Help Center
👋 How can we help you?
All Products
Abusix Mail Intelligence
Beta Zones

Beta Zones

A list of our Beta Lists

Introduction

We want to provide the best, most innovative, and most accurate threat intelligence in Abusix Mail Intelligence possible.

We believe strongly in the "Release Early, Release Often" methodology and allow our customers "early access" to what we are working on so that if they choose, they can also test and provide us feedback on that work.

We provide access to "beta" lists as separate DNS zones and within rsync. For rsync customers, access is granted in the "beta-lists" module, enabled in the getabusix.conf file.

 
Important Note Beta lists are sometimes incomplete, inaccurate, poorly tested, and could be removed at any time. Therefore, please don't use these beta lists in production or to reject mail; they should only be used for reporting or for weak scoring. If you test any of these lists, please check this page frequently to keep an eye out for any changes so that you can avoid getting caught if we remove a list from service or have some other issue with it. We would also love any feedback that you can provide on these lists. Please get in touch with us via chat or by sending an email to support@abusix.com

Zones

btc-wallets (Bit Coin Wallets)

Status:

Beta

Type:

SHA-1 hash

Cloud DNS namespace:

<APIKEY>.btc-wallets.mail-beta.abusix.zone.

Rsync File:

beta-lists/btc-wallets.zone

Return Codes:

127.0.4.1

Test Points:

127.0.0.2

Listing Duration:

Approximately 5.2 days after last seen

 

Description

We developed this zone to list BTC Wallet addresses seen in the message body of spam sent to traps.

Because it is impossible to represent a BTC Wallet address in a DNS query, they are SHA-1 hashed, and the hash value is used for lookup instead of the URL.

 

For example:

SHA-1(15GWKdT8e1o6GcDTZMQZRiZng2Q6dLX8Aw) ->
e108c5b4bde457dcc35f009d05a21fa383eda04c
 
💡
Info As this is an entirely new type of anti-spam check, it will require support to be added to your chosen mail platform.   Rspamd Please look at our set-up instructions for rspamd, which contains the necessary code to do these lookups. See Getting Started
 
 

attachhash (Attachments)

Status:

Beta

Type:

SHA-1 hash

Cloud DNS namespace:

<APIKEY>.attachhash.mail-beta.abusix.zone.

Rsync File:

beta-lists/attachhash.zone

Return Codes:

127.0.5.1

Test Points:

127.0.0.2, 127.0.5.1, 3395856ce81f2b7382dee72602f798b642f14140 (EICAR with trailing newline), cf8bd9dfddff007f75adf4c2be48005cea317c62 (EICAR)

Listing Duration:

Approximately 5.2 days after last seen

 

Description

This experimental zone lists the SHA-1 hashes of any attachments seen by our trap network.

 
💡
Info As this is an entirely new type of anti-spam check, it will require support to be added to your chosen mail platform.   Rspamd Please look at our set-up instructions for rspamd, which contains the necessary code to do these lookups. See Getting Started
 
 

forged

Status:

Beta

Type:

IPv4, IPv6

Cloud DNS namespace:

N/A, not currently published

Rsync File:

beta-lists/forged.zone

Return Codes:

127.0.0.5

Test Points:

127.0.0.2, 127.0.0.5

Listing Duration:

Approximately 5.2 days after last seen

 

Description

This zone lists IP addresses we have observed either forging mail from our trap domains or where we see traffic from IP addresses sending mail from domains that return SPF Fail results.

 
Important Note This list is not currently well-tested and is very much a work in progress, so it is not recommended to use this for anything other than scoring or testing.
 
 
 

backscatter

Status:

Beta

Type:

IPv4, IPv6

Cloud DNS namespace:

N/A, not currently published

Rsync File:

beta-lists/backscatter.zone

Return Codes:

127.0.0.6

Test Points:

127.0.0.2, 127.0.0.6, ::FFFF:7F00:2, ::FFFF:7F00:6

Listing Duration:

Approximately 5.2 days after last seen

 

Description

This zone lists IP addresses that have sent bounce messages to our traps. Our trap domains are never used to send an email, so any bounce messages we receive are because someone else forged our domain, so any host sending us bounce messages is because they incorrectly accepted one of these messages and are therefore sending us "backscatter.”

Backscatter can be a big problem if a domain is forged and used for a large spam run, and this zone can help mitigate the fallout from this.

Unlike other blacklists, our only inclusion criteria are DSN/MDN messages; we do not consider "Sender Verification" or "Sender Callouts" as backscatter.

 
Warning This zone should NEVER be used as a regular DNSBL; it should only ever be applied to messages that have a null Return-Path (e.g., MAIL FROM:<>)
 
 
 

emailbl

Status:

Beta

Type:

SHA-1 hash

Cloud DNS namespace:

<APIKEY>.emailbl.mail-beta.abusix.zone

Rsync File:

beta-lists/emailbl.zone

 
 

Description

More information on this zone soon....

Learn more about Abusix Mail Intelligence

 

Still, need help?

No problem; click the chat button in the bottom right-hand corner of the screen and send us your questions. Alternatively, you can email us at support@abusix.com

 

also, follow our LinkedIn Channel for updates & subscribe to our YouTube Channel for the latest Abusix how-to-videos.

Did this answer your question?
😞
😐
🤩
Contact Us