Who is Abusix?
We are an IT security company that specializes in anti-abuse. Our goal is to get abuse reported and fixed as quickly as possible.
What is Guardian Mail?
Guardian Mail is a suite of DNS blocklists and welcome lists (these used to be called whitelists). The lists provides reputation for IP addresses, Domains, Email Addresses, Short URLs, Online Drive Service URLs, and Bitcoin Wallet binaries. The suite works with any mail system that supports DNSBL lookups.
Why have I ended up here?
You’ve likely found yourself here if we detected an issue with the mail server that sends your mail, and this caused your IP address to be added to one of our blocklists. Alternatively, it might be your domain that has been listed because we’ve received spam from it or if we have seen infections/compromises on one or more hosts on your domain.
If our service rejects a message you sent, you will receive a “bounce message” (Delivery Service Notification) explaining that your message could not be delivered, with a link to our website lookup service.
What do I need to do?
If you’re not a Mail System Administrator
Contact your IT department or help desk; they should be your first port of call since they manage your organization’s mail server.
Likewise, if you purchase your email services from an ISP, hosting company, or another Mailbox Provider, you should contact your mail provider’s support and report the issue. Ultimately, they are responsible for fixing whatever problem exists.
If you are a Mail System Administrator
The first thing to do is to look at your logs for any apparent issues with your mail system, e.g., large queues, rate-limited users, or users sending unusually high volumes of traffic.
If you need help finding the problem, please contact us via chat or email [email protected]. We’re always happy to provide evidence and advice to help you find, fix and prevent any further issues.
Learn more about Lookup and Delisting
Frequently Asked Questions
General
- What kind of support do you offer?
We provide both live chat and email support to customers and those with listing issues. For customers using Guardian Mail to reject mail, we ask that any rejection uses the text we provide, including the delisting URL. If you find yourself listed on one of our blocklists, you can directly go to our Lookup and Delisting service page and follow the instructions there.
Guardian Mail
- Why do I keep getting bounce notifications?
If your IP/domain is listed, you will receive a “bounce” message telling you that your message could not be delivered. You will be seeing a link to our Lookup and Delist service where you’ll be able to see details of the listing(s). Once you have fixed the issue you can request a delist /removal. Wonder why you need an account? This has been covered in this FAQ.
- Why do I have to create an account to perform a delist?
Unfortunately, we’ve seen that anonymous delistings attracted a lot of abuse. Therefore, you’ll need to confirm your email in order to use our delisting services. Watch this video for more information on our delisting process.
- Why am I getting blocklisted?
The most common causes are:
– You don’t confirm opt-in to your mailing lists and don’t have any anti-bot mechanisms to prevent automation from adding recipients.
– Broken or missing bounce or engagement management.
– Email lists purchased from a 3rd party or use of any email appending services.
– Sending mail to very old customers or any address with whom you have had no interaction for > 2 years.
– Compromised accounts or services
– Infected computers or devices.
- My IP doesn’t show as being listed. Is it expired?
The item you are looking up might not show up as listed, as it already expired or already has been delisted by someone else.
Note: Listings usually expire after 5.2 days after the last bad event we’ve seen - How does delisting work?
When you request a delisting, we process the delist immediately by removing the offending item from the relevant list(s). If you have specific questions, please send an email at [email protected]
- How long does it take to be delisted?
Though delists are processed immediately and the DNS zone files are rebuilt every minute, it can take up to 5 minutes before the item is eventually shown as being delisted.
- How do I delist an IP or domain at Abusix?
Don’t panic – we’re not interested in penalizing you, we just want to get the problem fixed and to get you delisted ASAP. If you have received a “bounce message” stating that your message has been rejected by Abusix Mail Intelligence, then this will usually include a clickable link e.g. https://lookup.abusix.com/search?q=x.x.x.x – so click this link which will then show you which lists you are listed on.
– Either click the link in your bounce message or go directly to our Lookup and Delisting page
– Enter the listed IP/domain.
