Sharing “This is Spam” with Abusix cover

·

Sharing “This is Spam” with Abusix

If you operate a “This is Spam” button (aka FBL feed-back-loop) or “spam traps,” you have probably been asked, “What is the benefit to the business?”

FBLs and spam traps are helpful in:

  1. Illuminating Abuse from your network and servers.
  2. Mitigating email spam by blocking what you see.
  3. Assist other networks by reporting Abuse back to them.

But, processing the data yourself can be time-consuming. Abusix changes that equation with our data-sharing platform for (a) Global Reporting, (b) Abusix Mail Intelligence, and (c) AbuseHQ.

Anyone can share data without being a customer. If they want to extract value, our services can help them.

Sharing Data

Who can share data with Abusix’s Global Reporting Project?

The short answer is anyone. Anyone can share data using Abusix Data Channels. Examples include fraud and phishing reporters, child exploitation NGOs, copyright attorneys, global CERTs, mail providers, spam trap operators, security providers, anti-counterfeit alliances, and more.

What data can be shared with Abusix’s Global Reporting Project?

Virtually any threat intelligence can be shared with the Global Reporting Project. Data can be spam trap hits, “This-is-Spam” or FBL data, SMTP connection and authentication data, phishing, copyright, trademark abuse, counterfeit goods, DDoS attack reports, web crawler reports, etc.

Anyone who wishes to make the internet safer can use this free service and share their data, regardless of whether they are an Abusix customer, by simply following the instructions in our easy-to-use data channel wizard.

How does Abusix use the data?

You decide how Abusix will use the data; we are just the processor. Abusix is a SOC2 and GDPR-certified company; see https://trust.abusix.com.

While all data is converted into XARF (a unified data model for Abuse) for processing, our data channel wizard will follow your instructions regarding the data’s use:

  1. A Global Reporting authorization allows us to report the data to the trusted network or mail operator of origin (or specifically named partners only). Upon sending reports, we discard the data unless otherwise directed it is to be used for one of the two use cases below.
  2. An Abusix Intelligence authorization allows us to mine the data for origins with IOCs (indicators of compromise or malicious activity) such as IP addresses, domains, email addresses in the message body and reply-to and malicious activity like phishing or ransomware URLs, as well as use the data for reputation weighting.
  3. An AbuseHQ authorization allows us to include the data in your instance of AbuseHQ, a SaaS abuse management platform. AbuseHQ automatically correlates disparate IOCs, regardless of the source, to your abuse address from your edge systems, mail server, or SIEM and provides you the ability to unify security process flows to act on threats quickly, regardless of whether they are reported from external sources or internal systems.

Why share data with Abusix?

Customer or not, there are many reasons why you should share spam trap data with Abusix:

Safer internet for all

Since our core mission is to make the internet safer through increasing the lubricity of IOC (indicators of compromise) about systems and users, data is shared freely with originating trusted network abuse operations and mail administrators worldwide.

By sharing your data through Abusix’s Global Reporting, you can directly impact addressing network and mail abuse in real-time, at its root, and contribute to a safer internet for all.

Better filtering

For Abusix Mail Intelligence customers, sharing is a no-brainer. Sharing “This is Spam,” spam-trap, connection, or authentication data allows us to enhance the performance of the services they already receive.

It might be surprising to learn that you will receive mail almost nobody else has received. This may be due to your geographical location, language, or business sector. Some unwanted mail will always slip through if you run an internal blocklist. Sharing “what you see” with Abusix will reduce your workload, as we can include your traffic in our blocklists. Sharing data with Abusix allows us to see traffic we wouldn’t otherwise see, leading to better filtering.

What you see is what we see. Also, if you’re the first to see something, no one else has to.

Shared security

For AbuseHQ customers, sharing is a mutual shared security commitment. Sharing network threats from honeypots, spam traps, mail servers, authentication portals, firewalls, and SIEMs benefits every member of the peer-to-peer network. The contributors benefit from the data they share themselves; they also benefit from the data shared by every other peer. This shared security approach creates seamless real-time peer-to-peer collaboration that attacks cybercriminals and botnets so that no single network can compete.

Sharing spam trap data: A case study

Swiss-based Swisscom is known for its reputation for user privacy and security. Swisscom shares thousands of spam trap emails with Abusix in real-time. Following Swisscom’s instructions, the trap emails of all recipient information are redacted of all recipient (trap) information. They are:

  1. Reported to the abuse address for the network of origin.
  2. Processed for Abusix Mail Intelligence blocklist additions.
  3. AbuseHQ automatically restricts and notifies the abusive subscriber if the origin is their network according to settings determined by Swisscom.

For Swisscom, the benefits of sharing spam trap data are multiple, leading to the following:

  • Better visibility to new customers and compromised accounts, allowing them to keep their network clean.
  • Better inbound security for their mail server, keeping their users safer.
  • More accurate data from Abusix Mail Intelligence for Europe.
  • Greater convenience through receiving all reputation data in a single SaaS platform, not just spam trap data in isolation.
  • Better partnering with other ISPs and network operators and better filtering for all Abusix Mail Intelligence customers.

Share early, share often.

At Abusix, networks and organizations benefit from sharing all types of data, not just spam trap data. We host a production, easy-to-use, real-time sharing platform that fulfills the need for modern ‘share early, share often, share machine-readable data’ environments, fulfilling three critical aspects of data sharing.

Sharing in real-time, whether across a RESTful API or as a continual stream, allows everyone to benefit from threats others see.

To learn more about how to share data, whether it be an FBL or spam trap or other data across Abusix’s Global Reporting platform using our API or as a stream, just read this article on how to get started or reach out to us to get help at [email protected]

Read More

·

IP/Domain blocklists (formerly also known as blacklists) began appearing relatively early...

·

Editor’s note: This post was originally published in April 2017 and has been revamped and updated for accuracy and comprehensiveness....

·

Network abuse is increasing daily. The latest cybercrime report from PWC shows that it is the second most reported economic...