Abusix FAQs

AbuseHQ

No, we don’t provide a Feedback Loop.

Yes, we support Subscribers Right to Data Access and Subscriber’s Right To Be Forgotten which are GDPR requirements.

We have a bunch of customers from different industries. We work with Vodafone IE to help them with their copyright complaints, we work with Swisscom and KPN to help them automate their abuse management, but we also work with smaller companies that want to take a proactive approach when it comes to abuse report handling. If you are handling your own IP range and want to move your network security to the next level, talk to us.

Abusix uses industry-standard practices for its security controls; including, but not limited to firewalls, intrusion detection, change management, and written security policies.

Security at Abusix follows the ISO/IEC 27002:2013 standard.

Similar to our Abusix Mail Intelligence tiers, we are currently working on new pricing for our Abuse Management Platform AbuseHQ. Please reach out to [email protected] for now, to get more details on pricing.

AbuseHQ employs a public cloud deployment model using virtualized resources, as a software-as-a-service (SaaS) solution. AbuseHQ is hosted at Amazon Web Services in Germany or the USA; which operates as ISO Certified Data Centers under German and US Privacy Laws respectively.

Abusix Mail Intelligence

Yes, if you are unsure whether our blocklist work for you, here’s help! We build a blocklist comparison tool, which lets you compare the efficiency with your current IP blocklist setting vs. our blocklist. There is no need to change your live environment. Sign up for a free trial and download the Linux script (Email Protection –> Get Started Section) and follow the documentation on how to set it up.

We only add entities to our welcome list in specific circumstances:

– There have been repeated listing issues.
– These have been sufficiently resolved and procedures have been put in place to prevent these from happening again.
– The IP address or domain name is shared amongst a lot of other customers.
– You can supply an SPF record that only contains SMTP server addresses.

You can change your plan within our Abusix portal. Navigate to the “Email Protection” section in the left sidebar and hit the blue button “Upgrade Subscription”. Select the new plan you’d like to go with and proceed with the check-out. Do you need help? Reach out to our team at [email protected]

 

We use four main methods that can get you listed on one of our blocklists:

– Spam traps

– Heuristics

– Honeypots

– Policy

You need to configure your email server to query our service. We put a documentation page together for the most popular email servers.
You can check out more 3rd party integration here. Our support team can help if you have any questions or use a system that isn’t covered in our documentation.

Generally – the answer is no. Neither service allows for the addition of 3rd party DNS reputation lists like our Abusix Mail Intelligence blocklists. But if you are running email gateways in front of either Google Workspace or Microsoft 365 with your domain MX records pointing to these instead, using Abusix Mail Intelligence blocklists as an additional spam filter is indeed possible.
The email gateways can then be configured to use Abusix Mail Intelligence blocklists to reject messages prior to sending them onwards to Google or Microsoft.

You are not sure if Abusix Mail Intelligence can be used in your case? Get in touch with our team at [email protected] – they are happy to help!

Yes, however, we only provide this for large providers and for an additional fee. If you are interested in using RSYNC, please contact us during your trial at [email protected]

Generally said: Yes, the more filter, the better! But those vendors should be accurate, reliable, and well-supported. We wrote a blog post on this topic here. If you consider switching vendors but are still unsure, we have a comparison tool that lets you compare the effectiveness of our different blocklists (RBL/DNSBL).

There are three main use cases for our blocklists:

– Block inbound SMTP traffic

– Prevent bad email from leaving your network for outbound SMTP traffic

– Assist you in catching compromised accounts and services within your own network

We provide more than 10 different blocklists, such as IP addresses, domain datasets, hashed datasets for short URLs, drive URLs, bitcoin wallet addresses, and email addresses.

Most of our customers use our combined list, which combines our IP, exploit and policy list.

For additional filtering, we provide datasets like newly observed domains or newly observed mail IPs.

If you want to prevent compromised accounts within your network from sending outbound spam, you might want to check out our AuthBL blocklist.

An overview of all our different sets of blocklists can be found here.

A blocklist (previously referred to as a blacklist) is a list of “items” that are considered as unsafe and therefore are denied access. A blocklist might consist of:

IP Addresses
Domain Names
Email Addresses
Short URLs
Drive URLs
Bitcoin Wallet Addresses
Attachment Hashes…

It is used to prevent the reception of spam, viruses, phishing, malware, and other email-borne threats.
Blocklists are used in various areas within security architecture, like; firewalls, DNS servers, directory servers, web proxies, authentication, and API gateways. While our blocklists are only designed for email servers.

Abusix Mail Intelligence is used to prevent the reception of spam, viruses, phishing, malware, and other email-borne threats.

Our blocklists (RBL/DNSBL) can be used as an inbound and outbound protection layer for your email security.

Pricing for Abusix Mail Intelligence can be accessed here. There are three different tiers: Free, Pro and Elite.

Our pricing is based on the number of queries you do. In order to calculate the most accurate price for you, we need to see how many queries you’re doing on a 7-day average. That’s why all our tiers start out with a free 14-day trial, which lets you and us know how many queries you roughly need. You can jump on a quick call with our team if you need more info or send us an email at [email protected]

Generally said, anyone who does not run their own mail system can’t use a blocklist.
It’s also not possible for companies that outsourced their mail scanning to a 3rd party cloud-based shared platform (Microsoft 365, Google Workspace, Mimecast, Proofpoint, etc.)
It’s difficult to apply blocklists for single tenants on a shared system, they have to be used for all tenants.

Generally said, anyone running their own mail server can benefit from using a blocklist.
So, if you are running your own mail server and are looking for higher protection against spam, malware, phishing, and scam – a blocklist works for you!
Start your free trial today to see what Abusix Mail Intelligence can do for you.

