Lookup and Delisting Overview

Who is Abusix?

We are an IT security company that specializes in anti-abuse. Our goal is to get abuse reported and fixed as quickly as possible.

What is Guardian Mail?

Guardian Mail is a suite of DNS blocklists and welcome lists (these used to be called whitelists). The lists provides reputation for IP addresses, Domains, Email Addresses, Short URLs, Online Drive Service URLs, and Bitcoin Wallet binaries. The suite works with any mail system that supports DNSBL lookups.

Why have I ended up here?

You’ve likely found yourself here if we detected an issue with the mail server that sends your mail, and this caused your IP address to be added to one of our blocklists. Alternatively, it might be your domain that has been listed because we’ve received spam from it or if we have seen infections/compromises on one or more hosts on your domain.

If our service rejects a message you sent, you will receive a “bounce message” (Delivery Service Notification) explaining that your message could not be delivered, with a link to our website lookup service.

What do I need to do?

If you’re not a Mail System Administrator

Contact your IT department or help desk; they should be your first port of call since they manage your organization’s mail server.

Likewise, if you purchase your email services from an ISP, hosting company, or another Mailbox Provider, you should contact your mail provider’s support and report the issue. Ultimately, they are responsible for fixing whatever problem exists.

If you are a Mail System Administrator

The first thing to do is to look at your logs for any apparent issues with your mail system, e.g., large queues, rate-limited users, or users sending unusually high volumes of traffic.

If you need help finding the problem, please contact us via chat or email [email protected]. We’re always happy to provide evidence and advice to help you find, fix and prevent any further issues.

⚠️
To delist items from our lists, you will need to register first. Registering and confirming your mail address prevents abuse of our service. When you request a delisting, please ensure that you understand the problem and have taken all necessary actions (including deleting any queued mail as necessary) to prevent any further abuse of your systems. Failure to do so often causes a relisting and, thus, a delay in being able to delist again.

Learn more about Lookup and Delisting

Frequently Asked Questions

General

  • What kind of support do you offer?

    We provide both live chat and email support to customers and those with listing issues. For customers using Guardian Mail to reject mail, we ask that any rejection uses the text we provide, including the delisting URL. If you find yourself listed on one of our blocklists, you can directly go to our Lookup and Delisting service page and follow the instructions there.

Guardian Mail

  • Why do I keep getting bounce notifications?

    If your IP/domain is listed, you will receive a “bounce” message telling you that your message could not be delivered. You will be seeing a link to our Lookup and Delist service where you’ll be able to see details of the listing(s). Once you have fixed the issue you can request a delist /removal. Wonder why you need an account? This has been covered in this FAQ.

  • Why do I have to create an account to perform a delist?

    Unfortunately, we’ve seen that anonymous delistings attracted a lot of abuse. Therefore, you’ll need to confirm your email in order to use our delisting services. Watch this video for more information on our delisting process.

  • Why am I getting blocklisted?

    The most common causes are:

    – You don’t confirm opt-in to your mailing lists and don’t have any anti-bot mechanisms to prevent automation from adding recipients.

    – Broken or missing bounce or engagement management.

    – Email lists purchased from a 3rd party or use of any email appending services.

    – Sending mail to very old customers or any address with whom you have had no interaction for > 2 years.

    Compromised accounts or services

    – Infected computers or devices.

  • My IP doesn’t show as being listed. Is it expired?

    The item you are looking up might not show up as listed, as it already expired or already has been delisted by someone else.
    Note: Listings usually expire after 5.2 days after the last bad event we’ve seen

  • How does delisting work?

    When you request a delisting, we process the delist immediately by removing the offending item from the relevant list(s). If you have specific questions, please send an email at [email protected]

  • How long does it take to be delisted?

    Though delists are processed immediately and the DNS zone files are rebuilt every minute, it can take up to 5 minutes before the item is eventually shown as being delisted.

  • How do I delist an IP or domain at Abusix?

    Don’t panic – we’re not interested in penalizing you, we just want to get the problem fixed and to get you delisted ASAP. If you have received a “bounce message” stating that your message has been rejected by Abusix Mail Intelligence, then this will usually include a clickable link e.g. https://lookup.abusix.com/search?q=x.x.x.x – so click this link which will then show you which lists you are listed on.

    – Either click the link in your bounce message or go directly to our Lookup and Delisting page

    – Enter the listed IP/domain.

    – If the IP/domain shows as being listed, read the information provided and hit the button: “Sign-up” in order to get access to our user portal

    – Either create a new account or log in to your existing account

    – Follow the instructions within the portal to remove your IP/domain from the blocklists.

    Do you need help? Get in touch with our team via chat or send us an email at [email protected].

  • Do I need to trial Guardian Mail to delist IPs/domains?

    No, there is no need to sign-up for a trial! This is a stand-alone service, though it is directly connected to our product Guardian Mail as it uses the same data source.

