Abusix FAQs

Here, you can find answers to the most commonly asked questions. If something’s missing, please get in touch with us anytime.

Frequently Asked Questions

General

  • What kind of support do you offer?

    We provide both live chat and email support to customers and those with listing issues. For customers using Abusix Mail Intelligence to reject mail, we ask that any rejection uses the text we provide, including the delisting URL. If you find yourself listed on one of our blocklists, you can directly go to our Lookup and Delisting service page and follow the instructions there.

Mail Intelligence

  • Why do I need to create an account?

    Unfortunately, we’ve seen that anonymous delistings attracted a lot of abuse. Therefore, you’ll need to confirm your email in order to use our delisting services. Watch this video for more information.

  • Why do I keep getting bounce notifications?

    If your IP/domain is listed, you will receive a “bounce” message telling you that your message could not be delivered. You will be seeing a link to our Lookup and Delist service where you’ll be able to see details of the listing(s). Once you have fixed the issue you can request a delist /removal. For more info on bounce messages, read this blog post. Wonder why you need an account? This has been covered in this FAQ.

  • Why do I have to create an account to perform a delist?

    Unfortunately, we’ve seen that anonymous delistings attracted a lot of abuse. Therefore, you’ll need to confirm your email in order to use our delisting services. Watch this video for more information on our delisting process.

  • Why am I getting blocklisted?

    The most common causes are:

    – You don’t confirm opt-in to your mailing lists and don’t have any anti-bot mechanisms to prevent automation from adding recipients.

    – Broken or missing bounce or engagement management.

    – Email lists purchased from a 3rd party or use of any email appending services.

    – Sending mail to very old customers or any address with whom you have had no interaction for > 2 years.

    – Compromised accounts or services

    – Infected computers or devices.

    Watch our latest webinar “Blocklist ABC” where we cover the basics of blocklists

  • My IP doesn’t show as being listed. Is it expired?

    The item you are looking up might not show up as listed, as it already expired or already has been delisted by someone else.
    Note: Listings usually expire after 5.2 days after the last bad event we’ve seen

  • How does delisting work?

    When you request a delisting, we process the delist immediately by removing the offending item from the relevant list(s). If you have specific questions, please send an email at [email protected]

  • How long does it take to be delisted?

    Though delists are processed immediately and the DNS zone files are rebuilt every minute, it can take up to 5 minutes before the item is eventually shown as being delisted.

  • How do I delist an IP or domain at Abusix?

    Don’t panic – we’re not interested in penalizing you, we just want to get the problem fixed and to get you delisted ASAP. If you have received a “bounce message” stating that your message has been rejected by Abusix Mail Intelligence, then this will usually include a clickable link e.g. https://lookup.abusix.com/search?q=x.x.x.x – so click this link which will then show you which lists you are listed on.

    – Either click the link in your bounce message or go directly to our Lookup and Delisting page

    – Enter the listed IP/domain.

    – If the IP/domain shows as being listed, read the information provided and hit the button: “Sign-up for free” in order to get access to our user portal

    – Either create a new account or log in to your existing account

    – Follow the instructions within the portal to remove your IP/domain from the blocklists.

    Do you need help? Get in touch with our team via chat or send us an email at [email protected].

  • Do I need to trial Abusix Mail Intelligence to delist IPs/domains?

    No, there is no need to sign-up for a trial! This is a stand-alone service, though it is directly connected to our product Abusix Mail Intelligence as it uses the same data source.

  • Why do I keep getting bounce notifications?

    If your IP/domain is listed, you will receive a “bounce” message telling you that your message could not be delivered. You will be seeing a link to our Lookup and Delist service where you’ll be able to see details of the listing(s). Once you have fixed the issue you can request a delist /removal. For more info on bounce messages, read this blog post. Wonder why you need an account? This has been covered in this FAQ.

  • Is it possible to have a local mirror of the data via RSYNC?

    Yes, however, we only provide this for large providers and for an additional fee. If you are interested in using RSYNC, please contact us during your trial at [email protected]

  • Can I get my IP or domain whitelisted?

    We only add entities to our welcome list in specific circumstances:

    – There have been repeated listing issues.
    – These have been sufficiently resolved and procedures have been put in place to prevent these from happening again.
    – The IP address or domain name is shared amongst a lot of other customers.
    – You can supply an SPF record that only contains SMTP server addresses.

  • How can I change my current plan for Abusix Mail Intelligence?

