High Availability Improvements

Image description

Today we're introducing some availability improvements that assist you in keeping your services fully available to your customers while utilising our API. The first of these changes is to do with API key management.

We've heard from some customers that they like to rotate their API keys on an annual basis. This is a good idea for security as it guarantees any leaked keys are no longer usable. But the problem has been if you change keys there will be a time frame where your software is still using your old key before you can input the new key.

This can result in denied queries or queries which don't utilise your custom rules or custom lists. For this reason, we've had a feature request which allows the old key to still be used after a new key is issued. And that is exactly what we've made available today. From now when changing your API key you'll be presented with the interface below which lets you specify how long your old key will remain usable.

Image description

You can still choose to revoke your previous key immediately upon generating a new key but in addition, you can now choose to keep your previous key active for between 5 minutes and 8 hours by selecting a time frame that fits you from the dropdown box.

In addition to this change, we had another feature request to improve our Dashboard usage API so that it indicates if a burst token is currently in use or not. We've added this too as shown in the example below you'll now see a binary 0 or 1 to indicate if a burst token is active.

{
    "Burst Tokens Available": 6,
    "Burst Token Allowance": 6,
    "Burst Token Active": 0,
    "Queries Today": 1641,
    "Daily Limit": 640000,
    "Queries Total": 1588717,
    "Plan Tier": "Paid"
}

This brings the same activity status for your burst tokens to the Dashboard usage API as you can view in the Dashboard itself like in the screenshot below.

Image description

So that's all the updates we have for you today. We just wanted to reiterate that both of these feature changes are the result of direct feedback from our customers. If you have an idea please don't hesitate to contact us as we may just add it for you!

Thanks for reading and have a wonderful weekend.


Introducing a new way to pay

Image description

Today we're introducing a highly requested way to pay for a yearly plan, cryptocurrency. And we're not just accepting a single type of coin but over fifty of the most popular crypto coins available. Below are just twelve of the most common ones we support.

Image description

You may be asking why are we now (finally!) offering this way to pay. Put simply we've spent a lot of time thinking it through. Accepting cryptocurrency isn't as straightforward as the other payment options available and we wanted to take our time so we fully understood the nuances of receiving and holding cryptocurrency.

We know it has taken us a while to get here but we think all the people who wrote to us over the past several years about accepting cryptocurrency will be happy with the way we've decided to move forward with it.

And that is because we're not just accepting one popular coin, we didn't want to pay lip service to the idea of accepting crypto. And so we're supporting a large selection of different coins. The ones we noted above are just the most significant coins by market cap and so represent the most common coins people are holding but we will be supporting a vast variety of coins outside of these, simply ask us if the coin you want to use is accepted.

And like with our Bank Card, Apple Pay, Google Pay and PayPal payment options you're afforded the same level of service when paying with cryptocurrency which means you can upgrade or downgrade your plan mid-way through a plans lifecycle and you're entitled to the same 30-day full refund policy.

If you would like to pay via cryptocurrency please check the Paid Options tab of your dashboard here, where you can find all the details, we will usually fulfil plans purchased via PayPal or Crypto within an hour during business hours.

Thanks for reading and have a wonderful week!


Time Zones added to the API output and Custom Rules

Image description

Today we're announcing a new piece of data we're exposing through our API called time zones, this is as the name suggests a way for you to view the time zone of an IP address you're checking with our API.

We've added time zones because we see it providing a lot of benefits to our customers who want to tailor services to users within specific geographic areas without targeting their country or region.

Knowing a user's local time zone can be hugely beneficial to businesses, just like in our own everyday lives where we plan our day around specific times, so too do businesses. Until now customers have been reliant on the user's browser to show local times but this isn't always an available metric. Our API is not only used on websites where the browser can provide that information.

In addition to exposing the time zones in our API, we've also added it to the Custom Rule feature which means you can create conditions and condition groups which utilise time zones for targeting. We've chosen to follow the iana.org time zone format which means you can easily parse the time zones we provide using standard and common libraries within all major programming languages.

We've updated our API documentation including the test console to showcase the new data and we hope you'll experiment with it!

