Welcome to the final of our series of blog posts dissecting each of the datasets available as part of Abusix Mail Intelligence. This time we’re looking at our Newly Observed IPs list.
How the Newly Observed IP List is being built:
The more accurate description for this list should probably be “Newly Observed SMTP IPs”. We track every single IP that we see sending SMTP traffic for a period of 60 days, any new IPs that we haven’t seen are listed for 25 hours from when they are first observed.
New IPs that we see hitting our spam traps are automatically listed in the main IP blocklist.
What is the Newly Observed IPs list designed for?
Unlike the newly observed domains that we covered in the last part – new SMTP IPs are far more likely to be bad.
Depending on how strict you wish to be, you can reject these outright and are unlikely to see many false positives if you do so.
For the more cautious, this data is useful to add additional metadata into your filtering platform or to add additional scores into scoring systems like SpamAssassin or rspamd.
This was it from our blocklist series ! I hope you found it useful. Hit me up if you have any questions!
Stay safe.
Steve