URL lookups.
When to Use
Use the text channel when you need to evaluate SMS messages, chat messages, or any short-form text for scam indicators. Common use cases include SMS filtering apps, chat platform moderation, and customer support ticket screening.
The email channel analyzes full email messages. It includes everything the text channel does, plus email-specific analysis of sender reputation and authentication headers.
Additional Capabilities
Beyond the text channel's extraction and sub-lookup system, email adds:
Header authentication analysis - When you provide raw_headers, the pipeline parses SPF, DKIM, and DMARC results. Authentication failures directly boost the risk score (+15 for SPF/DKIM failures, +10 for return-path mismatch).
Sender domain analysis - The sender's email domain is evaluated for age, registrar, and brand impersonation. A 3-day-old domain sending emails that claim to be from a major bank is a strong scam signal.
Request
{
"email_body": "Dear Customer, We detected unusual activity on your account...",
"sender_email": "support@secure-banking-alerts.com",
"subject": "Urgent: Account Security Alert",
"raw_headers": "Received: from mail.example.com...\nAuthentication-Results: spf=fail..."
}Response Structure
The email response includes two additional objects not present in text responses:
{
"sender_analysis": {
"domain": "secure-banking-alerts.com",
"domain_age_days": 5,
"brand_impersonation": {
"detected": true,
"brand": "Wells Fargo"
}
},
"header_analysis": {
"spf": "fail",
"dkim": "fail",
"dmarc": "fail",
"return_path_mismatch": true
}
}| Field | Description |
|---|---|
sender_analysis.domain | The sender's email domain |
sender_analysis.domain_age_days | Days since the sender domain was registered |
sender_analysis.brand_impersonation | Whether the sender domain impersonates a known brand |
header_analysis.spf | SPF authentication result (pass, fail, softfail, neutral, none) |
header_analysis.dkim | DKIM authentication result |
header_analysis.dmarc | DMARC policy evaluation result |
header_analysis.return_path_mismatch | Whether the return-path domain differs from the sender domain |
If raw_headers is not provided, header_analysis will be null. The AI analysis and scoring still work without headers, but authentication signals will not contribute to the score.
When to Use
Use the email channel when you need to evaluate full email messages, especially when you have access to email headers. Common use cases include email security gateways, phishing detection for enterprise mailboxes, and customer-facing "is this email a scam?" tools.
Cross-Channel Intelligence
The text and email channels leverage the phone and URL pipelines internally. When a text message contains a phone number and a URL, the ScamVerify™ pipeline runs three lookups in one request:
- A phone lookup on the extracted number
- A URL lookup on the extracted link
- An AI analysis of the full message, informed by the sub-lookup results
This cross-channel approach catches threats that single-channel analysis would miss. A message might use innocent language, but if it links to a domain listed in ThreatFox, the unified score reflects that threat.
The sub-lookup results are included in the response under sub_lookups, giving you full visibility into each extracted entity's risk assessment.
Quota Allocation
Text and email lookups consume more resources than phone and URL lookups because they trigger multiple sub-lookups internally. To reflect this, text and email channels receive half the monthly quota of phone and URL channels:
| Plan | Phone/URL | Text/Email |
|---|---|---|
| Free | 50 each | 25 each |
| Starter | 1,000 each | 500 each |
| Professional | 3,000 each | 1,500 each |
| Business | 10,000 each | 5,000 each |
| Scale | 25,000 each | 12,500 each |
| Enterprise | 50,000 each | 25,000 each |
A single text or email lookup may trigger up to 6 sub-lookups (3 URLs + 3 phone numbers), but it only counts as 1 text or email lookup against your quota. Sub-lookups are not counted separately.
You can check your current quota usage at any time via the GET /v1/usage endpoint.