This feature began as a request from one of our customers which we felt had broad appeal and great synergy with the other data we already make available. If you have a great idea please get in touch via our contact page, we love to hear from you.

Thank you for reading and have a wonderful week!


New unified changelog interface and other news

Today we've added a new changelog page to the website which allows you to quickly view the changelogs from any of our pages in a single unified interface. The main benefit to this is you no longer need to visit individual pages to read about changes and it's easier to read them in a full screen layout as illustrated below.

Image description

Like many of our features this has been on our roadmap for a while, we are very proud of our transparency when it comes to feature changes, additions and fixes. We believe strongly in documenting when things change especially when it comes to our pricing page, privacy policy, terms of service and GDPR compliance which are pages you don't traditionally expect to find changelogs.

We hope you'll enjoy the new page, it does look very colourful and it may even be interesting to read how some features like the Dashboard have evolved since 2018 when we first launched it and began logging the various upgrades and changes made to it over the years.

Looking past this new feature we did want to discuss some other things. Since June we have been performing a lot of backend changes to keep the service strong for the future. Mostly based around database throughput and synchronisation within our cluster of systems.

We've also been improving the sites security against client side attacks that could be leveraged against our customers, specifically XSS attacks. Forms, buttons and other basic functionality has been hardened to make it more difficult for potential attackers to hijack your login session with our dashboard through malicious links.

In addition to that we've for the first time implemented a Dashboard API request limit. Dependant on what you're accessing and how frequently you're accessing it you may be subjected to a 1 to 2 request per second limit for a brief time period.

Just to reiterate, this is for the Dashboard API where you manipulate your account settings programmably, view statistics and download logs. It does not apply to the proxycheck v2 API that you use to check addresses with which has its own per-second request limits published within our API documentation page.

We've added these Dashboard API request limits to help secure our infrastructure against the possibility of resource depletion attacks. We don't believe these introduced limits will impact any of our legitimate customers.

The final thing we wanted to discuss was inflation, the cost of living increases and the prices of energy. We like most businesses are subject to market forces and that does mean our costs are increasing, we're seeing significant price increases in server hosting due to European energy prices but we want to reassure all our customers, you need not worry as we do not raise prices on currently subscribed customers, period.

In addition to that we're not planning to increase the prices of our plans for new customers at this time, we're instead going to absorb the increase in operating costs so don't feel pressured to signup or upgrade your paid plan as no price increases will occur for the remainder of this year.

We should emphasise that traditionally we've performed pricing changes in January and that's still the case. And again any pricing changes would only apply to newly started plans or changes from one plan to another. Those already subscribed to a plan would not be subject to any price increases.

We know we've been quiet all throughout July without a blog post but rest assured we are working on things behind the scenes. We've been bringing on more data partners, increasing the robustness of our backend software and improving security.

Thanks for reading and have a wonderful weekend!


Regarding Downtime Today

This is just a quick post as the situation is still developing.

Around 07:30 AM GMT the CloudFlare network began to fault worldwide and our site aswell as all others on the CloudFlare CDN became inaccessible to the internet. We apologise for this and unfortuantely we were unable to mitigate the problem due to our heavy reliance on CloudFlare for DDoS protection and Load Balancing.

Around 08:12 AM GMT service began to be restored and CloudFlare is continuing to update their status page which you can view here: https://www.cloudflarestatus.com/incidents/xvs51y9qs9dj

When CloudFlare shares their post-mortem we will update this post with a link to that. Once again we deeply apologise for the unexpected downtime, it's not something we take lightly and we appreciate your patience and understanding.

UPDATE 1:

Now that we're able to see full analytics for the time period in question we can see that only around 50% of our traffic was affected by the CloudFlare downtime, the other half continued to be answered normally. This appears to be due to the CloudFlare issues only affecting specific regions and points of presense for their network. We are continuing to evaluate things but as of this update everything is fully operational.

UPDATE 2:

CloudFlare has now published their post-mortem report: https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/


Dark Patterns: A topic for our 200th blog post

Image description

Today we wanted to do a special entry for our 200th blog post and it's all about dark patterns in user interfaces, what they are, how you can spot them and how we reject their use in our product.

