For Association Executives. Powered by REALTOR® Magazine.

Best Practices for MLS Data Security

By Todd Costigan

Foil Content Theft

You may refer to it as “data,” but to thieves, your MLS listings are valuable content. To secure your content, consider using a number of the following tools and methods.

Copyrights. Make sure that participants and those to whom you license data are put “on notice” that it is protected content. Although copyright enforcement can protect certain aspects of your MLS content, copyright laws as applied to MLS content can be complex because they may be held by different individuals or organizations. Check with your legal counsel on establishing properly structured copyright agreements for your content.

Strong passwords. Create a password that cannot be easily deciphered. Do this by making sure it combines at least eight upper- and lowercase letters, numbers, and special characters. Avoid using names of family members or pets, special dates, or any word found in the dictionary. Also require participants to periodically change their password—about every six months.

Seeding data. In each download or release of the MLS listings, include at least one seed (a fake listing). This will allow the MLS to determine how a party obtained its MLS content. Typically, the seed listing is a property owned by someone on the MLS committee or on the MLS staff. Have a letter ready to send to firms that express interest in the property that explains why it is not available. 

Data tagging. Similar to data seeding, data tagging involves the manipulations of actual listings to help identify where a party obtained MLS content. Inclusion of a special character or even a simple misspelling can serve as the data tag. Take care not to distort the real listing information, and spread tagging over a number of listings so that it does not look obvious.

Compliance software. PolicyPage, a free program from NAR’s Center for Realtor® Technology, assists in the MLS policy compliance review of participant member sites. The automated system e-mails participant site owners with a notice of successful compliance or failure and details of causes of failures, and it can even include references to specific policies. More: Search “Policy Page” at 

Log reviews. Depending on your infrastructure and tools in place, you can tell which users and “systems” are requesting downloads of your MLS. A review of your logs can tell you if the same user is reviewing every property on the site. When this happens, it’s likely a bot—an automated user scraping (copying and stealing) listing information. Multiple requests for downloads coming from the same user but different IP addresses is usually a sign that someone is sharing an ID and password. Although it may be impossible to determine who the actual individual is, blocking the particular IP address often will result in someone contacting the MLS to see what has happened. That can give you a lot of leverage in how you respond to the situation.

Watermarking photos. Watermarking inserts a visible tag on the picture or hidden information on a digital image or file that identifies the file’s true author or owner. Many digital imaging programs and cameras today have watermarking capabilities and can tag files so they cannot be identified and manipulated even when the photos are enlarged, reduced, or cropped.

Two-factor authentication. With two-factor authentication, participants must produce a user name and password plus they must also have a physical key (such as a token or USB device).

Rendering software. NoScrape is another free program from NAR’s Center for Realtor® Technology that prevents unauthorized people from scraping information from real estate Web sites. NoScrape prevents unauthorized copying by generating a file that contains the combined data and image—essentially a “picture in a picture.” Because such images are much more difficult to copy by outside intruders, the original listing content is safeguarded.  More: Search “NoScrape” at

Terms of Use. Otherwise known as “the fine print,” Terms of Use indicate what may or may not be done with the information that the Web site provides. By using a “pop up” that requires the user to agree to the terms before accessing the content, you’ve laid legal groundwork should you need to go to court over the unauthorized use of information.

Participant/subscriber agreements. Before allowing any member to use the MLS, have him or her sign an agreement that clearly defines permissible and nonpermissible uses of your content. Doing so will enable you to cut off user access in cases of abuse.

Captcha technologies. You’ve likely encountered this technology when you use an automated ticket site, for example, that requires you to spell a word found in a shaded box that has squiggly lines in the background. NAR’s Center for Realtor® Technology has freely available Captcha technology called reCaptcha. More: Search “reCaptcha” at

Notice: The information on this page may not be current. The archive is a collection of content previously published on one or more NAR web properties. Archive pages are not updated and may no longer be accurate. Users must independently verify the accuracy and currency of the information found here. The National Association of REALTORS® disclaims all liability for any loss or injury resulting from the use of the information or data found on this page.



About AExperience

All state and local REALTOR® association executives, association communication directors, regional MLS executives, and Government Affairs Directors receive AExperience at no cost. Issues are mailed to the address found in NAR’s M1 system. To update your AExperience subscription preferences, update your mailing address in M1.

Update your address