Popular topics: Postfix Message stream

Message stream

Overview

Anti-spam vendors need to constantly tune their spam heuristics engines to catch the latest shape-shifting threats.

Abusix’s Spam Threat Intelligence service is a real-time corpus of spam messages. This feed may be used for tuning your anti-spam filters and monitoring your network or services for bad actors and compromised systems.

For security providers, this is the best solution in the marketplace today, as it provides you with the same data set used by major security providers as well as Virus Bulletin to rank and evaluate providers.

For network and service operators, this is the best solution in the marketplace today, as you are able to see the start, peak, and end of spam runs that will get your IP addresses blacklisted.

This feed is 100% pure spam, false positive free, allowing you to use the data with confidence in your automated workflows.

Description

Abusix’s Spam Threat Intelligence Message Stream is a real-time corpus of spam messages, designed so that you to may use the data with complete confidence in your automated workflows.

Our most complete and standard format is JSON transported via stream, with identifying attributes such as the language of the message, file types attached, and more. The entire message and attachments are also attached. We can also provide files only as well as metadata elements in a stream as well as hourly reports.

We offer two message streams of data

  • Black stream provides 100% false positive free data
  • Black and Grey stream provides a rich mix of spam, suitable for hunting.

Ultimately, the depth and versatility of Abusix Intelligence make our data a critical component of any cyber-defense.

Key Benefits

Using our proprietary sensor network, we provide an unparalleled view of threats through our constant corpus of threat rich data which allows you to:

  • identify spam in realtime, within your inbound, or outbound spam filters, by using our pure black stream
  • hunt for malicious inbound malware, fraud, and phish using our grey stream

Specifications

Format

This feed is available as a meta-data feed, enriched with the transaction, authentication, header, message body, cname, attachment and associated metadata upon demand.

We distribute the message feed in a JSON structure.

JSON Payload Format Example

{
  "smtp_mail_from" : "Anya277@unizentechnologies.com",
  "data_colorcode" : "black",
  "email_attachment_count" : "0",
  "source_ip" : "171.240.245.173",
  "detected_text_language" : null,
  "email_subject" : "hi",
  "email_attachment_count" : 0,
  "email_attachment_content_types" : [ ],
  "email_attachment_file_names" : [ ],
  "email_attachment_hashes_md5" : [ ],
  "email_attachment_tags" : "",
  "data_origin" : "com.abusix.spam.trap",
  "email_urls" : [ ],
  "smtp_timestamp" : "Thu, 18 Jan 2018 13:09:07 +0000",
  "email_headers_raw" : {
    "date" : [ "Thu, 18 Jan 2018 20:09:03 +0700" ],
    "mime-version" : [ "1.0" ],
    "content-transfer-encoding" : [ "8bit" ],
    "x-mailer" : [ "PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)" ],
    "subject" : [ "hi" ],
    "x-php-originating-script" : [ "853:class-phpmailer.php" ],
    "message-id" : [ "<f7678bee21a5ecec1041bf33f0507707@unizentechnologies.com>" ],
    "received" : [ "from [171.240.245.173] ([171.240.245.173])\r\n\tby example.me (Haraka/2.8.16) with ESMTP id 401F2F97-EE39-4236-9361-760271ACEDD1.1\r\n\tenvelope-from <Anya277@unizentechnologies.com>;\r\n\tThu, 18 Jan 2018 13:09:07 +0000", "by mail.unizentechnologies.com (Postfix, from userid 853) id DB472E03603; Thu, 18 Jan 2018 20:09:02 +0700" ],
    "content-type" : [ "text/html; charset=UTF-8" ],
    "from" : [ "Anya <Anya277@unizentechnologies.com>" ],
    "to" : [ "dumikem@abusix.invalid" ]
  },
  "source_port" : "57505",
  "smtp_rcpt_to" : [ "dumikem@abusix.invalid" ],
  "original_message_base64_encoded" : "UmVjZWl2ZWQ6IGZyb20gWzE3MS4yNDAuMjQ1LjE3M10gKFsxNzEuMjQwLjI0NS4xNzNdKQ0KCWJ5IGV4YW1wbGUubWUgKEhhcmFrYS8yLjguMTYpIHdpdGggRVNNVFAgaWQgNDAxRjJGOTctRUUzOS00MjM2LTkzNjEtNzYwMjcxQUNFREQxLjENCgllbnZlbG9wZS1mcm9tIDxBbnlhMjc3QHVuaXplbnRlY2hub2xvZ2llcy5jb20+Ow0KCVRodSwgMTggSmFuIDIwMTggMTM6MDk6MDcgKzAwMDANClJlY2VpdmVkOiBieSBtYWlsLnVuaXplbnRlY2hub2xvZ2llcy5jb20gKFBvc3RmaXgsIGZyb20gdXNlcmlkIDg1MykgaWQgREI0NzJFMDM2MDM7IFRodSwgMTggSmFuIDIwMTggMjA6MDk6MDIgKzA3MDANClRvOiBkdW1pa2VtQGFidXNpeC5pbnZhbGlkDQpTdWJqZWN0OiBoaQ0KWC1QSFAtT3JpZ2luYXRpbmctU2NyaXB0OiA4NTM6Y2xhc3MtcGhwbWFpbGVyLnBocA0KRGF0ZTogVGh1LCAxOCBKYW4gMjAxOCAyMDowOTowMyArMDcwMA0KRnJvbTogQW55YSA8QW55YTI3N0B1bml6ZW50ZWNobm9sb2dpZXMuY29tPg0KTWVzc2FnZS1JRDogPGY3Njc4YmVlMjFhNWVjZWMxMDQxYmYzM2YwNTA3NzA3QHVuaXplbnRlY2hub2xvZ2llcy5jb20+DQpYLU1haWxlcjogUEhQTWFpbGVyIDUuMi4yMiAoaHR0cHM6Ly9naXRodWIuY29tL1BIUE1haWxlci9QSFBNYWlsZXIpDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDhiaXQNCg0KWW91IHNlZW0gbGlrZSBteSB0eXBlIGFuZCBJIHdvdWxkIGxpa2UgdG8ga25vdyB5b3UgbW9yZSENCldyaXRlIG1lIGlmIHlvdSBhcmUgaW50ZXJlc3RlZCwgaGVyZSBpcyBteSBlbWFpbCBkZW5pc2F1cnN1bGEya2VpQHJhbWJsZXIucnUgYW5kLCBpZiB5b3Ugd2FudCwgSSB3aWxsIHNlbmQgc29tZSBvZiBteSBwaG90b3MuDQoNCkh1Z3MsDQpBbnlhDQoNCg=="
}

Volume (as of June 16, 2020)

Abusix processes an ever-increasing 800 million trap hits daily through its infrastructure. Statistics below, are for deduped data, as of June 16, 2020.

JSON Black Message Stream
All BLACK Messages whole with files- deduped primarily on URL, files (but also includes black text-only messages deduped)

min: 2.01M / day
max: 10.52M / day
avg: 3.83M / day

JSON Black+Grey Message Stream
ALL BLACK+GREY Messages whole with files - deduped similarly (also includes black text-only messages deduped)

min: 3.02M / day
max: 13.50M / day
avg: 7.07M / day

Requirements

To receive a feed you need to tell us you are ready and we will send you credentials

Was this article helpful?

Can’t find what you’re looking for?

Our award-winning customer care team is here for you.

Contact Support