Overview

Open Subtypes

Inbound Processing, Event Types

Abusix

An introduction to accessing Abusix data streams via HTTP or STOMP, with example scripts and stream specifications for seamless integration.

Getting started with Abusix Guardian Intel

Guardian Intel FAQ

Guardian Intel Lookup

Using the Guardian Intel Lookup Tool

For each IP address in the Guardian Intel data set, a classification key is included in the Abusix Visualizer and the Abusix APIs. The following explains how Abusix classifies IPs within the Internet Scanner Intelligence data set.

Understanding Abusix Classifications

Understanding Abusix Dataset

Using the Abusix Guardian Intel Enterprise API

Setting Up Guardian Ops

Create and manage your workflows

New file

Enable 2FA

Configure your mail settings

Helpful Configurations

Integrate Guardian Ops with other systems

Configure Inbound Processing

API Resolver Caching

Data Retention Configuration

Email Templates Configuration

Smartlinks Configuration

SMTP Services for Email Templates

Subscriber resolving via an API and target system (like a CRM or Radius Server)

Subscriber Resolving with Ubersmith

Subscriber resolving via X-Header

Integrate with upstream systems using Webhooks

Answers to frequently asked questions about AbuseHQ, covering setup, functionality, integrations, and best practices for managing abuse reports efficiently.

AbuseHQ FAQ

Browser support

Email and report template variables

Outgoing IPs

 Parrot Querry Language PQL

Resolver Reference

Subscriber Data Model

System status

Abusix Guardian Mail is a suite of curated DNSRBLs designed to protect inbound and outbound mail servers. Guardian Mail provides the most accurate, comprehensive, and innovative blocklists on the internet.

Guardian Mail

Delisting Overview

Most Frequently Asked Questions about Abusix Blocklists.

Blocklist FAQ

A quick-start guide for integrating Abusix DNSBLs into blocklist check tools, offering free access and setup instructions to enhance threat visibility for your users.

Integrate Abusix with Blocklist Check Providers

Usingrsync

A comprehensive reference of Abusix’s production-ready DNS blocklists and whitelists, detailing list types, usage scenarios, return codes, and integration guidelines for email security infrastructure.

Production Zones

A preview set of experimental DNS zones and threat data from Guardian Mail, offering early access to emerging anti-abuse signals for testing, feedback, and non-production scoring.

Beta Zones

Executing dig, host, and nslookup queries

A reference guide to all Guardian Mail return codes, mapping DNSBL responses to their corresponding threat lists and data types for accurate interpretation and filtering.

Return Codes

A lightweight tool to quickly and transparently compare Guardian Mail against other DNS blocklists using log-based or real-time analysis—without disrupting your mail flow.

Comparison Tool Overview

Answers to common questions about using the Guardian Mail Comparison Tool, covering setup, limitations, query behavior, compatibility, and technical details.

Comparison Tool FAQ

Step-by-step instructions for requesting, installing, and running the Guardian Mail Comparison Tool in logfile mode to evaluate DNSBL performance using your own mail logs.

Setup of the Comparison Tool

Instructions for executing the Guardian Mail Comparison Tool in logfile or real-time mode to generate DNSBL performance reports and CSV-based analysis of IP blocklist coverage.

Running the Comparison Tool

Learn about the Abuse Management dashboard.

Abuse Management

Why is forwarding your abuse data important?

Forwarding Your Abuse Data

Learn how to get abuse@ addresses to report network abuse to peers.

Abuse Reporting

 Reporting abuse on the Internet is a complex and time-consuming task.

About Abusix Global Reporting

Find out how to implement the Abusix Global Feedback Loop Reporting Service.

Getting Started With the Abusix Global Feedback Loop Reporting Service

If you have abuse to report and can provide the minimum required data for a given report type; please send your data to your API endpoint.

Getting started with the Abusix Global Reporting Service

XARF FAQ

An overview of XARF schemas as a standardized, automation-friendly format for reporting abuse and security incidents across a wide range of use cases including spam, phishing, copyright violations, and system attacks.

XARF (eXtended Abuse Reporting Format)

Abuse Contact DB Overview

Getting Started with Abuse Contact DB

Abuse Contact DB FAQ

Validate abuse@ role addresses

Blackhole MX Overview

Getting started with Blackhole MX

Portal

An overview of Abusix Data Channels, which enable organizations to send abuse reports and email telemetry to strengthen global threat intelligence and enhance workflows.

What are Data Channels?

Data Channel Use Cases

A step-by-step guide to submitting abuse reports via the Abusix API using the XARF format, including setup, payload structure, and response handling.

Submitting data via the API to Data Channels

A technical guide for configuring and sending real-time SMTP transaction data to Abusix via UDP to enhance Guardian Mail’s accuracy and intelligence.

Submitting MTA Transaction Feeds via UDP to Data Channels

A guide to configuring SMTP data channels in AbuseHQ, covering email formats, data types, and best practices for forwarding abuse reports and spam data.

Type	Mapping
Copyright
Spam
Content
Activity
Vulnerability
Open
MailRelayAttempt
Bot
Malware
MalwareHosting
Phishing
NotSpam?
Spamvertised?
Blacklist	Blocklist
Trademark
PortScan
DDos
DDosAmplification
IpSpoof
LoginAttack
IPReclamation
DNSProblems
Exploit
ChildAbuse	CSAM
RPZ
Trap
CompromisedAccount
CompromisedServer
CompromisedWebsite
CVE
Backdoor
Fraud
Defacement
RogueDNS
Doxing
WebHack
WebCrawler
AuthFailure
Censorship
CompromisedMicrosoftExchange
DNSBlocklist
SSLPoodle
OutdatedDNSSEC
SSLFreak
Propaganda
Violence
DeviceIdentification
IllegalAdvertisement
MaliciousActivity
Harassment

Type	Mapping
socks
proxy
router
redis
mongodb
elasticsearch
portmapper
snmp
ntp
tftp
ftp
rdp
rsync
netbios
mqtt
mc_sqlr
mdns_resolver
dns_resolver
ipmi
ldap
adb
afp
ard
ipp
ssl
tls
vpn
cwmp
ms_exchange
chargen
memcached
mssql
natpmp
qotd
ssdp
isakmp
vnc
telnet
xdmcp
db2
smb
hadoop
cisco_smart_install
mail_server
grafana
bitbucket
apache_server
gitlab_server
imap
pop3
http
radmin
ubiquiti
ssh
coap
vpn
smi
bosmon
ms_sharepoint
secvest_alarm_system
directory_listing
citrix
amqp
modbus
kubernetes_api_server
epmd
postgresql
quic
couchdb
docker
sip
stun
dvr
ics
hp_ilo
smarter_mail_server
log4j
zimbra_server
sap
bacnet
qnap
confluence
sophos
h2_web_console
fortigate
ivanti
fortios
canon
ws-discovery
slp
msmq

Guardian Ops

Workflows

Helpful Configurations

Integrations

AbuseHQ

Inbound Processing, Event Types

Overview

Open Subtypes

Guardian Ops

Workflows

Helpful Configurations

Integrations

AbuseHQ

​Overview

​Open Subtypes

Overview

Open Subtypes