One of the defining characteristics of a takedown provider is its ability to detect phishing sites. Through various approaches, takedown vendors have defined their strategies for detection of malicious emails - either building up their own spam traps, pulling data from third-parties like the Anti-Phishing Working Group, partnering with mail service providers, or even acquiring other organizations. While these approaches are often successful, in that they detect a significant number of phishing attacks, they are still incomplete, and often are missing a non-negligible amount of phish.
Article Link: http://info.brandprotect.com/blog/abuse-box-forwarding-phishing-detection