ScamVerify™
Resources

Glossary

Definitions of key terms used throughout the ScamVerify™ API documentation.

Verdict

The overall risk classification assigned to a lookup result. One of: safe, low_risk, medium_risk, high_risk, or critical. Derived from the risk score and contributing signals.

Risk Score

An integer from 0 to 100 representing the estimated threat level. Higher scores indicate greater danger. The score is calculated from multiple data source signals and weighted by an AI model.

Confidence

A measure of how much data was available to inform the risk assessment. Low confidence means limited data (for example, a newly registered domain with no threat feed matches). A low-confidence result should be treated as "unknown" rather than "safe."

Signals

The raw data points that contributed to a risk score and verdict. Returned in the signals object of every response. Examples include ftc_complaints, carrier, line_type, robocall_detected, urlhaus_match, and header_analysis.

Cached Lookup

A lookup that returns a previously computed result instead of querying data sources again. Results are cached for 24 hours. Cached lookups are indicated by cached: true in the response and do not consume quota.

Force Refresh

A request parameter (force_refresh: true) that bypasses the 24-hour cache and triggers a fresh lookup against all data sources. Force refreshes consume quota.

FTC

The Federal Trade Commission. The FTC maintains the Do Not Call Registry and publishes consumer complaint data. ScamVerify™ syncs 2.79M+ FTC complaint records hourly.

FCC

The Federal Communications Commission. The FCC publishes consumer complaints about phone calls, including robocalls and spoofing. ScamVerify™ syncs FCC data automatically.

CNAM

Caller Name. A telephony database that maps phone numbers to the registered name of the subscriber. Returned as part of phone lookup signals when available via Twilio.

VoIP

Voice over Internet Protocol. A phone line type indicating the number is internet-based rather than a traditional landline or mobile carrier. VoIP numbers are inexpensive and commonly used by both legitimate services and scam operations.

Line Type

The classification of a phone number's connection type. Possible values: mobile, landline, voip, or unknown. Returned in the signals.line_type field of phone lookup responses.

IPQS

IP Quality Score. A third-party fraud detection service used by ScamVerify™ as one of multiple data sources for phone and URL reputation scoring. IPQS data is combined with other sources and is not exposed directly in API responses.

URLhaus

A project by abuse.ch that tracks malware distribution URLs. ScamVerify™ checks every URL lookup against the URLhaus database. A match indicates the URL has been associated with malware distribution.

ThreatFox

A project by abuse.ch that collects Indicators of Compromise (IOCs) shared by the security community. ScamVerify™ maintains 54,000+ malicious domains from ThreatFox and checks them during URL lookups.

SPF

Sender Policy Framework. An email authentication protocol that allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. Checked during email analysis when raw headers are provided. A fail result suggests the sender may be spoofing the domain.

DKIM

DomainKeys Identified Mail. An email authentication protocol that uses cryptographic signatures to verify that an email was not altered in transit and was sent from an authorized server. Checked during email analysis when raw headers are provided.

DMARC

Domain-based Message Authentication, Reporting, and Conformance. An email authentication protocol that builds on SPF and DKIM to provide domain alignment verification. Checked during email analysis when raw headers are provided.

Brand Impersonation

A detection signal indicating that an email appears to impersonate a known brand (such as a bank, technology company, or government agency). Returned in the signals.brand_impersonation field of email analysis responses.

Sub-Lookup

A secondary lookup triggered during text or email analysis. When the API finds embedded URLs or phone numbers in a text message or email body, it automatically verifies each one. For example, analyzing a phishing email might trigger URL lookups for every link found in the body. Sub-lookups are included in the response and do not consume additional quota.

Unified Risk Score

The final risk score for text and email analyses, calculated by combining the AI content analysis score (weighted at 60%) with sub-lookup results for embedded URLs and phone numbers (weighted at 40%). If a high-risk URL or scam phone is found, the score is promoted to at least medium_risk regardless of the weighted average.

Grace Buffer

A 10% overage allowance on paid plan quotas. If your plan includes 1,000 phone lookups, you can make up to 1,100 before hitting the hard cap. The grace buffer prevents service disruption from minor overages. The free tier has no grace buffer.

RPM

Requests Per Minute. The rate limit for API calls, measured across all endpoints combined. Exceeding your RPM returns a 429 response with a Retry-After header. RPM limits range from 10 (Free) to 600 (Scale), with custom limits for Enterprise plans. Batch requests count as a single request toward RPM regardless of batch size.

FAQ

Frequently asked questions about the ScamVerify™ API for developers.

On this page

VerdictRisk ScoreConfidenceSignalsCached LookupForce RefreshFTCFCCCNAMVoIPLine TypeIPQSURLhausThreatFoxSPFDKIMDMARCBrand ImpersonationSub-LookupUnified Risk ScoreGrace BufferRPM