Tackling the Largest Internet Security Problem: The Global Reporting Project cover


Tackling the Largest Internet Security Problem: The Global Reporting Project

Network abuse on the Internet has been on the rise for the past 20 years.

Since 98% of all internet traffic originates from Internet Service Providers and Hosting Provider networks (network operators), these networks are squarely at the center of the problem.

  • Developers of security systems like conventional spam filters, user authentication systems, and firewalls have been trying to tackle the issue of compromised systems and accounts. Still, they are only a defensive posture, so the problem and the arms war persist, making the sheer volume of spam emails, network threats, and phishing sites challenging to combat the problem.
  • The growth rate of specific internet attack types varies across different sources and studies because each reporter sees a different market or attack vector, but according to a report by Symantec, there was a 350% increase in phishing attacks in 2020 compared to the previous year. Additionally, a study by Akamai revealed that DDoS attacks increased by 57% in the first quarter of 2021 compared to the same period in 2020. Regarding spam emails, Statista reported that the global spam email rate accounted for 50.81% of total email traffic in October 2021. As for copyright abuse, the Digital Citizens Alliance estimated that there were over 140,000 infringing domains in 2020.

While the actual growth rate may vary over time, and these numbers are just a snapshot, all cybersecurity organizations continuously monitor and analyze the data to understand the evolving threat landscape and develop countermeasures. All agree that year over year, the number grows unabated.

glass globe with reports and graphs

What is the Global Reporting Project?

The Global Reporting Project, initiated by Abusix, aims to address the rapidly increasing problems of fraud, criminal activity, and network abuse.

With billions of spam emails being sent daily, security problems continue to grow.

  • Traditional security solutions face limitations due to the constant evolution of tactics and loopholes used by bad actors and bots.
  • Abusix recognized from its beginning that security defense has become an arms race and emphasizes the need for network operators (ISPs and Hosting Providers) to take action in a unified peer-to-peer manner.

The Abusix Global Reporting Project seeks to combat DoS attacks, vulnerabilities, trademark abuse, the proliferation of phishing sites, copyright infringement, the spread of counterfeit goods, brute force attacks, trademark infringement, ransomware attacks, child exploitation, and more, the abuse, fraud by providing a transport-independent language (XARF) to communicate and platform for reporting, mitigating and remediating abuse at scale.

Background & history of the Global Reporting Project

Abusix's Global Reporting Project was developed to provide network operators with accurate and reliable information about spam, compromised systems and accounts, and other abusive behavior. By sharing information, network operators are aware of security issues, so they may take the necessary actions to secure their user’s accounts and machines and thereby clean up their networks. So, their network is not the source of abuse.

The project has been actively involved in evolving the abuse reporting standards, developing the Abuse Contact DB, and the XARF reporting format.

In 2008,

  • Global Reporting Project Starts
  • Abuse Threat Intelligence service is launched as “spamfeedme”

In 2009,

  • The Abusix Abuse Contact Database project is launched:
  • Abusix Founded as a GmbH
  • Abusix launches it's AbuseHQ beta
  • Abusix launches the X-ARF project

In 2010,

In 2011,

  • Symatec purchases AbuseDS for use within their solutions
  • Abusix writes the abuse policy proposal for APNIC
  • Abusix BlackholesMX Launched

In 2012,

In 2013,

  • Unity Media contracts with Abusix to build AbuseHQ
  • Abusix is incorporated as a US corporation, Abusix, Inc.
  • Abusix and Shadowserver lead the first takedown of a botnet, GrumBot

In 2016,

  • AbuseHQ MVP Launched

In 2018,

  • Abusix launches its MVP blocklist, Abusix Mail Intelligence

In 2020,

  • Abusix reaches a sustainable competitive advantage over its competitor, Spamhaus, with Abusix Mail Intelligence.
  • Abusix launches its potentially compromised accounts reporting service.

In 2023,

  • Abusix supports a global base of Threat Intelligence and Abuse Management
  • Abusix launches its universal data channel interface for Global Reporting

In 2024,

  • Abusix launches its Global Reporting plugin for This-Is-Spam Feedback Loop automation in parallel with the democratization of feedback loops supporting the RFC 9477

(see The History and Evolution of Abuse Handling and Network Attacks)

How the Global Reporting Project is working to solve these problems

The Global Reporting Project, initiated by Abusix, aims to address the rapidly increasing problems of fraud, criminal activity, and network abuse.

