This information was originally designed to allow Email Service Providers (ESPs) to monitor the email streams sent by their customers, providing detailed information on who is causing your pain. The same information can help ISPs identify customers who spam, and customers whose servers or networks are compromised and provide a channel for criminal spam and abuse.

The SIS FBL consists of one record per spamtrap hit that matches your criteria. That record is saved in a CSV-format file that is posted daily, allowing you to download and import the CSV file into a database or spreadsheet. If the spamtrap hit is one that you want to know about immediately, the SIS FBL record can also be sent to you in near-real-time as an email alert.

Each SIS FBL record contains the following information:

• Timestamp: Date and hour that the email was received.
• Connecting IP: IP address that sent the email to our MX server.
• HELO: HELO string issued by the server that sent the email to our MX server.
• From email address: Email address from the From header.
• Subject: Contents of the Subject header.
• URI host: Hostname from the email URI, if any.
• Drop Box Email Address. Any email address in the Reply-to header or message body.

These fields are unmodified except where a tag or identification string appears to exist to identify the email recipient. In that case, the information in the field might be modified to remove the identification string.

This data provides excellent visibility into which emails are hitting spam-traps. This information is highly effective in helping email senders identify the exact sources of spam and abuse coming from their networks. It is equally effective in helping web hosts identify the customers who are advertising their sites using spam sent from another location.