– If the IP/domain shows as being listed, read the information provided and hit the button: “Sign-up” in order to get access to our user portal
– Either create a new account or log in to your existing account
– Follow the instructions within the portal to remove your IP/domain from the blocklists.
Do you need help? Get in touch with our team via chat or send us an email at [email protected].
- Do I need to trial Guardian Mail to delist IPs/domains?
No, there is no need to sign-up for a trial! This is a stand-alone service, though it is directly connected to our product Guardian Mail as it uses the same data source.
- Why do I keep getting bounce notifications?
If your IP/domain is listed, you will receive a “bounce” message telling you that your message could not be delivered. You will be seeing a link to our Lookup and Delist service where you’ll be able to see details of the listing(s). Once you have fixed the issue you can request a delist /removal. Wonder why you need an account? This has been covered in this FAQ.
- Is it possible to have a local mirror of the data via RSYNC?
Yes, however, we only provide this for large providers and for an additional fee. If you are interested in using RSYNC, please contact us during your trial at [email protected]
- Can I get my IP or domain whitelisted?
We only add entities to our welcome list in specific circumstances:
– There have been repeated listing issues.
– These have been sufficiently resolved and procedures have been put in place to prevent these from happening again.
– The IP address or domain name is shared amongst a lot of other customers.
– You can supply an SPF record that only contains SMTP server addresses. - How can I change my current plan for Guardian Mail?
You can change your plan within our Abusix portal. Click on "Plans & Billing" first then "Subscriptions" (if you're trialing or are subscribed to other products, you have to click on the Guardian Mail tab/button on the top part of the page to see your Guardian Mail subscription like on screenshot below), then click the Upgrade Now! button.
- How do I integrate Guardian Mail with my current email configuration?
You need to configure your email server to query our service. We put a documentation page: https://abusix.com/docs/getting-started-with-guardian-mail/ together for the most popular email servers.
You can check out more 3rd party integration here. Our support team can help if you have any questions or use a system that isn’t covered in our documentation. - I’m using Google Workspace or Microsoft 365 – Can I still add a Blocklist like Guardian Mail to my mail server configuration?
Generally – the answer is no. Neither service allows for the addition of 3rd party DNS reputation lists like our Guardian Mail blocklists. But if you are running email gateways in front of either Google Workspace or Microsoft 365 with your domain MX records pointing to these instead, using Guardian Mail blocklists as an additional spam filter is indeed possible.
The email gateways can then be configured to use Guardian Mail blocklists to reject messages prior to sending them onwards to Google or Microsoft. You are not sure if Guardian Mail can be used in your case? Get in touch with our team at [email protected] – they are happy to help!
- Is it possible to have a local mirror of the data via RSYNC?
Yes, however, we only provide this for large providers and for an additional fee. If you are interested in using RSYNC, please contact us during your trial at [email protected]
- Should I use more than one blocklist?
Generally said: Yes, the more filter, the better! But those vendors should be accurate, reliable, and well-supported. We wrote a blog post on this topic here. If you consider switching vendors but are still unsure, we have a comparison tool that lets you compare the effectiveness of our different blocklists (RBL/DNSBL).
- What are the use cases for your blocklist?
There are three main use cases for our blocklists:
– Block inbound SMTP traffic
– Prevent bad email from leaving your network for outbound SMTP traffic
– Assist you in catching compromised accounts and services within your own network
- What different sets of blocklists does Abusix provide?
We provide more than 10 different blocklists, such as IP addresses, domain datasets, hashed datasets for short URLs, drive URLs, bitcoin wallet addresses, and email addresses. Most of our customers use our combined list, which combines our IP, exploit and policy list. For additional filtering, we provide datasets like newly observed domains or newly observed mail IPs. If you want to prevent compromised accounts within your network from sending outbound spam, you might want to check out our AuthBL blocklist. An overview of all our different sets of blocklists can be found here: https://abusix.com/docs/abusix-mail-intelligence/production-zones/
- What is an email blocklist?
