Blog post graphic for the case study "DigitalOcean Partners with Abusix to Take a Stand Against Spam and Abuse to Protect its Network and Customers"


DigitalOcean Partners with Abusix to Fight Spam and Abuse

The Situation

In 2016, the AbuseOps Team from DigitalOcean was processing and escalating all abuse cases manually and needed to find a more efficient way to process and escalate abuse complaints.

If the number of incidents coming out of their network was not mitigated in a timely manner it could impact their customers, and risk their performance.

The challenge in effectively managing remediation led DigitalOcean to create a complex process which in turn led to increased hiring to handle the workload.

The Challenge

The challenge is that a report or email may come in with one complaint or hundreds. An analyst needs to be assigned and conduct a series of actions for each event.

After being assigned, the analyst must parse the report for each event, conduct a lookup in another system to determine if each IP or link is in their network, create a case if it belongs to them, notify the customer, and track the outcomes if needed.

Each report can take anywhere from a few minutes to hours depending on the size. This is in addition to the need for notifying customers and tracking the outcomes.

The Solution 

Automating Processes

DigitalOcean started looking for a solution that allowed their abuse team to focus on the most important tasks. After a trial, DigitalOcean chose AbuseHQ, as the automation processes took care of all the mundane, repetitive work.

Mike White, Legal Ops said: “AbuseHQ removed a huge manual burden from our team. It reduced most of the noise coming into our abuse inbox, and helped us prioritize the important alerts without a human needing to review every complaint.” 

Customized playbooks (a series of predefined steps based on set conditions) are utilized to notify, handle, and track each case outcome through automation.

Through the playbooks, they were able to handle different abuse types including Bruteforce, Intellectual Property, Malware, Phishing, Spam, and many other types through improved procedures and automation.

Will Lefevers, SOC Director at DigitalOcean added that “With AbuseHQ we simply get stuff done much faster.”

The Results 

Increased efficiency with AbuseHQ

After using AbsueHQ for almost 4 years, DigitalOcean is currently minimizing the workload on the team with the incoming reporters automated and automatically parsing and acting upon incoming complaints. 

This increase in efficacy has allowed DigitalOcean to take a proactive approach to protect their customers. AbuseHQ has enabled them to ingest large reports from 3rd party reporters, such as Shadowserver, and automate the processing and customer notification of those reports.

One benefit of this is the ability to proactively notify customers of vulnerabilities in their systems before they are discovered and exploited by others.

“With AbuseHQ, we simply get stuff done much faster.”

Will Lefevers, SOC Director, DigitalOcean

Will Lefevers explained that in 2020 a big focus was to continue to hone the efficiency they are receiving by using AbuseHQ. That is why they’re also rolling out a new API that enables them to query even faster.

The teams are constantly improving their inbound processes and playbooks within AbuseHQ to get the most out of the solution. Everybody on the team is now aware of AbuseHQ’s capabilities, which has also improved internal communication between the different teams using the solution.

Streamlined Processes

As AbuseHQ can be fully customized, DigitalOcean and the Abusix engineering team are working closely together to streamline the workflow more and more.

“AbuseHQ has allowed us to visualize a complete history for our customers that enables us to understand what our customers are attempting to accomplish with DigitalOcean products.”

Cashan Stine, Security Operations Center Analyst II, DigitalOcean.

He found it encouraging to see all the events that come in classified and action taken on the abusers or infected systems.

Improved communication and reputation

DigitalOcean is also receiving more and more positive feedback from reporters and customers. “Without AbuseHQ, we would actually not be able to work with all the new reporters, simply because we didn’t have the capacity to do so,” added Mike White, Legal Ops at DigitalOcean.

Read More


Blocklists are essential tools in combating spam, network abuse, and cyber...


There was a time when the digital world was still in its infancy – the world of ARPANET. ARPANET was...


If you send emails, never forget that your outbound is someone else’s inbound, and if you do forget, not only...