XARF

The New Format Of Reporting Network Abuse

To stop attacks or take down illegal content, informing the owner or maintainer of the source is the only way to mitigate issues and therefore is an essential part of the internet infrastructure.

 

Join Us Watch a Video

Trusted by

Swisscom logo White Mimecast Logo Stackpath Logo Logo of KPN white Vodafone Logo

What is XARF?

Initially started as an open, community-driven effort, XARF is now the industry standard for sharing network abuse reports. Other than ARF, XARF is independent of the underlying transport medium as it’s just a simple JSON document that can be used in multiple channels.

When to use XARF?

XARF can be used to report different sorts of abuse, e.g.

  • Spam
  • Phishing attacks
  • Hosted malware
  • Illegal content
  • Copyright issues
  • DDOS attacks
See all types

What to do next?

First of all, XARF is a legitimate way of reporting abuse.

  1. Validate it against the schema.
  2. Read or parse the report.
  3. Handle the abuse.
  4. Inform the reporter that you took care of the report.

For more information, read the documentation.

  1. Create a report by modifying an example or writing one from scratch.
  2. Use the schema to validate your report.
  3. Lookup the responsible network owner (eg. with our service ContactDB) and send them the report.
  4. The network owner will now be informed about the threat within their network and hopefully remediates it.

Note:  If you are using XARF for the first time, please take a look at our GitHub repository to check for examples.

XARF is a community effort. Be part of it!

How can I participate in XARF?

  1. Start using XARF
  2. Join our GitHub community
  3. Propose new threat types
  4. Discuss proposals
Join Us

FAQs

All supported abuse types can be found in the samples directory on GitHub.

While ARF is only meant to report spam via email, XARF is independent of the underlying transport as it’s just a simple JSON document that you can be used in multiple channels.
XARF is more versatile as you can also build APIs and don’t need to use email/SMTP as the underlying tech.

XARF can already be used to report different abuse events into your own Abuse Management Platform like your AbuseHQ instance (internal reporting).

In future, Abusix will offer a central reporting service within our Abusix Portal which will send reports automatically to the correct recipient.

Everyone, but usually, this will be users who automate the generation and sending of the report. In future, everyone who experiences abuse should be able to report abuse through our Abusix Portal, where an XARF report will be generated and send to the correct recipients.

No, XARF does not detect abuse. You have to detect abuse within your network, gather evidence, and then use a XARF to package it up and finally send it to the correct recipient.

If you want to participate in XARF, you are more than welcome to. You can request new report types here.

How to make the most of XARF

With our abuse management platform AbuseHQ, you'll be able to level up your internal abuse report handling in an automated way. Let's talk to our team, to see how we can help you ramp it up!

Get a Demo

Resources & Insights

Products & Tools

Type

Topic

View full resource hub
Blog Post graphic for
Blog

How Hackers Access Networks Using Backdoors

Find out more
Blog Post graphic for
Blog

Why changing the terms blacklist and whitelist isn’t as easy as it might seem

Find out more
Blog

How to Check Whether Your IP Address is Blocklisted

Find out more
Product Updates

Announcing Abusix’s Lookup & Delist Checker

Find out more