    You can change your plan within our Abusix portal. Navigate to the “Email Protection” section in the left sidebar and hit the blue button “Upgrade Subscription”. Select the new plan you’d like to go with and proceed with the check-out. Do you need help? Reach out to our team at [email protected]

  • How do I even end up on blocklist?

    We use four main methods that can get you listed on one of our blocklists:

    – Spam traps

    – Heuristics

    – Honeypots

    – Policy

  • How do I integrate Abusix Mail Intelligence with my current email configuration?

    You need to configure your email server to query our service. We put a documentation page together for the most popular email servers.
    You can check out more 3rd party integration here. Our support team can help if you have any questions or use a system that isn’t covered in our documentation.

  • I’m using Google Workspace or Microsoft 365 – Can I still add a Blocklist like Abusix Mail Intelligence to my mail server configuration?

    Generally – the answer is no. Neither service allows for the addition of 3rd party DNS reputation lists like our Abusix Mail Intelligence blocklists. But if you are running email gateways in front of either Google Workspace or Microsoft 365 with your domain MX records pointing to these instead, using Abusix Mail Intelligence blocklists as an additional spam filter is indeed possible.
    The email gateways can then be configured to use Abusix Mail Intelligence blocklists to reject messages prior to sending them onwards to Google or Microsoft.

    You are not sure if Abusix Mail Intelligence can be used in your case? Get in touch with our team at [email protected] – they are happy to help!

  • Is it possible to have a local mirror of the data via RSYNC?

    Yes, however, we only provide this for large providers and for an additional fee. If you are interested in using RSYNC, please contact us during your trial at [email protected]

  • Should I use more than one blocklist?

    Generally said: Yes, the more filter, the better! But those vendors should be accurate, reliable, and well-supported. We wrote a blog post on this topic here. If you consider switching vendors but are still unsure, we have a comparison tool that lets you compare the effectiveness of our different blocklists (RBL/DNSBL).

  • What are the use cases for your blocklist?

    There are three main use cases for our blocklists:

    – Block inbound SMTP traffic

    – Prevent bad email from leaving your network for outbound SMTP traffic

    – Assist you in catching compromised accounts and services within your own network

  • What different sets of blocklists does Abusix provide?

    We provide more than 10 different blocklists, such as IP addresses, domain datasets, hashed datasets for short URLs, drive URLs, bitcoin wallet addresses, and email addresses.

    Most of our customers use our combined list, which combines our IP, exploit and policy list.

    For additional filtering, we provide datasets like newly observed domains or newly observed mail IPs.

    If you want to prevent compromised accounts within your network from sending outbound spam, you might want to check out our AuthBL blocklist.

    An overview of all our different sets of blocklists can be found here.

  • What is an email blocklist?

    A blocklist (previously referred to as a blacklist) is a list of “items” that are considered as unsafe and therefore are denied access. A blocklist might consist of:

    IP Addresses
    Domain Names
    Email Addresses
    Short URLs
    Drive URLs
    Bitcoin Wallet Addresses
    Attachment Hashes…

    It is used to prevent the reception of spam, viruses, phishing, malware, and other email-borne threats.
    Blocklists are used in various areas within security architecture, like; firewalls, DNS servers, directory servers, web proxies, authentication, and API gateways. While our blocklists are only designed for email servers.

  • What kind of malicious traffic does Abusix Mail Intelligence protect me from?

    Abusix Mail Intelligence is used to prevent the reception of spam, viruses, phishing, malware, and other email-borne threats.

    Our blocklists (RBL/DNSBL) can be used as an inbound and outbound protection layer for your email security.

  • Where can I find pricing info for Abusix Mail Intelligence?

    Pricing for Abusix Mail Intelligence can be accessed here. There are three different tiers: Free, Pro and Elite.

    Our pricing is based on the number of queries you do. In order to calculate the most accurate price for you, we need to see how many queries you’re doing on a 7-day average. That’s why all our tiers start out with 5000 free queries. You can jump on a quick call with our team if you need more info or send us an email at [email protected].

  • Who can’t use a blocklist?

    Generally said, anyone who does not run their own mail system can’t use a blocklist.
    It’s also not possible for companies that outsourced their mail scanning to a 3rd party cloud-based shared platform (Microsoft 365, Google Workspace, Mimecast, Proofpoint, etc.)
    It’s difficult to apply blocklists for single tenants on a shared system, they have to be used for all tenants.

  • Who should use a blocklist?

    Generally said, anyone running their own mail server can benefit from using a blocklist.
    So, if you are running your own mail server and are looking for higher protection against spam, malware, phishing, and scam – a blocklist works for you!
    Start today to see wha t Abusix Mail Intelligence can do for you.

