Spamhaus logo

About Spamhaus Technology

Spamhaus is the trusted authority on threat intelligence data, with over two decades of experience. This experience, the quality and accuracy of data, alongside our robust infrastructure, is what sets us apart.

Data from Spamhaus protects and provides insight across networks and email worldwide. Spamhaus’ datasets are used by leading global technology companies, internet service providers and hosting companies, among others. 

Keep ahead of the threat

By identifying spammers, bot herders and cyber criminals, Spamhaus protects over three billion mailboxes worldwide, every day. Reputation-based threat intelligence in an essential element of multi-layered security.

Email is mission critical to all businesses and organizations, retaining a unique position as the most common communication tool across the internet. However its widespread use makes it a key channel for cyber criminals to take advantage of your data, your money and your networks. For more than a decade we have been helping organizations protect against such activity through our reputation-based threat intelligence.

You need to trust your connections online and with Spamhaus data, you have a first line of defense advising you of the reputation of email entering your network

Spamhaus - features
Spamhaus product overview
3 million

domains assessed
18,000 malware samples
processed every day

9 billion

SMTP connections
analyzed daily


of heuristics are used to
identify the safe from the
potentially malicious

12 million

botnet nodes listed

3 billion+

mailboxes are
protected globally

Who can use this?

What can Spamhaus data be integrated with?

  • Any major mail transfer agent (MTA). If your MTA can consume Domain System Block Lists (DNSBLs) you can use Spamhaus block lists

Product outline

With a 99%+ block rate, this easy to configure service doesn’t rely on expensive hardware. Spamhaus block lists can be used with open-source tools like SpamAssassin, or integrated with your current anti-spam platform, keeping costs to a minimum.

The Spamhaus Data Query Service (DQS) comprises of a number of real-time IP block lists and domain block lists.

For website, form and portal protection our data-sets are also available via API.

Which Spamhaus block lists are available for use with the Data Query Service?

IP Block Lists

IP addresses observed to be involved in sending or hosting spam, including hijacked servers and computers infected with botnet malware.  Spamhaus ZEN combines the power of all our IP data sets into a single block lists.

Spamhaus Block List – SBL

IPs identified to Spamhaus’ best ability as likely:

  • Direct spam sources,
  • Spammer hosting/DNS
  • Spam gangs
  • Spam support services.

Filters out a significant majority of email threats before they have a chance to access your network. More time for you and your security team to focus on in-depth analysis and investigation.

Exploits Block List – XBL

IP addresses hosting:

  • Bots
  • Malware-infected computers.
  • Automated tools observe SMTP connections for spamtrap and production mail servers.

Cyber criminals exploit and hijack legitimate networks so with XBL you can block email traffic from what might first appear to be a trusted source.

Policy Block List – PBL

IP address ranges for end-user devices from which email should never be sent:

  • IoT devices
  • Home routers
  • Smart TVs

The PBL lists IPs not because they are actively sending spam, but as a pre-emptive measure to prevent spam from networks that should send no email at all.

Content Block Lists

Constantly updated block lists that focus on low reputation/malicious domains and cryptographic hashes.

Domain Block List – DBL

  • Domains owned by spammers and used for spam or other malicious purposes.
  • Domains owned by non-spammers, used for legitimate purposes, but hacked by spammers.

Includes basic spam, phishing, malware, botnet C&C and redirector domains.

Zero Reputation Domain – ZRD

Cyber criminals use newly registered and active domains to send spam and drive traffic to harmful websites hoping to claim victims before a domain has been analyzed.

ZRD automatically adds newly-registered and previously dormant domains to a block list for 24 hours.

Legitimate organizations will rarely activate a domain and start using it immediately after registration. ZRD prevents clicking on links and visiting domains until it is established that they are not associated with malicious activities.

Hash Block List – HBL

This blocklist contains the following content areas: Cryptowallet (Bitcoin etc.), Malware and Email addresses.

Hash Blocklists (HBL) are lists of cryptographic hashes associated with malicious content, as opposed to IP addresses or domains. They are extremely useful for filtering fraudulent emails coming from ISPs, domains, or IP addresses that Spamhaus is unable to list e.g. Gmail. Additionally, they can  block emails containing malware files.

Who can use this?

  • Network engineers
  • Security operation centre (SOC) teams who are running their own DNS infrastructures

What can Spamhaus data be integrated with?

Spamhaus DNS Firewall Threat Feeds can be used with a variety of major DNS software, in addition to DNS hardware:

DNS software

  • Bind
  • PowerDNS
  • Unbound*
  • Knot**

DNS appliances (DDIs)

  • Infoblox
  • Efficient IP
  • Bluecat

* Requires feedback to Farsight for their proprietary plug-in “Fast Response Policy Zones” (RPZ)

** Partially supports DNS Firewall Feeds, however, does not support NSDname.


  • Vendor support varies, please contact us for further information.

Which Spamhaus block lists are available for use with DNS Firewall

You can choose which threat feeds you use, based on the amount of risk your business needs to be exposed to.

Who can use this?

  • Network engineers
  • Security operation centre (SOC) teams who manage their own network edge routers

What can Spamhaus data be integrated with?

Any network edge routers

Product outline

Provide your network with the most up to date protection against botnets and external attacks on your organization’s servers. Simply configure your edge router to peer with a Spamhaus Border Gateway Protocol feed (BGPf) router and a null route.  This will allow you to block all communication to, and from, botnet Command & Control servers, neutralising botnet nodes within your network and stopping data egress, even if devices are still infected with malware.

Which Spamhaus datasets are available for use with Border Gateway Protocol?

Spamhaus Do not route or Peer (DROP) feeds

Who can use this?

  • Security professionals,
  • Brand Protection Specialists,
  • Malware Researchers
  • Penetration Testers

How can Spamhaus Passive DNS data be accessed?

  • Web browser
  • API
  • Real-time continuous data-feed
  • Splunk integration being released in second half of 2020

Product outline

Spamhaus Passive DNS tool has flexible and fast search capabilities for users to query DNS infrastructure e.g. domain names, IP addresses and NameServers etc.  This allows investigators to quickly pivot to new areas of badness from a single entity. The fuzzy search functionality on Passive DNS enables brand protection specialists to search for all potential variations on their brand name and view what IP address the domain is being hosted on, along with the time this domain was both first and last observed. The UI is simple and effective, like ”Google” for DNS data. Discover how easy Passive DNS is to use.

Featured blogs

16.6.2020 Domain Hijacking Webinar Spamhaus

Webinar: Domain hijacking – a prevalent problem

The threat landscape is constantly changing as cybercriminals continually try to avoid detection, and increase the number of legitimate resources they can utilize. Recently domain hijacking has become more prevalent. Every day this year, Spamhaus has observed over a 100 hijacked domains at one single domain registrar.

Tapio Särkelä

Mint Security to resell Spamhaus services

Mint Security starts to resell and support Spamhaus’s services in Finland. Block lists provided by Spamhaus protect 3 billion mailboxes every day. Spamhaus also operates in DNS services and BGP routers.


contact us

Please do contact us. We most likely respond faster than you thought,