  • Why do I keep getting bounce notifications?

    If your IP/domain is listed, you will receive a “bounce” message telling you that your message could not be delivered. You will be seeing a link to our Lookup and Delist service where you’ll be able to see details of the listing(s). Once you have fixed the issue you can request a delist /removal. Wonder why you need an account? This has been covered in this FAQ.

  • Is it possible to have a local mirror of the data via RSYNC?

    Yes, however, we only provide this for large providers and for an additional fee. If you are interested in using RSYNC, please contact us during your trial at [email protected]

  • Can I get my IP or domain whitelisted?

    We only add entities to our welcome list in specific circumstances:

    – There have been repeated listing issues.
    – These have been sufficiently resolved and procedures have been put in place to prevent these from happening again.
    – The IP address or domain name is shared amongst a lot of other customers.
    – You can supply an SPF record that only contains SMTP server addresses.

  • How can I change my current plan for Guardian Mail?

    You can change your plan within our Abusix portal. Click on "Plans & Billing" first then "Subscriptions" (if you're trialing or are subscribed to other products, you have to click on the Guardian Mail tab/button on the top part of the page to see your Guardian Mail subscription like on screenshot below), then click the Upgrade Now! button.

  • How do I even end up on blocklist?

    We use four main methods that can get you listed on one of our blocklists:

    Spam traps

    – Heuristics

    – Honeypots

    – Policy

  • How do I integrate Guardian Mail with my current email configuration?

    You need to configure your email server to query our service. We put a documentation page: https://abusix.com/docs/getting-started-with-guardian-mail/ together for the most popular email servers.
    You can check out more 3rd party integration here. Our support team can help if you have any questions or use a system that isn’t covered in our documentation.

  • I’m using Google Workspace or Microsoft 365 – Can I still add a Blocklist like Guardian Mail to my mail server configuration?

    Generally – the answer is no. Neither service allows for the addition of 3rd party DNS reputation lists like our Guardian Mail blocklists. But if you are running email gateways in front of either Google Workspace or Microsoft 365 with your domain MX records pointing to these instead, using Guardian Mail blocklists as an additional spam filter is indeed possible.

    The email gateways can then be configured to use Guardian Mail blocklists to reject messages prior to sending them onwards to Google or Microsoft. You are not sure if Guardian Mail can be used in your case? Get in touch with our team at [email protected] – they are happy to help!

  • Is it possible to have a local mirror of the data via RSYNC?

    Yes, however, we only provide this for large providers and for an additional fee. If you are interested in using RSYNC, please contact us during your trial at [email protected]

  • Should I use more than one blocklist?

    Generally said: Yes, the more filter, the better! But those vendors should be accurate, reliable, and well-supported. We wrote a blog post on this topic here. If you consider switching vendors but are still unsure, we have a comparison tool that lets you compare the effectiveness of our different blocklists (RBL/DNSBL).

  • What are the use cases for your blocklist?

    There are three main use cases for our blocklists:

    – Block inbound SMTP traffic

    – Prevent bad email from leaving your network for outbound SMTP traffic

    – Assist you in catching compromised accounts and services within your own network

  • What different sets of blocklists does Abusix provide?

    We provide more than 10 different blocklists, such as IP addresses, domain datasets, hashed datasets for short URLs, drive URLs, bitcoin wallet addresses, and email addresses. Most of our customers use our combined list, which combines our IP, exploit and policy list. For additional filtering, we provide datasets like newly observed domains or newly observed mail IPs. If you want to prevent compromised accounts within your network from sending outbound spam, you might want to check out our AuthBL blocklist. An overview of all our different sets of blocklists can be found here: https://abusix.com/docs/abusix-mail-intelligence/production-zones/

  • What is an email blocklist?

    A blocklist (previously referred to as a blacklist) is a list of “items” that are considered as unsafe and therefore are denied access. A blocklist might consist of:

    IP Addresses
    Domain Names
    Email Addresses
    Short URLs
    Drive URLs
    Bitcoin Wallet Addresses
    Attachment Hashes…

    It is used to prevent the reception of spam, viruses, phishing, malware, and other email-borne threats.
    Blocklists are used in various areas within security architecture, like; firewalls, DNS servers, directory servers, web proxies, authentication, and API gateways. While our blocklists are only designed for email servers.

  • What kind of malicious traffic does Guardian Mail protect me from?

    Guardian Mail is used to prevent the reception of spam, viruses, phishing, malware, and other email-borne threats.

    Our blocklists (RBL/DNSBL) can be used as an inbound and outbound protection layer for your email security.

  • Where can I find pricing info for Guardian Mail?

    Pricing for Abusix Mail Intelligence can be accessed here. There are three different tiers: Free, Pro and Elite.