  • Why outbound protection matters as well!

    Outbound spam can adversely affect your reputation, causing your own mail server to be blocked, which can affect all of your customers that are sending mail through your system. We have a specifically designed blocklist for your outbound traffic that will point out compromised accounts for you. Read more in our blog post here.

  • Why should I use Abusix Mail Intelligence in addition to my existing email security solution?

    Abusix Mail Intelligence can be seen as the first layer of defense for your mail servers that catches more than 99.6 % of the incoming malicious traffic in less than 1 second.
    Here are a few reasons why you should use it:

    – Protects you and your users from Spam, Malware, Scams, and Phishing
    Provides significant scalability gains
    – Saves CPU and bandwidth
    – Decreases the amount of hardware required
    – Integrates with many other mail products

    Start today to see wha t Absuix Mail Intelligence can do for you!

Global Reporting

  • I would like to use XARF, Contact DB, or Blackhole MX. Will I need to upgrade to one of your plans?

    These are all free services, so you don’t need to subscribe or create an account to use them at all!

  • I have received an email about “potentially compromised accounts” from you. What is this about?

    Compromised accounts are one of the biggest issues today. These accounts are often used to send spam, phishing, and malware, which results in endless problems on several levels. We create daily summaries of all the compromised accounts we’ve observed over the previous 24 hours add necessary metadata and send it to the affected Postmasters and Abuse Desks once per day.

    This service is free of charge. We answered the most frequently asked questions on our documentation page.
    If you have any more questions, feedback, or suggestions, please feel free to reach out to us via [email protected].

  • Do you provide a Feedback Loop (FBL) for listings?

    No, we don’t provide a Feedback Loop.

  • Who can report abuse via XARF?

    Everyone, but usually, this will be users who automate the generation and sending of the report. In future, everyone who experiences abuse should be able to report abuse through our Abusix Portal, where an XARF report will be generated and send to the correct recipients.

  • Where can I request new report types?

    If you want to participate in XARF, you are more than welcome to. You can request new report types here.

  • What is the difference between ARF and XARF

    While ARF is only meant to report spam via email, XARF is independent of the underlying transport as it’s just a simple JSON document that you can be used in multiple channels.
    XARF is more versatile as you can also build APIs and don’t need to use email/SMTP as the underlying tech.

  • What abuse types can be reported via XARF?

    All supported abuse types can be found in the samples directory on GitHub.

  • I would like to use XARF, Contact DB, or Blackhole MX. Will I need to upgrade to one of your plans?

    These are all free services, so you don’t need to subscribe or create an account to use them at all!

  • How can I integrate XARF into my current abuse management settings?

    XARF can already be used to report different abuse events into your own Abuse Management Platform like your AbuseHQ instance (internal reporting).

    In future, Abusix will offer a central reporting service within our Abusix Portal which will send reports automatically to the correct recipient.

  • Can XARF detect abuse?

    No, XARF does not detect abuse. You have to detect abuse within your network, gather evidence, and then use a XARF to package it up and finally send it to the correct recipient.

AbuseHQ (legacy)

  • Do you provide a Feedback Loop (FBL) for listings?

    No, we don’t provide a Feedback Loop.

  • Does AbuseHQ support GDPR?

    Yes, we support Subscribers Right to Data Access and Subscriber’s Right To Be Forgotten which are GDPR requirements.

  • What AbuseHQ customers do you have?

    We have a bunch of customers from different industries. We work with Vodafone IE to help them with their copyright complaints, we work with Swisscom and KPN to help them automate their abuse management, but we also work with smaller companies that want to take a proactive approach when it comes to abuse report handling. If you are handling your own IP range and want to move your network security to the next level, talk to us.

  • What security controls are in place for AbuseHQ?

    Abusix uses industry-standard practices for its security controls; including, but not limited to firewalls, intrusion detection, change management, and written security policies.

    Security at Abusix follows the ISO/IEC 27002:2013 standard.

  • Where can I find pricing info for AbuseHQ?

    Similar to our Abusix Mail Intelligence tiers, we are currently working on new pricing for our Abuse Management Platform AbuseHQ. Please reach out to [email protected] for now, to get more details on pricing.

  • Where is AbuseHQ installed?

    AbuseHQ employs a public cloud deployment model using virtualized resources, as a software-as-a-service (SaaS) solution. AbuseHQ is hosted at Amazon Web Services in Germany or the USA; which operates as ISO Certified Data Centers under German and US Privacy Laws respectively.