With more than 90% of cyber attacks starting with an email, your SMTP data holds more value than you realize. It provides a unique opportunity to detect patterns of malicious or suspicious activity. By sharing basic SMTP connection data with Spamhaus - without including any personally identifiable information (PII) - you not only enhance your own protection but also contribute to a global effort to fight email abuse. Read on to learn more about what, why and how to share your SMTP data.

What is SMTP data?

SMTP, or Simple Mail Transfer Protocol, is a system of rules that lets different email clients consistently exchange information. It enables email to get from A to B as quickly as possible.

As soon as a sender hits “send”, SMTP data is generated. The data informs both sending and receiving SMTP mail servers of what action to take, such as sending from and to whom.

Why is SMTP data valuable?

It can be an incredibly rich resource to highlight areas of malicious activity. The data is used primarily to detect unusual spikes in email traffic or patterns that suggest phishing or spam campaigns. Additional value extracted contributes to our IP and Domain reputation models, this helps:

  • Reveal unauthorized email account usage
  • Highlight compromised email accounts
  • Trace the source of emails delivering malware attachments

How can YOU get value from your SMTP data?

By sharing SMTP data with Spamhaus!

With over 25 years of experience analyzing SMTP data and an average 0.02% false-positive rate, Spamhaus can provide reliable protection that’s targeted to your email stream. 

Not everybody receives the same spam, phishing, or malware emails. You may see traffic that’s unique to your organization, your geography, or your industry – or you may see specific malicious traffic before others. Sharing this traffic with Spamhaus enhances the effectiveness of your protection.

It’s also worth noting that spammers rely on speed to exploit vulnerabilities. By sharing connection data quickly, you enable us to analyze it faster and mitigate potential damage. 

For the best results, sharing data that hasn’t already been filtered by other systems, means we have a better chance of identifying malicious or suspicious patterns. 

How about personally identifiable information (PII)?

When you share SMTP connection data with Spamhaus, you only provide access to three pieces of information per record:

IP address of the ‘sender’ who has sent email to you

HELO string of the sender’s system 

Timestamp – when you received the email
The “from” and “to” email addresses, and the email content, will never be shared with Spamhaus. This means the data you share NEVER contains PII and you always remain in control of the setup.

So, how is the data used?

To configure the data sharing, it’s a simple, one-time setup. We recommend sharing data every 60 seconds to ensure its value remains high. Once received, the data is stored in a central repository, where our proprietary algorithms analyze it to detect patterns of suspicious or malicious activity.
Based on this analysis, we assign a reputation score to each IP address. If malicious or suspicious behavior is detected, the IP is listed in the appropriate Spamhaus datasets – often within seconds of sharing! As a result, you are automatically protected, while the dataset is strengthened for everyone.

Strength through sharing

Think of data sharing as being part of a global neighborhood watch. When one of your neighbors shares vital information, it could save you from falling victim to malicious behavior. 

Similarly, your shared insights could protect someone else in the community from a potential attack. Your positive actions benefit not only you, but the entire community as a whole. You might think your limited volume of emails won’t make a difference, but each piece of the puzzle piece helps build the overall picture. By working together, we can build a safer, more resilient community.

To learn more about how to share SMTP data, please contact us.