For reporters

The Global Reporting Project helps address network abuse at its core by enabling various entities, including corporations and celebrities, to safeguard their brand, networks reporting to other networks, anti-fraud or anti-abuse organizations reporting phishing sites, copyright infringement, counterfeit goods commerce, brute force attacks, trademark infringement, ransomware attacks, child exploitation, and more.

The Abusix Global Reporting Project aims to address a wide range of issues, including DoS attacks, vulnerabilities, trademark abuse, phishing sites, copyright infringement, counterfeit goods, brute force attacks, trademark infringement, ransomware attacks, child exploitation, and more. It achieves this by providing a transport-independent language (XARF) for communication and a platform for reporting, mitigating, and remedying abuse on a large scale.

For network operators

The Global Reporting Project helps tackle network abuse at its roots by involving network operators, system administrators, SOCs, CERT/CIRTs, abuse, legal departments, and trust and safety teams. While network operators are not the original senders of spam or attackers, they unknowingly host and enable spam and internet gangs whose business model is attack for profit.

The solution offers a simple method to integrate and overlay abuse email feeds, FBLs, webforms, internal reports through its RESTful APIs, or via log streams.

By shutting down abusive systems and compromised accounts on their networks as quickly as possible, network operators can greatly reduce the profitability of these activities. Abusix's products help identify abusive and compromised systems and accounts, empowering network operators to take swift action.

What are the top key benefits of the Abusix Global Reporting Project?

For reporters

  • Abusix’s free ContactDB makes it easy to look up the abuse@ reporting email address for an IP address, regardless of where in the world the abuse originated.
  • Abusix’s free transport-independent XARF language is JSON, which unifies all types of report data and makes it easy to report incidents clearly and distinctly in a uniform way, across email, RESTful APIs, or in streams.
  • Abusix’s free Global Reporting platform unifies ContactDB and XARF, making reporting any type of abuse to the originating network easy in an understandable, automatable JSON.
  • Abusix, for those trusted reporters that qualify, provides blocklist mitigation services that block bad actors, decreasing the benefit they receive from their fraudulent activities.

For network operators (ISPs, Hosting Providers, and Mail Providers)

  • Abusix’s Global Reporting makes it easy for network operators to report abuse and collaborate privately between closed groups of providers or globally to the originating network.
  • Abusix’s Global Reporting is formatted in XARF so that IOCs (Indicators of Compromise) and other threat intelligence become instantly actionable internally and externally to the recipient of the network operator’s reports.
  • Abusix’s security operations operate under SOC2 and GDPR certifications. see https:\trust.abusix.com
  • Abusix’s Mail Intelligence may utilize Abusix Reporting data when the reporter provides permission to provide network operators with a more accurate, more complete, real-time blocklist.
  • Abusix’s AbuseHQ provides network operators a SaaS abuse management system that integrates into the abuse@ role address out of the box with minimal configuration.
  • Abusix’s AbuseHQ intelligently illuminates in real-time, accurate, and meaningful information about the operator’s network abuse.
  • Abusix’s Global Reporting, Threat Intelligence, and SaaS AbuseHQ abuse desk illuminate network security issues faster and provide unparalleled efficiency in addressing fraud and abuse.

Abusix’s vision and the long-term goals of the Global Reporting Project.

The long-term goal of the Global Reporting Project is to create a global network security ecosystem where

  • Any reported abuse type uses a common open language with recognizable syntax to communicate understandably.
  • Network operators, brands, and social stakeholders actively share and collaborate about fraud and abuse in a peer-to-peer manner, seamlessly and in real time.
  • Participants effectively combat network abuse, increasing friction and reducing the economic value of using the internet for fraud and abuse.

Ultimately, Abusix envisions a world where the internet becomes a safer and more secure environment for all our customers and users.

Read More


Internet Service Providers have the enormous task of protecting their systems from regular network infringement. Without a security plan in...


For years, content pirates have been running rampant on the web, downloading anything and everything they want for free without...


In the spring of 2000, an unprecedented cyber pandemic swept the globe. At its epicenter was the ILOVEYOU worm—a digital...