About Spamhaus Technology
Spamhaus is the trusted authority on threat intelligence data, with over two decades of experience. This experience, the quality and accuracy of data, alongside our robust infrastructure, is what sets us apart.
Data from Spamhaus protects and provides insight across networks and email worldwide. Spamhaus’ datasets are used by leading global technology companies, internet service providers and hosting companies, among others.
Keep ahead of the threat
By identifying spammers, bot herders and cyber criminals, Spamhaus protects over three billion mailboxes worldwide, every day. Reputation-based threat intelligence in an essential element of multi-layered security.
Email is mission critical to all businesses and organizations, retaining a unique position as the most common communication tool across the internet. However its widespread use makes it a key channel for cyber criminals to take advantage of your data, your money and your networks. For more than a decade we have been helping organizations protect against such activity through our reputation-based threat intelligence.
You need to trust your connections online and with Spamhaus data, you have a first line of defense advising you of the reputation of email entering your network
18,000 malware samples
processed every day
of heuristics are used to
identify the safe from the
botnet nodes listed
Who can use this?
- Email administrators
- Email engineers who manage their own email infrastructure
- Free 30 day trial for data query service. See: https://www.spamhaustech.com/free-trial/free-trial-for-data-query-service/
What can Spamhaus data be integrated with?
- Any major mail transfer agent (MTA). If your MTA can consume Domain System Block Lists (DNSBLs) you can use Spamhaus block lists
With a 99%+ block rate, this easy to configure service doesn’t rely on expensive hardware. Spamhaus block lists can be used with open-source tools like SpamAssassin, or integrated with your current anti-spam platform, keeping costs to a minimum.
The Spamhaus Data Query Service (DQS) comprises of a number of real-time IP block lists and domain block lists.
For website, form and portal protection our data-sets are also available via API.
Which Spamhaus block lists are available for use with the Data Query Service?
IP Block Lists
IP addresses observed to be involved in sending or hosting spam, including hijacked servers and computers infected with botnet malware. Spamhaus ZEN combines the power of all our IP data sets into a single block lists.
Spamhaus Block List – SBL
IPs identified to Spamhaus’ best ability as likely:
- Direct spam sources,
- Spammer hosting/DNS
- Spam gangs
- Spam support services.
Filters out a significant majority of email threats before they have a chance to access your network. More time for you and your security team to focus on in-depth analysis and investigation.
Exploits Block List – XBL
IP addresses hosting:
- Malware-infected computers.
- Automated tools observe SMTP connections for spamtrap and production mail servers.
Cyber criminals exploit and hijack legitimate networks so with XBL you can block email traffic from what might first appear to be a trusted source.
Policy Block List – PBL
IP address ranges for end-user devices from which email should never be sent:
- IoT devices
- Home routers
- Smart TVs
The PBL lists IPs not because they are actively sending spam, but as a pre-emptive measure to prevent spam from networks that should send no email at all.
Content Block Lists
Constantly updated block lists that focus on low reputation/malicious domains and cryptographic hashes.
Domain Block List – DBL
- Domains owned by spammers and used for spam or other malicious purposes.
- Domains owned by non-spammers, used for legitimate purposes, but hacked by spammers.
Includes basic spam, phishing, malware, botnet C&C and redirector domains.
Zero Reputation Domain – ZRD
Cyber criminals use newly registered and active domains to send spam and drive traffic to harmful websites hoping to claim victims before a domain has been analyzed.
ZRD automatically adds newly-registered and previously dormant domains to a block list for 24 hours.
Legitimate organizations will rarely activate a domain and start using it immediately after registration. ZRD prevents clicking on links and visiting domains until it is established that they are not associated with malicious activities.
Hash Block List – HBL
This blocklist contains the following content areas: Cryptowallet (Bitcoin etc.), Malware and Email addresses.
Hash Blocklists (HBL) are lists of cryptographic hashes associated with malicious content, as opposed to IP addresses or domains. They are extremely useful for filtering fraudulent emails coming from ISPs, domains, or IP addresses that Spamhaus is unable to list e.g. Gmail. Additionally, they can block emails containing malware files.
The threat landscape is constantly changing as cybercriminals continually try to avoid detection, and increase the number of legitimate resources they can utilize. Recently domain hijacking has become more prevalent. Every day this year, Spamhaus has observed over a 100 hijacked domains at one single domain registrar.
Researchers at Spamhaus Malware Labs identified and blocked 17,602 botnet C&C servers hosted on 1,210 different networks. That is an enormous 71.5% increase from the number of botnet C&Cs seen in 2018. Since 2017, the number of newly detected botnet C&Cs has almost doubled from 9,500 to 17,602.
When Spamhaus Malware Labs observe a 100% increase in the number of domains that are being registered by cybercriminals to host a botnet command & control (C&C) it’s time to stop. Cybercriminals prefer to use a domain name registered exclusively to host a botnet C&C