    Our pricing is based on the number of queries you do. In order to calculate the most accurate price for you, we need to see how many queries you’re doing on a 7-day average. That’s why all our tiers start out with 5000 free queries. You can jump on a quick call with our team if you need more info or send us an email at [email protected].

  • Who can’t use a blocklist?

    Generally said, anyone who does not run their own mail system can’t use a blocklist.
    It’s also not possible for companies that outsourced their mail scanning to a 3rd party cloud-based shared platform (Microsoft 365, Google Workspace, Mimecast, Proofpoint, etc.)
    It’s difficult to apply blocklists for single tenants on a shared system, they have to be used for all tenants.

  • Who should use a blocklist?

    Generally said, anyone running their own mail server can benefit from using a blocklist. So, if you are running your own mail server and are looking for higher protection against spam, malware, phishing, and scam – a blocklist works for you! Start today to see what Guardian Mail can do for you.

  • Why outbound protection matters as well!

    Outbound spam can adversely affect your reputation, causing your own mail server to be blocked, which can affect all of your customers that are sending mail through your system. We have a specifically designed blocklist for your outbound traffic that will point out compromised accounts for you.

  • Why should I use Guardian Mail in addition to my existing email security solution?

    Guardian Mail can be seen as the first layer of defense for your mail servers that catches more than 99.6 % of the incoming malicious traffic in less than 1 second. Here are a few reasons why you should use it:

    – Protects you and your users from Spam, Malware, Scams, and Phishing
    Provides significant scalability gains
    – Saves CPU and bandwidth
    – Decreases the amount of hardware required
    – Integrates with many other mail products

    Start today to see what Absuix can do for you!

Global Reporting

  • I would like to use XARF, Contact DB, or Blackhole MX. Will I need to upgrade to one of your plans?

    These are all free services, so you don’t need to subscribe or create an account to use them at all!

  • I have received an email about “potentially compromised accounts” from you. What is this about?

    Compromised accounts are one of the biggest issues today. These accounts are often used to send spam, phishing, and malware, which results in endless problems on several levels. We create daily summaries of all the compromised accounts we’ve observed over the previous 24 hours add necessary metadata and send it to the affected Postmasters and Abuse Desks once per day.

    This service is free of charge. We answered the most frequently asked questions on our documentation page.
    If you have any more questions, feedback, or suggestions, please feel free to reach out to us via [email protected].

  • Do you provide a Feedback Loop (FBL) for listings?

    No, we don’t provide a Feedback Loop.

  • Who can report abuse via XARF?

    Everyone, but usually, this will be users who automate the generation and sending of the report. In future, everyone who experiences abuse should be able to report abuse through our Abusix Portal, where an XARF report will be generated and send to the correct recipients.

  • Where can I request new report types?

    If you want to participate in XARF, you are more than welcome to. You can request new report types here.

  • What is the difference between ARF and XARF

    While ARF is only meant to report spam via email, XARF is independent of the underlying transport as it’s just a simple JSON document that you can be used in multiple channels.
    XARF is more versatile as you can also build APIs and don’t need to use email/SMTP as the underlying tech.

  • What abuse types can be reported via XARF?

    All supported abuse types can be found in the samples directory on GitHub.

  • How can I integrate XARF into my current abuse management settings?

    XARF can already be used to report different abuse events into your own Abuse Management Platform like your AbuseHQ instance (internal reporting).

    In future, Abusix will offer a central reporting service within our Abusix Portal which will send reports automatically to the correct recipient.

  • Can XARF detect abuse?

    No, XARF does not detect abuse. You have to detect abuse within your network, gather evidence, and then use a XARF to package it up and finally send it to the correct recipient.

AbuseHQ (legacy)

  • Does AbuseHQ support GDPR?

    Yes, we support Subscribers Right to Data Access and Subscriber’s Right To Be Forgotten which are GDPR requirements.

  • What AbuseHQ customers do you have?

    We have a bunch of customers from different industries. We work with Vodafone IE to help them with their copyright complaints, we work with Swisscom and KPN to help them automate their abuse management, but we also work with smaller companies that want to take a proactive approach when it comes to abuse report handling. If you are handling your own IP range and want to move your network security to the next level, talk to us.

  • What security controls are in place for AbuseHQ?

    Abusix uses industry-standard practices for its security controls; including, but not limited to firewalls, intrusion detection, change management, and written security policies.

    Security at Abusix follows the ISO/IEC 27002:2013 standard.

  • Where can I find pricing info for AbuseHQ?

    Similar to our Abusix Mail Intelligence tiers, we are currently working on new pricing for our Abuse Management Platform AbuseHQ. Please reach out to [email protected] for now, to get more details on pricing.

  • Where is AbuseHQ installed?

    AbuseHQ employs a public cloud deployment model using virtualized resources, as a software-as-a-service (SaaS) solution. AbuseHQ is hosted at Amazon Web Services in Germany or the USA; which operates as ISO Certified Data Centers under German and US Privacy Laws respectively.