A blocklist (previously referred to as a blacklist) is a list of “items” that are considered as unsafe and therefore are denied access. A blocklist might consist of:
IP Addresses
Domain Names
Email Addresses
Short URLs
Drive URLs
Bitcoin Wallet Addresses
Attachment Hashes…It is used to prevent the reception of spam, viruses, phishing, malware, and other email-borne threats.
Blocklists are used in various areas within security architecture, like; firewalls, DNS servers, directory servers, web proxies, authentication, and API gateways. While our blocklists are only designed for email servers. - Where can I find pricing info for Guardian Mail?
Pricing for Abusix Mail Intelligence can be accessed here. There are three different tiers: Free, Pro and Elite.
Our pricing is based on the number of queries you do. In order to calculate the most accurate price for you, we need to see how many queries you’re doing on a 7-day average. That’s why all our tiers start out with 5000 free queries. You can jump on a quick call with our team if you need more info or send us an email at [email protected].
- Who can’t use a blocklist?
Generally said, anyone who does not run their own mail system can’t use a blocklist.
It’s also not possible for companies that outsourced their mail scanning to a 3rd party cloud-based shared platform (Microsoft 365, Google Workspace, Mimecast, Proofpoint, etc.)
It’s difficult to apply blocklists for single tenants on a shared system, they have to be used for all tenants. - Who should use a blocklist?
- Why outbound protection matters as well!
Outbound spam can adversely affect your reputation, causing your own mail server to be blocked, which can affect all of your customers that are sending mail through your system. We have a specifically designed blocklist for your outbound traffic that will point out compromised accounts for you.
- Why should I use Guardian Mail in addition to my existing email security solution?
Guardian Mail can be seen as the first layer of defense for your mail servers that catches more than 99.6 % of the incoming malicious traffic in less than 1 second. Here are a few reasons why you should use it:
– Protects you and your users from Spam, Malware, Scams, and Phishing
– Provides significant scalability gains
– Saves CPU and bandwidth
– Decreases the amount of hardware required
– Integrates with many other mail productsStart today to see what Absuix can do for you!
Global Reporting
- I have received an email about “potentially compromised accounts” from you. What is this about?
Compromised accounts are one of the biggest issues today. These accounts are often used to send spam, phishing, and malware, which results in endless problems on several levels. We create daily summaries of all the compromised accounts we’ve observed over the previous 24 hours add necessary metadata and send it to the affected Postmasters and Abuse Desks once per day.
This service is free of charge. We answered the most frequently asked questions on our documentation page.
If you have any more questions, feedback, or suggestions, please feel free to reach out to us via [email protected]. - Do you provide a Feedback Loop (FBL) for listings?
No, we don’t provide a Feedback Loop.
- Who can report abuse via XARF?
Everyone, but usually, this will be users who automate the generation and sending of the report. In future, everyone who experiences abuse should be able to report abuse through our Abusix Portal, where an XARF report will be generated and send to the correct recipients.
- What abuse types can be reported via XARF?
All supported abuse types can be found in the samples directory on GitHub.
- How can I integrate XARF into my current abuse management settings?
XARF can already be used to report different abuse events into your own Abuse Management Platform like your AbuseHQ instance (internal reporting).
In future, Abusix will offer a central reporting service within our Abusix Portal which will send reports automatically to the correct recipient.
AbuseHQ (legacy)
- What AbuseHQ customers do you have?
We have a bunch of customers from different industries. We work with Vodafone IE to help them with their copyright complaints, we work with Swisscom and KPN to help them automate their abuse management, but we also work with smaller companies that want to take a proactive approach when it comes to abuse report handling. If you are handling your own IP range and want to move your network security to the next level, talk to us.
- What security controls are in place for AbuseHQ?
Abusix uses industry-standard practices for its security controls; including, but not limited to firewalls, intrusion detection, change management, and written security policies.
Security at Abusix follows the ISO/IEC 27002:2013 standard. - Where can I find pricing info for AbuseHQ?
Similar to our Abusix Mail Intelligence tiers, we are currently working on new pricing for our Abuse Management Platform AbuseHQ. Please reach out to [email protected] for now, to get more details on pricing.
- Where is AbuseHQ installed?