What is SMTP data?
SMTP, or Simple Mail Transfer Protocol, is a system of rules that lets different email clients consistently exchange information. It enables email to get from A to B as quickly as possible. As soon as a sender hits “send”, SMTP data is generated. The data informs both sending and receiving SMTP mail servers of what action to take, such as sending from and to whom.
Why is SMTP data valuable?
It can be an incredibly rich resource to highlight areas of malicious activity. The data is used primarily to detect unusual spikes in email traffic or patterns that suggest phishing or spam campaigns. Additional value extracted contributes to our IP and Domain reputation models, this helps:
- Reveal unauthorized email account usage
- Highlight compromised email accounts
- Trace the source of emails delivering malware attachments
How can YOU get value from your SMTP data?
By sharing SMTP data with Spamhaus! With over 25 years of experience analyzing SMTP data and an average 0.02% false-positive rate, Spamhaus can provide reliable protection that’s targeted to your email stream. Not everybody receives the same spam, phishing, or malware emails. You may see traffic that’s unique to your organization, your geography, or your industry - or you may see specific malicious traffic before others. Sharing this traffic with Spamhaus enhances the effectiveness of your email protection. It’s also worth noting that spammers rely on speed to exploit vulnerabilities. By sharing connection data quickly, you enable us to analyze it faster and mitigate potential damage. For the best results, sharing data that hasn’t already been filtered by other systems, means we have a better chance of identifying malicious or suspicious patterns.
How about personally identifiable information (PII)?
When you share SMTP connection data with Spamhaus, you only provide access to three pieces of information per record: IP address of the ‘sender’ who has sent email to you HELO string of the sender’s system Timestamp - when you received the email The “from” and “to” email addresses, and the email content, will never be shared with Spamhaus. This means the data you share NEVER contains PII and you always remain in control of the setup.
So, how is the data used?
To configure the data sharing, it’s a simple, one-time setup. We recommend sharing data every 60 seconds to ensure its value remains high. Once received, the data is stored in a central repository, where our proprietary algorithms analyze it to detect patterns of suspicious or malicious activity. Based on this analysis, we assign a reputation score to each IP address. If malicious or suspicious behavior is detected, the IP is listed in the appropriate Spamhaus datasets - often within seconds of sharing! As a result, you are automatically protected, while the dataset is strengthened for everyone.
Strength through sharing
Think of data sharing as being part of a global neighborhood watch. When one of your neighbors shares vital information, it could save you from falling victim to malicious behavior. Similarly, your shared insights could protect someone else in the community from a potential attack. Your positive actions benefit not only you, but the entire community as a whole. You might think your limited volume of emails won’t make a difference, but each piece of the puzzle piece helps build the overall picture. By working together, we can build a safer, more resilient community. To learn more about how to share SMTP data, please contact us.