👋 How can we help you?

FAQ

Frequently Asked Questions

Last updated on Invalid Date

Do you detect the language of messages?

Spam message languages have become important to our customers training spam heuristics filtering.

Thus, Abusix now classifies content in the message, body using a common language detection library.

 

Description

Our challenge with language filtering is for us to deliver as much spam in a language feed to make it valuable to you, and achieving a balance between; being too strict on our language tagging, causing false negatives and ruling out false positives.

In language identification, we (1) first normalize the text in the message body and (2) then require a minimum amount of clean text in the message, to make a language tag decision.

Thus, Abusix is not identifying emails by language, those emails with too little content and those with too many special symbols.

So, if what we do isn't 100% perfect for you and you want to tighten or loosen the filter in some manner, please let us know and we will try to make adjustments accordingly.

If you have questions, please contact our support.

 

JSON Field / Filter

Our JSON contains a Language Field which may also be used as a filter

 

Languages

We are detecting and filtering on the following languages:

Albanian (sq)

Arabic (ar)

Armenian (hy)

Azerbaijani (az)

Belarusian (be)

Bengali (bn)

Norwegian Bokmål (nb)

Bosnian (bs)

Bulgarian (bg)

Catalan (ca)

Chinese (zh)

Croatian (hr)

Czech (cs)

Danish (da)

Dutch (nl)

English (en)

Esperanto (eo)

Estonian (et)

Finnish (fi)

French (fr)

Ganda (lg)

Georgian (ka)

German (de)

Greek (el)

Gujarati (gu)

Hebrew (he)

Hindi (hi)

Hungarian (hu)

Icelandic (is)

Indonesian (id)

Italian (it)

Japanese (ja)

Kazakh (kk)

Korean (ko)

Latvian (lv)

Lithuanian (lt)

Macedonian (mk)

Malay (ms)

Marathi (mr)

Mongolian (mn)

Norwegian Nynorsk (nn)

Persian (fa)

Polish (pl)

Portuguese (pt)

Punjabi (pa)

Romanian (ro)

Russian (ru)

Serbian (sr)

Shona (sn)

Slovak (sk)

Slovene (sl)

Sotho (st)

Spanish (es)

Swahili (sw)

Swedish (sv)

Tamil (ta)

Telugu (te)

Thai (th)

Tsonga (ts)

Tswana (tn)

Turkish (tr)

Ukrainian (uk)

Urdu (ur)

Vietnamese (vi)

Xhosa (xh)

Yoruba (yo)

Zulu (zu)

 

How does Abusix process messages?

We receive honey trap and honey ot traffic on dedicated systems at different locations around the globe. This guarantees high reliability, failure over safety and diversity. The traffic in real-time, monitored, parsed and analyzed.

 

Honey Trap Processing

  1. After a (spam-) mail has been seen in our honey traps, the message is first evaluated to determine whether it is spam or not.
  1. Delivery Status Notifications (DSN rfc-3464), as well as bounce messages, are not considered spam, even if the original message hits a trap and thus we filter out these messages.
  1. We also implement a Hard Fail SPF record for our trap domains. This helps MTAs identify illegitimate traffic and prevents legitimate DSN messages, also from being misidentified as spam.
 

Honey Pot Processing

  1. When a new botnet connects to a new honeypot we first see control messages sent, to verify that the machine is an open relay. Using a growing library of over 1,500 templates we are able to identify the control messages and allow them to pass unhindered.
  1. Once the control messages are received, the bots open up their traffic and we are able to then see large quantities of spam. We trap the spam.
  1. From time to time additional control messages are sent and we allow those to reach their end destination.
 

What is the geographic mix of your traffic?

We see traffic from all over the world, and depending upon campaign and time frame we see this mix constantly change.

The best way to answer your question is to ask us to set up a trial stream and look and see if what we provide fits your purpose?

 

Why and how do you redact recipient-addresses?

We redact trap addresses, to reduce the probability that they will be revealed.

All outgoing traffic reports to users of our Threat Intelligence do not contain any information about our trap domains, trap addresses, or our receiving MTAs, IP addresses or any part of our network.

Mails that we receive containing email-addresses that do not belong to our trap network are usually misdirected spam or spam directed to open relays and these addresses remain untouched as there is no need to redact the receiving side of the spam mail in this case.

 

How Abusix redacts recipient-addresses

The redaction process is automatically applied on the full mail header and body.

Our systems ensure that any redaction we do does interfere with hash-based filtering mechanisms.

We rewrite the mail as described below: In the example, we use the trap address Spam_2011@trap.TLD

 

Step 1 - Matching

If the addresses belong to our trap network they are marked as “to be redacted”. These addresses are converted into a search pattern consisting of the domain part./trap.tld/i → matches the above domain part.This pattern is executed on both header and body of the original mail.

 

Step 2 - Rewriting

If there is a match, the mechanism starts to redact the matching pattern as follows:Lower-case character → xUpper-case character → XNumber → 1The remainder of the mail remains untouched.

 

Example

Spam_2011@trap.TLD
is redacted to
Spam_2011@xxxx.XXX

Dear Spam_2011
is redacted to
Dear Spam_2011

http://example.com/unsubsribe.php?Spam_2011%40trap.TLD
is redacted to
http://example.com/unsubsribe.php?Spam_2011%40xxx.XXX
 

Can you send us every single trap hit?

If you are an anti-spam security vendor

We believe that current solutions to the problem of spamming try to fight the symptoms instead of the roots. Spamming is evolving continuously and solutions prevailing on the market only retard the problem while charging hilarious amounts of money.

 

If you are an network owner, social network, crm, or email service provider

We believe that Network Owners need to take action in their role as a link between senders and receivers of spam emails.

By reporting every single spam mail to the network of origin, we grant Network Owners insights into the extent of the problem on their networks. Sending reports in fixed intervals, e.g. daily reports, would trivialize the problem and distort the message we want to send.

 

How do I become part of the Global Abuse Reporting project?

Park your unused domains

Can we park our unused domains so that the abuse that they see can be used by others?

If you want to point your unused cousin domains to report spam. Learn more: Blackhole.mx.

 

Provide Threat Intelligence to Abusix

Provide raw data to Abusix to help localize Abusix’s Threat Intelligence or provide more intelligence to companies using AbuseHQ. Reach out to support let’s talk more.

 

Report abuse back to network owners yourself

 

Contactdb for abuse@ addresses

A proxy database that provides you with the network owner abuse@ address, for any given IP address; to allow you to report network abuse directly to the appropriate network.

Learn more: (https://www.abusix.com/contactdb)

 

What is XARF?

XARF is an email format designed to report different types of network abuse incidents to network owners.

The main intention of x-arf is to extend the Abuse Reporting Format which is defined in RFC 6550 to permit reporting abuse like ssh attacks, brute force attacks, phishing websites and many more types of abuse.

XARF intends to stop the increasing number of homegrown report formats and offer an easy way to simplify handle incoming complaint reports more effectively.

Learn more: (http://xarf.org/)

 
 
 
 
Did this answer your question?
😞
😐
🤩