How is Adaptive MFA Untrusted IP Assessor Score Determined?

Problem statement

“UntrustedIP” is one of the criteria for MFA, but I would like to know which IP addresses are on the IP rejection list. Is this information publicly available? How does “UntrustedIP” determine ‘high’, ‘medium’, and ‘low’?


The Adaptive MFA Untrusted IP Assessor uses aggregated lists of IP addresses of known bad actors from across the internet to check if an IP address is present. The list is internal only.

How the score is determined is also proprietary, and we cannot share the formula/ logic publicly. To expose the current definition would be a moving target, so we intentionally abstract that away from customers and instead give them an aggregate score. Moreover, we continue to enhance our products with new risk signals and assessments.