So first lets describe what dark patterns are, in short it's a way to describe a deceptive user interface which has been designed in a way to trick users into doing things they don't want to do or to make it unreasonably difficult for them to access or perform actions that they want to do.

Some examples of this would be an e-commerce website advertising a sale on an item when it hasn't been discounted from its usual price or removing a discount once an item is added to your shopping cart. Another example would be advertising free shipping but then when you checkout there is in-fact shipping or another service charge that would equal the shipping cost.

A common example of dark pattern use in paid subscriptions are when a service makes it easy to signup and pay but difficult to cancel a plan or delete your account.

There are countless examples of dark patterns all over the web and thankfully the law isn't blind to these practices and some states like California in the USA have passed stronger consumer protection laws which encompass deceptive user interface design.

But there is always more that can be done. Here at proxycheck we have rejected dark patterns since the start and we would like to list a few of the ways we've accomplished that.


When you signup we only ask for an email and we do not sell or provide your address to any third parties besides our mail carrier. We don't abuse your email with spam and by default our marketing emails are opt-in instead of opt-out, meaning they're off by default.

When you don't need to use the service anymore you can quickly and easily access an account deletion button within your dashboard. It's always fully visible in the top right corner of the settings tab which is the default tab.

You can export all of your data at any time through the dashboard, no need to contact any customer service people to get a copy of your data.

When you want to upgrade or downgrade your plan you can do it yourself from within the dashboard and all changes are prorated to save you money.

When you want to cancel a plan you can do that from within the dashboard with two clicks from the paid options tab.

Clear pricing that we stick to, you are never charged more than you agreed to and we don't increase prices for subscribed customers even if the plan they're paying for increases in price while subscribed.

Clear and descriptive change-logs available at the bottom right of every page which detail all the changes made to that page, nothing deceptive or hidden here (also we encourage archive.org to scrape our pages to provide an independent log of our changes).

Easy access to refunds even mid way through a subscriptions life cycle with 30-day full refunds since your latest payment, not your account signup date.

Email alerts a week before we're going to bill you which are turned on by default and cannot be disabled for yearly subscribers so they won't get caught paying for something they're no longer using. (And remember you can request a refund if this happens to you)


For us offering these features was not about following a law, we've done most of this before the term dark patterns was even coined or legislated against. For us this is about delivering fairness. We do not look at our customers as an exploitable resource, we see them as valued partners.

This is why we've continued to deliver innovative new features like CORS support, Custom Rules, Burst Tokens, Custom Lists and more at no extra cost. It's why we've expanded the amount of data we provide and why we continue to add features customers need like upgrading and downgrading their plans, deleting their accounts when they no longer need the service and paying their bills outside of a recurring subscription.

At the start we mentioned this is our 200th blog post and that's true. We started this blog on June 20th 2017 and since then we've written about a huge number of topics, service changes and feature additions, we look forward to doubling that number in the coming years and we hope you'll be along for that ride.

Thanks for reading and have a wonderful week.


Introducing Custom Lists

Image description

Today we've launched a brand new feature we're calling Custom Lists which allows you to create customised lists of addresses, address ranges, autonomous system numbers (ASN's) and email domains for use in Blacklists, Whitelists or Custom Rules.

Image description

This new feature replaces our previous Whitelist and Blacklist tabs within the Dashboard with a new unified Custom Lists tab. And as you can see above it looks similar to our current Custom Rules tab but once expanded these lists offer an entirely different set of controls as shown below.

Image description

In the above screenshot we're showing the default Manual Editing Mode which lets you add information to this list just as you could with the previous Whitelist and Blacklist features. You can also manipulate what is contained within this list by the Dashboard API. The previous API still works but we've also made a new one which offers control of any kind of list, not just White and Blacklists.

A brand new feature however is the ability to have your lists automatically downloaded from your own website on a regular schedule. When selecting the Automated Mode the list changes in appearance and allows you to specify a URL and the frequency at which you would like your list downloaded. Below is a screenshot of that interface.

Image description

In addition to still offering the whitelist and blacklist functionality as before you can now also create named lists for any eventuality which can be leveraged solely by your Custom Rules allowing for additional levels of customisability.

