Threat Intelligence & Data Sharing
The "shared 'pirate' watch." This section covers how security companies and mailbox providers share "threat intelligence" (like "this new botnet is attacking") with each other to collectively identify and block new attacks in real-time.
Questions about Threat Intelligence & Data Sharing
What is threat intelligence in email?
How do anti-abuse teams share data?
What are feed-based blocklists?
What is real-time reputation sharing?
What are STIX/TAXII standards?
What are reputation APIs?
What is abuse desk automation?
What are domain reputation feeds?
How do SOCs integrate threat data?
How do ESPs share threat indicators internally?
What are public threat reporting channels?
What are industry collaboration programs (M3AAWG, GCA, APWG)?
How does data sharing improve global deliverability?