Outbound spam can adversely affect your reputation, causing your own mail server to be blocked, which can affect all of your customers that are sending mail through your system. We have a specifically designed blocklist for your outbound traffic that will point out compromised accounts for you. Read more in our blog post here.

Abusix Mail Intelligence can be seen as the first layer of defense for your mail servers that catches more than 99.6 % of the incoming malicious traffic in less than 1 second.
Here are a few reasons why you should use it:

– Protects you and your users from Spam, Malware, Scams, and Phishing
Provides significant scalability gains
– Saves CPU and bandwidth
– Decreases the amount of hardware required
– Integrates with many other mail products

Start your free 14-day trial today to see what Absuix Mail Intelligence can do for you!

Delisting

No, there is no need to sign-up for a free 14-day trial! This is a stand-alone service, though it is directly connected to our product Abusix Mail Intelligence as it uses the same data source.

Don’t panic – we’re not interested in penalizing you, we just want to get the problem fixed and to get you delisted ASAP. If you have received a “bounce message” stating that your message has been rejected by Abusix Mail Intelligence, then this will usually include a clickable link e.g. https://lookup.abusix.com/search?q=x.x.x.x – so click this link which will then show you which lists you are listed on.

– Either click the link in your bounce message or go directly to our Lookup and Delisting page

– Enter the listed IP/domain.

– If the IP/domain shows as being listed, read the information provided and hit the button: “Sign-up for free” in order to get access to our user portal

– Either create a new account or log in to your existing account

– Follow the instructions within the portal to remove your IP/domain from the blocklists.

Do you need help? Get in touch with our team via chat or send us an email at [email protected]

When you request a delisting, we process the delist immediately by removing the offending item from the relevant list(s). If you have specific questions, please send an email at [email protected]

Though delists are processed immediately and the DNS zone files are rebuilt every minute, it can take up to 5 minutes before the item is eventually shown as being delisted.

The item you are looking up might not show up as listed, as it already expired or already has been delisted by someone else.
Note: Listings usually expire after 5.2 days after the last bad event we’ve seen

The most common causes are:

– You don’t confirm opt-in to your mailing lists and don’t have any anti-bot mechanisms to prevent automation from adding recipients.

– Broken or missing bounce or engagement management.

– Email lists purchased from a 3rd party or use of any email appending services.

– Sending mail to very old customers or any address with whom you have had no interaction for > 2 years.

– Compromised accounts or services

– Infected computers or devices.

Watch our latest webinar “Blocklist ABC” where we cover the basics of blocklists

 

Unfortunately, we’ve seen that anonymous delistings attracted a lot of abuse. Therefore, you’ll need to confirm your email in order to use our delisting services. Watch this video for more information on our delisting process.

If your IP/domain is listed, you will receive a “bounce” message telling you that your message could not be delivered. You will be seeing a link to our Lookup and Delist service where you’ll be able to see details of the listing(s). Once you have fixed the issue you can request a delist /removal. For more info on bounce messages, read this blog post. Wonder why you need an account? This has been covered in this FAQ.

Unfortunately, we’ve seen that anonymous delistings attracted a lot of abuse. Therefore, you’ll need to confirm your email in order to use our delisting services. Watch this video for more information.

Other

No, we don’t provide a Feedback Loop.

Compromised accounts are one of the biggest issues today. These accounts are often used to send spam, phishing, and malware, which results in endless problems on several levels. We create daily summaries of all the compromised accounts we’ve observed over the previous 24 hours add necessary metadata and send it to the affected Postmasters and Abuse Desks once per day.

This service is free of charge. We answered the most frequently asked questions on our documentation page.
If you have any more questions, feedback, or suggestions, please feel free to reach out to us via [email protected]

These are all free services, so you don’t need to subscribe or create an account to use them at all!

Yes, however, we only provide this for large providers and for an additional fee. If you are interested in using RSYNC, please contact us during your trial at [email protected]

We provide both live chat and email support to customers and those with listing issues. For customers using Abusix Mail Intelligence to reject mail, we ask that any rejection uses the text we provide, including the delisting URL. If you find yourself listed on one of our blocklists, you can directly go to our Lookup and Delisting service page and follow the instructions there.

If your IP/domain is listed, you will receive a “bounce” message telling you that your message could not be delivered. You will be seeing a link to our Lookup and Delist service where you’ll be able to see details of the listing(s). Once you have fixed the issue you can request a delist /removal. For more info on bounce messages, read this blog post. Wonder why you need an account? This has been covered in this FAQ.

Have you received a “Potentially Compromised account” email? Read here for more information.

XARF

No, XARF does not detect abuse. You have to detect abuse within your network, gather evidence, and then use a XARF to package it up and finally send it to the correct recipient.

XARF can already be used to report different abuse events into your own Abuse Management Platform like your AbuseHQ instance (internal reporting).

In future, Abusix will offer a central reporting service within our Abusix Portal which will send reports automatically to the correct recipient.

These are all free services, so you don’t need to subscribe or create an account to use them at all!

All supported abuse types can be found in the samples directory on GitHub.

While ARF is only meant to report spam via email, XARF is independent of the underlying transport as it’s just a simple JSON document that you can be used in multiple channels.
XARF is more versatile as you can also build APIs and don’t need to use email/SMTP as the underlying tech.

If you want to participate in XARF, you are more than welcome to. You can request new report types here.

Everyone, but usually, this will be users who automate the generation and sending of the report. In future, everyone who experiences abuse should be able to report abuse through our Abusix Portal, where an XARF report will be generated and send to the correct recipients.

Get in touch

Talk to us

Do you want to remove your IP/domain from one of our blocklists?
Please use our lookup-service and follow the instructions there in order to get that resolved.