How Scoring Works

Risk Score Overview

Every ScamVerify™ lookup returns a risk score from 0 to 100, where 0 means no indicators of fraud and 100 means a confirmed scam with high-confidence evidence. The score is not a simple average. It is produced by a hybrid scoring engine that combines a rules-based calculation with AI analysis, enforcing hard floors that cannot be overridden.

The scoring system follows a three-step process:

1. Rules engine calculates a base score from structured data sources (FTC complaints, carrier type, threat feeds, domain age, etc.)
2. Hard overrides set a minimum floor based on high-confidence signals that must never be bypassed
3. AI analysis sets a risk score, but the final score can never fall below the override floor

If AI analysis is unavailable, the rules engine score becomes the final score.

Phone Number Scoring

Phone scoring draws from the widest range of data sources. Each signal contributes points to the base score:

FTC complaint volume (0 to 30 points) Numbers with more FTC Do Not Call complaints receive higher base scores. A number with 100+ complaints receives the maximum 30 points, while a number with 1 to 4 complaints receives 4 points.

FTC robocall percentage (0 to 10 points) When a high percentage of FTC complaints mention robocalls, additional points are added. 80%+ robocall rate adds 10 points.

FTC recency (0 to 10 points) Complaints filed in the last 90 days indicate an actively abusive number and add up to 10 points.

FCC complaints (0 to 10 points) FCC consumer complaints are scored separately from FTC data.

Robocall database flags (0 to 15 points) Numbers flagged in industry robocall detection databases receive 15 additional points.

Carrier risk (0 to 10 points) ScamVerify™ maintains a proprietary list of 18 high-risk VoIP carriers commonly used by scammers. Numbers on these carriers receive 10 additional points.

VoIP with no caller ID (0 to 5 points) Non-fixed VoIP numbers with no registered caller name are penalized.

Safety deductions Numbers on major carriers (T-Mobile, Verizon, AT&T) with personal caller ID names receive negative points, reducing the score. Toll-free numbers with registered business caller IDs also receive a deduction.

Phone Override Floors

Certain signals enforce a minimum score that AI analysis cannot lower:

URL Scoring

URL scoring evaluates domain reputation, infrastructure signals, and threat intelligence:

Domain age - Newly registered domains (under 30 days) are significantly riskier than established domains. Domain age is determined through RDAP/WHOIS lookups.

Threat feed listings - Domains listed in URLhaus (malware URL database) or ThreatFox (IOC database) receive substantial score boosts. These are high-confidence signals.

SSL certificate analysis - Missing, expired, or recently issued SSL certificates contribute to the score. The certificate issuer and validation type are also evaluated.

Brand impersonation - The system detects when a domain mimics well-known brands (banks, tech companies, government agencies). Detected impersonation significantly increases the score.

IPQS reputation - IP Quality Score provides a phone and URL reputation score that feeds into the rules engine.

Redirect chains - Excessive redirects, especially cross-domain redirects, increase the score. Legitimate sites rarely redirect through multiple unrelated domains.

Google Web Risk - Google's threat classification (phishing, malware, social engineering) contributes to scoring when available.

Community reports - User-submitted reports of scam or safe activity are factored in.

URL scoring also uses override floors. A domain listed in URLhaus or ThreatFox, or flagged by Google Web Risk, enforces a minimum score regardless of what other signals suggest.

Text Message Scoring

Text message scoring uses a two-component model:

• AI analysis (60% weight): The AI model analyzes the message content for urgency language, impersonation tactics, suspicious links, and known scam patterns. It returns one of four verdicts: safe, low_risk, medium_risk, or high_risk.
• Sub-lookup results (40% weight): URLs and phone numbers extracted from the message are verified through the phone and URL pipelines. Their risk scores feed back into the text score.

The system extracts up to 3 URLs and 3 phone numbers from each message.

Verdict floor promotion: If a sub-lookup finds a high-risk URL (score above 70) or an invalid phone number, the text verdict is promoted to at least medium_risk, even if the AI rated the message as safe. This prevents a well-written scam message from hiding behind innocent-sounding language when it contains a known malicious link.

The AI base scores map as follows:

Sub-lookup boosts are then applied: +20 for a high-risk URL, +15 for an invalid phone number. The final score is clamped to the 0 to 100 range.

Email Scoring

Email scoring uses the same two-component model as text, with additional signals from email authentication headers:

SPF/DKIM failures (+15 points) If SPF or DKIM authentication fails, the score receives a 15-point boost. These failures indicate the email was not sent from an authorized server.

Return-path mismatch (+10 points) When the return-path domain does not match the sender domain, an additional 10 points are added. This is a common indicator of spoofed sender addresses.

DMARC results DMARC policy evaluation results are included in the analysis but weighted through the AI component rather than directly adding points.

Sender domain analysis The sender's domain age, registrar, and brand impersonation status are evaluated. A newly registered domain sending emails that impersonate a known brand is a strong scam indicator.

Like text scoring, email also applies verdict floor promotion when sub-lookups or authentication failures indicate risk.

Confidence Scores

Every response includes a confidence field, a decimal from 0.0 to 1.0 that indicates how certain the system is in its assessment. Confidence is distinct from risk score.

A result with risk_score: 80 and confidence: 0.95 means the system is very confident this is high-risk. A result with risk_score: 80 and confidence: 0.4 means the signals suggest high risk, but the system has limited data to work with.

Confidence is influenced by:

• Number of data sources that returned results. More sources checked means higher confidence.
• Agreement between sources. When FTC data, carrier analysis, and AI all agree, confidence is high. Conflicting signals lower confidence.
• Community report volume. More community reports (in either direction) increase confidence.
• AI analysis availability. When AI analysis fails or is degraded, confidence drops.

AI-Generated Explanations

Every lookup includes an explanation field containing a plain-English narrative that synthesizes all signals into a readable assessment. The AI model receives the raw data from every source and produces a contextual summary.

For example, a phone lookup explanation might read:

"This VoIP number has accumulated 47 FTC Do Not Call complaints since 2024, with 68% of complaints reporting robocalls. The carrier is commonly associated with telemarketing operations. Recent complaint activity in the last 90 days suggests the number is still actively in use."

The explanation is generated by GPT-4o-mini as the primary model, with Claude Sonnet 4 as the fallback. If both AI providers fail, a rules-based explanation is constructed from the structured data.

Scoring Transparency

The exact weights and thresholds used in the scoring algorithm are proprietary. The information on this page describes the general methodology so you can understand what drives each score. The signals object in every API response gives you full visibility into the individual data points that contributed to the final score, allowing you to apply your own logic on top of the ScamVerify™ assessment if needed.