IP Address Validation: What Can I Learn From an IP Address?

What is DOTS IP Address Validation? First, it helps to understand what an IP address is.

IP addresses are like a mailing address, but for devices on the internet. It is a 32-bit number that uniquely identifies a device and their network. An IP address is typically written in decimal digits, formatted as four 8-bit fields separated by periods. Each 8-bit field represents a byte of the IP address. This form of representing the bytes of an IP address is often referred to as the dotted-decimal format. The bytes of the IP address are further classified into two parts: the network part and the host part.

So what is IP Address Validation and what does it do?  It is a real-time API service that analyzes IP addresses to determine their quality while returning key details like location and device type. These details can be used in a number of different ways, from helping fight fraud to geo-targeting your marketing message for better campaign performance.

The service is simple to integrate and only requires two inputs: an IP address and the license key. From there, our algorithms take over and compile its findings into the following output fields.

Output fields from IP Address Validation


This is an overall score given to the body of the outputs with respect to the accuracy of the results provided. This number may vary based on several underlying factors, including data source. The score can range from 0 to 100, and with typical results in the high 90’s.


The city location of the IP address.


The state, province or region (depending on the country) location of the IP address.


The country location of the IP address. With this information, our customers can flag countries that have unique compliance or regulatory rules, like the EU’s General Data Protection Regulation (GDPR) as an example. Other customers have used this in their call centers to ensure the customer service representatives assigned to the customer can speak the native language(s) of the country flagged.

CountryISO2/ CountryISO3

Two and three letter abbreviations CountryISO2 and CountryISO3 respectively, which can easily be programmed against, among other things.

Country, along with the other location data points, can be used to identify where your traffic is coming from and how to serve up information to people in different countries or areas. It can also be used to exclude countries or areas as well: for instance, if there is a particular country that does not make sense to do business with based on your business model or product type, you could exclude those IP addresses from participation on parts of your web site, or even exclude them from submitting forms and serve up different content.


The US postal code of the IP address (US only).


The state Federal Information Processing Standards code for the IP address. This code is used to uniquely identify states (US only).


The County Federal Information Processing Standards code for the location of the IP address. This code is used to uniquely identify counties throughout the US (US only).

Designated Market Area (DMA)

This is also a US only data point. It represents a media market or broadcast (television or radio) market, also known as a media region where people in that area will get the same broadcasts. Think advertising and getting your message across to a group of people in the same market. This data point also works well for customizing internet advertising and offerings.


This is tied directly to the Designated Market Area (DMA) and the code for the market DMA (US only).


The latitude and longitude coordinates for the IP address. Among other things, you can plot these coordinates on a map, or find distances between IP addresses, as well as, the distance between you and the IP address. Or even better, the distance between your warehouse and the IP address. These come back as separate fields in the output for easy processing.


IsProxy is a true or false flag that indicates if the IP is a known proxy. ProxyType describes the type of proxy it is. These will also come back in the validation response in separate fields. Proxy servers are like middlemen that all your web traffic runs through, essentially hiding your actual IP address and potentially filtering content coming and going through the proxy. You may want to handle varying proxies in different ways, such as not processing any records coming from an anonymous proxy or deliver different content to users behind a satellite proxy. These are the types of proxies we flag for:


These are users that are not found to be behind a proxy.


A proxy server that is openly available and accessible by any internet user.


A dedicated server that is used exclusively by one client at a time.


A proxy server that does not reveal the users real IP address.


Proxy is provided by a satellite connection. Typically used to provide an internet connection to rural areas.


As you may have guessed from the name of this field, it indicates if the IP address is believed to be coming from a mobile device. Again, this can be used to deliver content differently. It can also help with analysis of your user base to gain better a understanding of how your web site is being accessed or what group of users tend to respond better to your offering.


The Internet Service Provider (ISP) that assigns the IP address.


The network owner to which the IP address is allocated. These usually fall into a range of IP addresses that are typically owned by an ISP or data center.


The hostname associated with the IP address. Hostnames are labels assigned to devices on a network so they can be distinguished from each other. If more than one hostname is found then the names will be returned in a comma delimited list.


IPNotes and IPNoteCodes reveal any notes about the IP that the system was able to determine and the associated code for ease of processing. Currently, we have two notes, but more can be added in the future as the operation expands:


This is assigned IPNoteCode 1 and indicates that the IP address has a high probability of being bad/malicious.


This is assigned IPNoteCode 2 and indicates that the IP address is almost certainly bad/malicious.

A quick note on malicious IP addresses

The two codes noted above deal with identifying malicious IP addresses. Due to how often an IP address can be reassigned, an IP address that was once detected as malicious may stop being malicious later and vice-versa. How you handle IP addresses that get flagged with either of these codes is important. Some organization may ban them altogether. As part of your data hygiene strategy, we recommend re-validating IP addresses periodically rather than making a permanent designation.

More to IP Address Validation

For this blog, I pulled some of the main outputs from the table in our IP Address Validation developer guide and expanded on how they could be helpful in your business. By no means does this cover all the instances that IP Address Validation can be used, but it should give you a pretty good idea of its capabilities. By appending the related IP address data our service provides, you can develop strategic insights, flag potential fraud and create effective business logic that creates efficiencies and improves performance.

We are happy to share some of the best practices we have seen using IP Address Validation, just give us a shout.