👋 How can we help you?

Getting started with the Abusix Global Feedback Loop Reporting Service

A feedback loop allows the recipient of an email message to provide feedback to the originating service.


A feedback loop allows the recipient of an email message to provide feedback to the originating service via a “This is Spam” button.

It is helpful to any service that sends emails to help identify compromised accounts, remove recipients from mailing lists, and maintain statistics on senders to identify those with bad practices that give high complaint rates.


Since the early 2000s, Return-Path (now Validity) has offered their “Universal Feedback Loop” service, and many ISPs and mailbox providers have been part of this, allowing a transparent and easy data exchange with other ISPs, mailbox providers, and email service providers (ESPs) receiving ARF (Abuse Reporting Format) reports for actioning.

Recently, Validity announced that they will start charging a fee to send ARF reports to senders, which will negatively impact the entire email ecosystem as only some users that have participated will continue to do so. This change will also mean that the expectations of those sending feedback loop data and their users will not be met.

The “Universal Feedback Loop” service provides several functions:

  • It offered a simple email forwarding interface, allowing receivers to send them spam reports.
  • It provided a single place for an email provider to register their networks to receive Feedback Loop reports from any receiver that provided data to them.
  • It provided a mechanism for those sending reports to approve who should be able to receive their reports, or they could auto-approve “all.”

Because the service worked so well for years, there was no necessity or appetite to create any standard for Feedback Loop reporting until now.

In the wake of the Validity announcement, several RFC drafts were published to allow for the discovery of Feedback Loop addresses, allowing for a decentralization of sending and receiving Feedback Loop reports.

Global Reporting

At Abusix, one of our primary goals is to get as much Abuse reported as possible so it can be actioned and taken down.

To that end, we have been working for the last few months on a feature that provides “Abuse Reporting as a Free Service,” where we will report Abuse on behalf of anyone who wants to provide data for reporting via our XARF API.

With the publishing of the Draft RFCs for Feedback Loops, we realized that it would only take a few minor modifications to what we had already created to be able to provide a complete drop-in replacement for Feedback Loop reporting, so that is what we’ve done.


Set-up (for mailbox providers)

If you wish to send us your user feedback for us to report back to verified senders as part of a Feedback Loop, then all you need to do is:

1) Create an account at https://app.abusix.com and log in.

2) On the left-hand navigation under “Platform Functions,” click “Data Channels.”

3) Click “Create a Data Channel.”

4) Select “Report Abusive Behaviour” and click “Next.”:

5) Select “Send data using SMTP forward” and click “Next”:

6) Name your data channel something appropriate like “Feedback Loop,” select the “Mail from a spam inbox” option, and then click “Next”:

7) Agree to the terms of service and click “Next”:

8) Configuration of your endpoint is complete, and you are provided an SMTP address to send your user feedback.

9) Lastly, you need to two do final things.

First configure your mail system to use the SMTP address as the destination for your “This is Spam” feedback.

Please don’t send us any “This is NOT Spam” reports as these might contain private information.

Next email us at support@abusix.com to let us know that the Data Channel you has set up is for Feedback Loop reporting, as we will have to enable your Data Channel for this purpose.


Set-up (for email senders)

If you want to receive Feedback Loop reports for emails that you send. All you need to do is ensure that your mail is DKIM signed. Also, follow RFC 9477 and add CFBL-Address headers to your outbound mail.  The domain name of the destination address must be aligned with the DKIM d= domain, and the CFBL-Header must appear in the DKIM header list as well.

Based on feedback from some of the M3AAWG community for those that cannot easily follow RFC 9477 (email service providers that can not or do not double sign DKIM for their customers), we are also going to support this RFC Draft, which allows you to configure a DNS TXT record instead.


Frequently Asked Questions

Q: Is this service Free, and will it remain Free?

A: Yes, the Abusix Feedback Loop Service is part of our program to report and track Abuse globally.


Q: Is this a drop-in replacement for the Validity service?

A: Yes, from the mailbox provider point of view. Configuring an Abusix “Data Channel” in our portal is identical to the aliased email address you forward “This is Spam” reports to Validity today.


Q: Can I use your service while I build my own Feedback Loop reporting service?

A: Yes, feel free to use the service while you build your own Feedback Loop reporting service. The reason we are providing this service is to promote the RFCs that will allow decentralization of Feedback Loops, so the community doesn’t find itself in the same position again in the future.  Providing a drop-in replacement to what is being charged for now, buys some time for others to adopt to the new standards.


Q: Can I simultaneously send my “This is Spam” reports to you and the old Validity “Universal Feedback Loop” service?

A: Yes, not all senders will have added the CFBL-Address headers or DNS record to use the discovery methods yet, so sending to both of us will ensure that reports go where they can.  Any sender receiving a duplicate copy from both Validity and Abusix should be able to handle unsubscribing the user without issue.


Q: What does Abusix get out of providing this to the email community?

A: Abusix demonstrates that they are an integral player in helping the email community.  In the end, we help reduce the amount of unwanted email on the internet.  Abusix will use the reported spam to train our reputation systems by counting the number of reports we return to each Feedback Loop recipient.


Q: I’ve read the Feedback Loop RFCs; what exactly is Abusix providing here?

A: Abusix is providing a simple mailbox for a mailbox provider to send user feedback without requiring any other configuration or ongoing maintenance. We report feedback on their behalf in either ARF/XARF format to the relevant Feedback Loop destinations that are approved to receive reports by using our “Abusix Mail Intelligence” product to ensure that only legitimate entities receive reports, and not spam operations or other blackhats.


Q: Will you store any spam data from us?

A: Abusix will keep one piece of spam evidence from each spam source IP per day for a maximum of 60 days. The spam data will be used to answer Abusix support questions and as evidence for our mail analysts.


Q: Where is any of the spam data stored?

A: The spam data will be stored securely on systems in secure data centers in Europe; Abusix will not store the spam data on US-based servers.


Q: Can we manually approve each Feedback Loop recipient?

A: No - this is not possible. Instead, we will use our Abusix Mail Intelligence product to determine if the sender and feedback loop destination are trustworthy enough to send and receive Feedback Loop reports automatically. When necessary, Abusix will manually approve any senders that we’re unsure of.


Q: Is Abusix GDPR compliant?

A: Yes - Abusix is GDPR compliant, please see: https://trust.abusix.com/


Q: I have more questions! Where should I send them?

A: Please email support@abusix.com

Did this answer your question?