Sharing spamtrap data with Spamhaus: who, what and why

Who can share spamtrap data with Spamhaus?

The short answer is anyone. Anyone maintaining spamtraps can share data with Spamhaus. In addition to receiving threat intelligence from Spamhaus, many customers contribute spamtrap and SMTP data back to improve the intelligence they receive. Nevertheless, anyone who wishes to make the internet a safer place can also share their spamtrap data with us. This is regardless of whether you are a Spamhaus customer or not.

And while Spamhaus likes to receive spamtrap data “no matter what’s in there”, it’s always advisable to follow best practice – check out the M3AAWG best practices for building and operating a spamtrap.

How does Spamhaus use spamtrap data?

Spamhaus analyses over 7 billion data points every 24 hours. Included in this vast repository is spamtrap data. Wonderfully rich spamtrap data. Data such as URLs, email addresses within the message body, reply-to email addresses and attachments. Data points that wouldn’t otherwise be available and can be used to produce reputation data and detections.

That being said, it’s important to note that not every message that hits a spamtrap is classified as spam. Due to the type of spamtrap, its creation and how it has been maintained over time, some messages may not be suspicious or malicious. As a result, spamtrap data is sometimes used for visibility and to provide additional context only.

Why share spamtrap data with Spamhaus?

Customer or not, there are many reasons why you should share spamtrap data with Spamhaus:

Better filtering

For customers, it’s a no-brainer. As sharing spamtrap data allows us to tailor the data customers receive for their specific threat view, enhancing the performance of the data.

It might be surprising to learn that you will receive mail almost nobody else has received. This may be due to your geographical location, language, or business sector. By sharing spamtrap data with Spamhaus, it allows us to see traffic we wouldn’t otherwise see. Leading to better filtering for you as the customer and all Spamhaus customers.

But what if you’re not a Spamhaus customer?

Replace internal blocklists

If you are running an internal blocklist to filter mail for your users, some unwanted mail will always slip through. As a result, you are forced to maintain local filters to remove the unwanted traffic – this adds time and cost. Sharing “what you see” with Spamhaus reduces your workload, as we can include your traffic in our blocklists. What you see, becomes what we see.

Safer internet for all

As part of our ‘making the internet a safer place’ mission, our data about compromised machines and end users is shared free of cost with relevant Community Emergency Response Teams (CERTs) all over the world. By sharing your spamtrap data with Spamhaus you directly contribute to this effort, and in the end to a safer internet for all.

Shared security

Every contributor benefits not only from the data they share themselves, but also the data shared by others – if you’re the first to see something, no one else has to. This shared security approach creates a view that only looking at a single network can never compete with.

Sharing spamtrap data: A case study

Czech-based, Mailkit and Omnivery are known for their gleaming reputation as highly compliant email service providers. And every day they share a few thousand spamtrap emails with Spamhaus, resulting in blocklist additions based solely on their contributions.

For Mailkit and Omnivery the benefits of sharing spamtrap data are multiple, leading to:

• More accurate vetting of new customers, keeping their network clean.
• Better security for their own mail server.
• Receipt of more accurate data from the Spamhaus API for Central and Eastern Europe.
• Greater convenience, through receiving all reputation data together, not just spamtrap data in isolation.
• Better filtering for Spamhaus and all Spamhaus customers.

And as Jakub Olexa, Founder of Mailkit and Omnivery explains, “Ultimately, I believe that sharing our spamtrap data adds value not only to us or Spamhaus but makes for a better and safer internet for all.”

Share early, share often

At Spamhaus we know that networks and organisations benefit from sharing spamtrap data. We promote a ‘share early, share often’ philosophy, emphasizing two important aspects of data sharing.

Sharing early allows everyone to benefit from threats seen by others as early as possible. Furthermore, when data is shared in a continuous stream rather than in a batch, the data becomes even more valuable.

To learn more about how to share spamtrap data with Spamhaus, please contact us.