How does Abusix process messages?
We receive honey trap and honey ot traffic on dedicated systems at different locations around the globe. This guarantees high reliability, failure over safety and diversity.
The traffic in real-time, monitored, parsed and analyzed.
Honey Trap Processing
- After a (spam-) mail has been seen in our honey traps, the message is first evaluated to determine whether it is spam or not.
- Delivery Status Notifications (DSN rfc-3464), as well as bounce messages, are not considered spam, even if the original message hits a trap and thus we filter out these messages.
- We also implement a Hard Fail SPF record for our trap domains. This helps MTAs identify illegitimate traffic and prevents legitimate DSN messages, also from being misidentified as spam.
Honey Pot Processing
- When a new botnet connects to a new honeypot we first see control messages sent, to verify that the machine is an open relay. Using a growing library of over 1,500 templates we are able to identify the control messages and allow them to pass unhindered.
- Once the control messages are received, the bots open up their traffic and we are able to then see large quantities of spam. We trap the spam.
- From time to time additional control messages are sent and we allow those to reach their end destination.