Abusive Content


Events with this classification type identify a system that was likely involved in sending unsolicited bulk email. Meaning that the recipient did not grant verifiable permission for the message to be sent to him/her and that the message was sent as part of a larger collection of messages with similar content.

If the system identified by the source is an email server we recommend to check the mail logs for unusual activity to identify the root cause. This can be for example a user intentionally sending unsolicited bulk email or a compromised user account that was misused by a third party to send such messages.

If the system identified by the source is not intended to be an email server this usually means that the system is infected with malware and likely part of a botnet.

The system should be regarded as compromised, until further investigation has proven otherwise.


  • Mail server: check the logs for suspicious activity.
  • Non mail server: scan the system for malicious software