What is ThreatWave and how do we use it?

What is ThreatWave?

ThreatWave is a global sensor network that processes millions of emails every day. It parses data from messages sent to email addresses that do not have active end-users. ThreatWave data acts as an indicator that there is an issue with list hygiene and reputation.This means that an ideal sender would not have any ThreatWave hits.

ThreatWave data provides deep, specific insights where as typical Spam Trap reporting offers little more than the number of hits and dates. ThreatWave data includes additional campaign metadata showing hits by day, IP address, domain, subject line, from address, and more.

What is the ThreatWave Dashboard?

The ThreatWave Dashboard converts the data and highlights statistics that point to sender reputation issues, such as poor list hygiene, poor list acquisition, or bad actors on a shared network. The insights that can be uncovered through the ThreatWave Dashboard to identify IPs, Brands, or Campaigns that the sender should evaluate and provides visibility into program activity that cannot be found elsewhere. It also helps you to identify brand protection issues, like domain spoofing that can damage customer relationships.

Use the dashboard to monitor your senders' behavior and proactively help refine or update your senders’ list quality, hygiene, and acquisition practices. All of this information can enable your senders to continually improve upon their best practices and sending behavior.

Note: The ThreatWave Dashboard is intended to assist you in uncovering underlying issues around sender reputation. Finding and removing ThreatWave addresses from your subscriber list does not allow you to understand and resolve the real cause of the issue. Instead, the dashboard should be used to identify the source of all likely bad addresses on an email list. 

How the ThreatWave Dashboard works

The ThreatWave Dashboard’s data and provided insights are powered by the ThreatWave Sensor Network. This network processes 2 terabytes of email data each day in order to identify potential issues with different IPs and domains, many of which are commercial and come from your network. The data and visualizations found on the dashboard can empower you to uncover risks and quickly resolve them.

Here are details about how the ThreatWave Dashboard works and how the data is collected:

  1. The ThreatWave Sensor Network handles inbound email of domains managed and operated by ThreatWave.
    • The ThreatWave Sensor Network manages these domains on behalf of the domain owner.
    • The ThreatWave Sensor Network accepts all email sent to the managed domains.
    • Any email sent by your customers who are marketing or commercial senders is processed by the ThreatWave Sensor Network. Since these ThreatWave managed domains have never hosted email in the past, or are not currently servicing email users, they should not be receiving marketing email from you or your customers. 

  2. The visualized data gives you detailed insight into issues surrounding different IPs, domains, subject lines, suspicious attachments, and infrastructure results. 
    • When one of your IPs is detected by the ThreatWave Sensor Network, the data is processed and aggregated and then presented to you in the ThreatWave Dashboard. This allows you to research you or your customer's sending behavior and take action to resolve any issues. 
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request