👋 How can we help you?

Setting up your Data Channel using SMTP Forward

How to format SMTP packages

Last updated on Invalid Date

 

Forwarding via SMTP (data format)

General Guideline

This data format is applicable to the following two wizard set-up paths:

  • sending report data to your AbuseHQ instance
  • reporting abusive behaviour
 

Please be aware, that sending in data via XARF is recommended, as this data transfer guarantees that data can be parsed immediately.

You can learn more about XARF here.

 

Email format

The ideal format for emails depends on the data type. The mentioned points should be followed as much as possible. In general, this increases the chances of your data being parsed automatically. However, there is still no 100% guarantee that the data can always be parsed, as various factors can influence the outcome.

 

Abuse reports

Abuse reports should be forwarded as-is.

  • If you send in data that you receive from external parties, don’t add additional headers or place the report in an envelope email. Simply forward the report directly.
  • If possible, use standard formats like XARF via Mail or MARF.
  • If possible, avoid bulk reports, they are usually hard to parse.
 

Spam traps

  • Only use this data type for genuine email traps that should never receive benign traffic.
  • Do not pack the data in an envelope. You should directly forward the trap hits.
  • Redaction/Anonymization is possible, but should be done carefully. Make sure to not break any headers.
  • The envelope FROM of the sent message should be the original FROM value that was sent to the trap. Don’t use your own address here.
  • Attach an header x-originating-ip to the original mail, containing the IP address of the malicious sender that sent the mail to the trap.
 

Mails reported as spam

  • The reported mail should be sent as an attachment in an envelope report mail, not directly forwarded.
  • If available, attach information about the original sender IP address to the report mail, using the x-originating-ip header.
  • If available, attach information about the original envelope FROM value to the report mail, using the x-original-from header.
 

Other

  • This data type has no specific requirements. Please specify as a comment what kind of data you are sending.
  • Data of the type “other” will initially never be parsed automatically.
Did this answer your question?
😞
😐
🤩