We've also added toggle buttons to each list allowing you to easily turn them off and on without needing to erase their contents and as we've followed our Custom Rules design guidelines you can now move the lists around and easily export them for local backup.

To integrate this feature with Custom Rules we came up with a clever solution, when entering custom values into a rule condition you'll now be suggested your Custom Lists by name which you can then click to add into the box and those lists will then be consulted by that rule when its conditions call for it.

The last thing to discuss is how much does it cost, how many lists can you create and what is this 4MB size limit per list?

Well to answer the first question, this feature does not cost anything extra. You can create as many lists as you like but you may only enable a certain number of lists dependant on your plan tier. Free users can enable 3 lists while paid plans can enable between 5 and 60 lists with custom plans able to go beyond that 60 limit.

As for the 4MB size limit we've found in testing it is possible to add 300,000 addresses to a list without comments and still fit under 4MB. With detailed comments this falls to between 100,000-150,000 entries. But this 4MB limit is per-list so if you fill one up you can simply create another.

We hope you all will really like this new feature. It has required a lot of extensive work both in the Dashboard and our API, as such we have issued a new API version dated the 25th of May 2022.

If you want to use the new lists feature you will have to upgrade to this API version as the previous lists have been copied over to the new format, until you upgrade your API calls will still use your old lists but you won't be able to alter them until you upgrade.

Thanks for reading and have a wonderful week.


Manual Invoice Payments

Today we've introduced an improvement to the invoicing system within the customer dashboard which allows you to pay an outstanding invoice using any bank card you may have through a secure portal at our payment processor, Stripe.

This is a change that we should have introduced earlier but it has only been over the last couple of months that we've seen a large increase in the need for our customers to pay their invoices manually. This has been mainly due to recent banking regulation changes in certain countries like India which have disallowed foreign entities from billing Indian bank accounts in an automated way.

So as a result when you visit the paid options tab of the customer dashboard you'll see a toggle for invoice options and history which will reveal the below control panel.

Image description

This may look familiar if you've viewed it previously. The new part is the Pay Invoice Manually column which in our screenshot above shows the various states you can expect to see. The most recent payment can be made manually, previously paid payments are shown as such and voided payments for instance ones that were needing to be paid but we manually voided it are also shown.

In addition to these changes we've also updated our email that gets sent when a payment fails to explain how to pay your invoice manually so everyone who needs this feature should be fully aware of it when the time arises.

Thanks for reading and have a great week!


General Update

Image description

Today we wanted to take some time to update you on last months new server deployments, the war in Ukraine and what it means in the context of our service and how it will affect some of our customers.

Server Update

Firstly some of you have pointed out that we reused some of the names from our old servers for our new ones. The HELIOS, AURA and ZEUS node names were reused for our new nodes and in-fact when it comes to HELIOS we physically swapped out the server at its location meaning the new server inhabits the exact same rack as the old server.

The names EOS, RHEA and THEA were retired and we introduced ORION as a new name for one of the new servers. This name was actually chosen by one of the plugin authors we work closely with.

So how have they been performing? - In short, brilliantly. We've had the highest level of performance available since the service started. The time it takes for pages of our website to load are significantly down, especially when users access the Dashboard for the first time and a lot of their data hasn't been loaded into memory yet.

Similarly the API itself has been delivering answers with the lowest latency we've ever seen and more importantly consistently. Being able to deliver 99.99% of requests in under 9ms (before network overhead) is a remarkable achievement. This has been made possible by the marriage of our new components. The CPU our high speed memory and the flash based storage all working together to provide this consistently low access latency.

Over the past month since deployment we have come under multiple DDoS attacks in the same way that we had prior to the new server deployments and we're happy to say the new infrastructure handled these with ease. We were able to absorb the extra traffic generated by the attacks without incident. We didn't even see the average API latency increase.

We couldn't be more happy with the new infrastructure.

Ukraine

Like most of the world we're horrified by the unjustified war in Ukraine perpetrated by the Russian federation under Putin. We condemn this needless war and hope that the Ukrainian people will ultimately prevail.

