A guide to configuring SMTP data channels in AbuseHQ, covering email formats, data types, and best practices for forwarding abuse reports and spam data.
abuse@
role address, including abuse web form submittals from your website⚠️ Sending data via the API using the XARF field format is recommended, as it ensures the data can be processed and used immediately.
Learn more about sending data to our API.
⚠️ There are cases where data may not be parseable. For example, when an issue applies to an entire ASN, it’s not helpful to create an event for every single IP address.
Please contact support if you have questions.
abuse@
Role Address(es) to AbuseHQabuse@
role address should be forwarded by aliasing that address to the Abusix data channel email address provided to you in app.abusix.com.
If you’re using a different email address (not abuse@
), alias that address to the data channel email address as well.
Refer to the Inbound Processing / Event Types section in the documentation to see all types of vulnerabilities and abuse that AbuseHQ can tag and orchestrate.
❗ Forwarding from an email client does not work!
Always use aliasing. Forwarding from an email client modifies the message (e.g., adds headers or rewraps the message), which prevents proper parsing.
See our documentation for more info.Avoid sending bulk abuse emails, as they are resource-intensive to parse and maintain. Instead, use fire-and-forget integration via the API where possible.
Spam trap emails
Requirements:
❗ If you cannot preserve the original message, attach the x-originating-ip
header containing the malicious sender’s IP.
This is Spam
Requirements:
x-originating-ip
: IP address of the original senderx-original-from
: Original envelope FROM valueOther
This type has no strict requirements, but XARF formatting via email is still recommended.
Please describe the kind of data you’re sending in the comments field of the setup form. This context helps us correctly evaluate and process the submissions.
ℹ️ “Other” data is held in staging and not automatically parsed until reviewed.