Spamhaus logo
  • Protecting email
  • Protecting networks, firewalls and DNS
  • Protecting BGP

What we do

Spamhaus Technology delivers continuously updated data feeds worldwide; for individuals, businesses of all sizes, government departments and civic organizations. These data feeds effortlessly provide email administrators and security teams with threat intelligence so that you can block suspicious inbound email, providing a robust first line of defense.

Keep ahead of the threat

By identifying spammers, bot herders and cyber criminals, Spamhaus protects three billion mailboxes worldwide, every day. Reputation-based threat intelligence – an essential element of multi-layered security.

Email is mission critical to all businesses and organizations, retaining a unique position as the most common communication tool across the internet. However its widespread use makes it a key channel for cyber criminals to take advantage of your data, your money and your networks. For more than a decade we have been helping organizations protect against such activity through our reputation-based threat intelligence.

You need to trust your connections online and with Spamhaus data, you have a first line of defense advising you of the reputation of email entering your network.

Spamhaus - features

For whom is this

  • This is for companies who run their own email infrastructure – in whole or in parts. 

What is supported

  • Various email-servers and email components

Product description and contents

IP Reputation Intelligence

IP addresses observed to be involved in sending or hosting spam, including hijacked servers and computers infected with botnet malware.

Spamhaus ZEN combines the power of all IP data sets into a single block list.

Spamhaus Block List – SBL

IPs identified to Spamhaus’ best ability as likely:

  • Direct spam sources,
  • Spammer hosting/DNS
  • Spam gangs
  • Spam support services.

Filters out a significant majority of email threats before they have a chance to access your network. More time for you and your security team to focus on in-depth analysis and investigation.

Exploits Block List – XBL

IP addresses hosting:

  • Bots
  • Malware-infected computers.
  • Automated tools observe SMTP connections for spamtrap and production mail servers in near-real-time to find characteristic patterns of malware or botnet-infected computers.

Cyber criminals exploit and hijack legitimate networks so with XBL you can block email traffic from what might first appear to be a trusted source.

Policy Block List – PBL

IP address ranges for end-user devices from which email should never be sent:

  • IoT devices
  • Home routers
  • Smart TVs

The PBL lists IPs not because they are actively sending spam, but as a pre-emptive measure to prevent spam from networks that should send no email at all.

There’s been a massive growth in IoT devices but not all are secured correctly. Keep connected to IoT devices for their intended purpose while blocking unwanted email traffic.

Domain Reputation Intelligence

Constantly updated domain-based threat intelligence to block email from a low reputation/malicious domain or when an email includes a suspect domain.

Domain Block List – DBL

  • Domains owned by spammers and used for spam or other malicious purposes.
  • Domains owned by non-spammers, used for legitimate purposes, but hacked by spammers.

Includes basic spam, phishing, malware, botnet C&C and redirector domains.

Domain based block lists complement IP-reputation threat data based on a sender’s reputation. Extra protection because even if a spammer has used a clean IP, domain block listing identifies low reputation or malicious domains in the email message.

Zero Reputation Domain – ZRD

Cyber criminals use newly registered and active domains to send spam and drive traffic to harmful websites hoping to claim victims before a domain has been analyzed.

ZRD automatically adds newly-registered and previously dormant domains to a block list for 24 hours.

Legitimate organizations will rarely activate a domain and start using it immediately after registration. ZRD prevents clicking on links and visiting domains until it is established that they are not associated with malicious activities.

SpamHaus DNS Firewall

For whom is this

  • This is for companies who run their DNS infrastructure
  • This is for companies who run their own firewalls 

What is supported

  • Bind
  • Various firewalls

Product description and contents

Protect your network – DNS

Every time a user or IoT device makes a connection using the domain name system (DNS) to access websites and domains there is a risk of connecting to a malicious domain.

When a client initiates a query on a Deteque enabled name server, each step of the recursive DNS lookup process is analyzed. If Deteque identifies a security risk, access to the threat is blocked.

You can protect your network and users from connecting to bad domains, and the potential risks associated with them including cyptojacking, malware and fraud. In addition you can block Command & Control bots from communicating with infected devices on your network.

Spamhaus BGP Firewall

For whom is this

  • This is for companies who work with BGP – telcos, service providers and large enterprises 

What is supported

  • BGP-routers

Product description and contents

Border Gateway Protocol

It will take just a few minutes to configure your edge router to peer with a Deteque BGP router and a null route. This will allow you to block all communication to, and from, botnet Command & Control servers, neutralising botnet nodes within your network and stopping data egress, even if devices are still infected with malware.

BGP data feeds are an additional layer in your network security defences. They block connections to internet protocols (IPs) involved in the most dangerous cybercrime and DDoS attacks, protecting your organization’s servers.

For whom is this

  • This is for companies who need to integrate knowledge in their solutions, ex. developing IAM-solutions or other solutions where threat knowledge can add value 

What is supported

  • API

Product description and contents

The API is accessible with the Data Query Service Key. Customers can use this API to check anything that submits an IP or domain over the internet against against Spamhaus data. The API supports JSON and HTML data.

The API end point is located here:

For more information:

Spamhaus Passive DNS

For whom is this

  • This is for security teams, forensics teams and it-teams who need or want to investigate 

What is supported

  • All common browsers
  • Integration into Splunk due for release 1st half 2020

Product description and contents

Data points are combined from across the globe, illustrating in real-time when and which host names have been resolving to which IP addresses.

This constantly updated dataset provides you with the intelligence and power to comprehensibly build up a picture of potential threats that you couldn’t gain from a single network.

Passive DNS enables you to uncover patterns of malicious activity from networks across the world. This global threat intelligence provides an effective boost in your security information and event management (SIEM) and security analysis.

The UI is simple and effective, like ”Google” for DNS data.

Featured blogs

ota yhteyttä

Pyydä rohkeasti lisätietoa. Vastaamme todennäköisesti nopeammin kuin osasit kuvitella.