> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abusix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Abuse Reporting

> Learn how to get abuse@ addresses to report network abuse to peers.

## Overview

A complete Network Operator (ISP, Telco, or Hosting Provider) abuse reporting solution involves three key steps:

1. **Intake and Mapping**: Collecting metadata—IOCs (Indicators of Compromise) and IOAs (Indicators of Abuse)—from public reporters (organized and individual), internal reporters (users and employees), and system alerts or security logs.
2. **Alignment and Correlation**: Connecting reports describing the same or similar issues across infrastructure and individual users.
3. **Action**: Ranking severity and acting on the data in near real-time to resolve the problems triggering the IOCs or IOAs.

## Reporting Mechanisms

No single mechanism is without both benefits and negative aspects. Thus, deploying several methods in tandem is often the best approach to ensure comprehensive coverage.

We strongly recommend "structured" reporting, such as machine-readable reports using [XARF](https://xarf.org/) (see [GitHub](https://github.com/xarf/xarf-spec/tree/main)), our [API](/docs/abuse-reporting/global-reporting/about), or the [Web Form](http://app.abusix.com/abuse-report) ([documentation](/docs/abuse-reporting/report-abuse-form)). These are far more useful and far more likely to be handled quickly than unstructured reports (e.g. free-form emails or chat messages), which require manual review or complex AI processing that is costly, time-consuming, and error-prone. Structured data allows for immediate automated ingestion, correlation, and action.

### [API Reporting](/docs/abuse-reporting/global-reporting/about)

APIs are best used for internal alerts, security logs, and by trusted large-scale submitters. They allow for high-volume, automated submission of structured data.

Get started with [API reporting](/docs/abuse-reporting/global-reporting/abusix-global-reporting-service).

### [Web Form](/docs/abuse-reporting/report-abuse-form)

Web forms are usually public-facing and user-facing. Many prospects build complaints forms for external reporting—especially for websites that infringe on copyright, host intellectual property or personal information, or engage in phishing.

However, the inevitable problem is that reports filed through custom forms are often handled externally rather than being processed using standard workflows. Using our standardized Web Form ensures structured data intake that integrates with global reporting standards.

Get started with the [Web Form documentation](/docs/abuse-reporting/report-abuse-form) or go directly to the [Report Abuse Form](http://app.abusix.com/abuse-report).

### [Email Forwarding](/docs/guardian-ops/introduction)

Public-facing and trusted reporter addresses (like `abuse@`) are essential, but report quality varies significantly. Some email-based abuse reports are unstructured, making automated processing difficult without advanced parsing.

Guardian Ops solves this with its advanced **Inbound Processing** engine. It automatically parses incoming emails, extracting relevant metadata and converting them into structured, actionable cases, ensuring consistent handling regardless of the report's original format.

Learn more about Guardian Ops [here](/docs/guardian-ops/introduction) or start your free trial within our [platform](https://app.abusix.com/guardian/ops/).

<CardGroup cols={2}>
  <Card title="Web Form" icon="window-maximize" href="/docs/abuse-reporting/report-abuse-form">
    Public-facing interface for manual, structured abuse reports.
  </Card>

  <Card title="API Reporting" icon="code" href="/docs/abuse-reporting/global-reporting/about">
    Automated reporting for internal alerts and security logs.
  </Card>

  <Card title="Email Forwarding" icon="envelope" href="/docs/guardian-ops/introduction">
    Forward abuse emails directly for processing.
  </Card>
</CardGroup>

## Types of Reportable Abuse

The range of reportable abuse types is broad. Reports submitted via various mechanisms often include:

* **Spam & Phishing**: Outbound spam, spamvertising (hosted redirect and payloads), phishing hosting.
* **Security Incidents**: Hacked or defaced pages, child sexual abuse material (CSAM), copyright/trademark issues.
* **Network Attacks**: DDoS (hosted amplification, botnet C\&C), malicious signups, port scanning, brute force attacks.
* **Other Malicious Activity**: Malware distribution, ransomware payment sites, rogue DNS servers.

Classifications for how criminals get access to web resources often involve hacked or compromised servers, abused DNS services, or criminal registration.

## Resources

<CardGroup>
  <Card title="Getting Started with Global Abuse Reporting" icon="folder-open" href="/docs/abuse-reporting/global-reporting/about" horizontal={true}>
    Reporting abuse on the Internet can be a complex and time-consuming task. The Abusix Global Reporting project makes it simple.
  </Card>

  <Card title="XARF (Extended Abuse Reporting Format)" icon="book" href="/docs/abuse-reporting/xarf" horizontal={true}>
    Learn about the eXtended Abuse Reporting Format (xarf) for reporting abuse to Network and DNS Operations
  </Card>

  <Card title="You received an Abusix Abuse Report" icon="paper-plane" href="/docs/abuse-reporting/you-received-an-abusix-abuse-report/" horizontal={true}>
    Learn more about the global reports we provide to Email and Network Operations
  </Card>

  <Card title="Blackhole MX" icon="paper-plane" href="/docs/abuse-reporting/blackhole/" horizontal={true}>
    A free service that allows professionals working at ISPs and security companies to see unsolicited email communications and thus fight internet abuse.
  </Card>

  <Card title="Abuse Contact DB" icon="paper-plane" href="/docs/abuse-reporting/abuse-contact-db/" horizontal={true}>
    The Abuse Contact Database (DB) is a database service for people who want to report network abuse directly to network owners.
  </Card>
</CardGroup>