As you may know from our server status page we have two servers in Eastern Europe. However they are not in Ukraine and are not in any danger at this time. If this changes we will deploy more servers in Western or Central Europe.

When it comes to our Russian customers we want to be clear, we do not blame you for the actions undertaken by your government. However we are beholden to the same sanctions as others which means we can no longer process your bank cards or accept PayPal payments from you. We've also made the decision not to accept other forms of payment that may bypass the sanctions such as cryptocurrency.

We've already heard from a few of you about this and as we've written back, we won't be accepting other forms of payment and instead your plans once they end will transition to our free tier. We won't be blocking Russian citizens from using the service but your government, its agencies and anyone we're aware of on international sanction lists will be denied service.

We know this is an unusual blog post, we've never had to discuss an ongoing war before. We have customers in Ukraine, Russia and many other European countries who are afraid right now. Our service should be the least of their problems but we are receiving support emails from customers who are affected by the war and its ramifications (such as the sanctions) so we felt it was important to address a few things here for you in public.

Thanks for reading and please keep yourselves and each other safe.


Introducing Disposable Email Detection

Image description

Since proxycheck.io started we've aimed to provide ever increasing useful data about IP addresses. At first we could tell you if an IP was a proxy server and later if it was a VPN. Then we added location, network and specific operator data.

All of this has been to empower service providers to restrict their content to real people in real places so they can protect their communities and livelihoods from the negative effects of anonymising services.

Now for the first time we're launching an entirely new type of check, email. And specifically we're going to be detecting disposable email services to let you know whether your user or customer will be contactable long term.

This is a big problem for service operators who need to keep in contact with their users and even for websites like our own where we offer a generous free plan that results in a huge amount of account creation abuse, almost all of which is enabled through the use of disposable email addresses.

And so we feel there is a good synergy here, emails are just another kind of address. We do however want to make a distinction. We're not going to be detecting privacy respecting email services as disposable when the addresses they generate are always attached to the same individual.

Which means services like iCloud which offer users a unique email address for every service they signup for would not be considered disposable and would not show as disposable on our API.

However services that make a unique mailbox available only for a short time period (minutes to days) will be shown on our API as disposable.

We've been working on this feature since last year and we feel the timing is now right to launch. As of this post disposable email detection is live and available through our latest version of the v2 API dated Dec 21. You can check IP addresses and email addresses in the same exact way, by placing them in a GET or POST request. Each email you check uses one query just like IP addresses do.

And you can even check both an IP address and an email address in the same request, just like how you can check two or more IP addresses today.

One important thing to discuss here is privacy. Sending your users email addresses to us is a very sensitive thing. What we'll be doing with them after you send them to us is a very important question.

Firstly you don't need to send us their full email. Just the @domain.tld is needed. For instance you can send the email as [email protected] instead of [email protected]

Secondly any email address we receive that isn't considered a disposable address is instantly discarded once your request to the API is fulfilled, they are not saved anywhere.

And that is because we do not want to save them, it's unnecessary for this feature to function. However any positively detected addresses, meaning we considered them as disposable will be saved just once and only in your positive detection log that is viewable only to you within your account dashboard. We will not be processing them or storing them anywhere else but your account log. And if you don't want this to happen you can even disable all logging by providing the &tag=0 flag with all your requests to us.

So how does this work with your account and daily allowance, well every account whether free or paid has the same per-day query allowance which you can now use to check email addresses in addition to IP addresses. It's just that simple, one query is one query no matter which kind of check you're performing.

And you can now whitelist or blacklist email addresses just how you can with IP addresses, ranges and AS numbers. As of today the custom rule feature isn't enabled for use on email addresses but that will likely change in the future as we expand on our email feature.

We've already shown this feature to a few developers of 3rd party proxycheck.io compatible plugins and also customers who we work closely with and we've received great feedback from both communities. In-fact we already have many feature requests including generalised email validation. While we cannot commit to such features today perhaps that is an avenue our email checking will go down in the future.

So that is the new email feature. You'll find the API documentation has been updated including our test console also found on the API page. Feel free to send in some feedback if you have some ideas or a feature request.

Thanks for reading and have a wonderful week.


Back