Query DNSBLs in real-time with Spamhaus’ Web Query Service (WQS). Easily integrate email threat data into your infrastructure to prevent malicious activity. This data provides a quick, cost-effective way to understand reputation, giving a strong signal for where to focus your research, hunt or investigate.
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About
DNS Blocklists
via HTTPS
Query a wide range of real-time DNS Blocklists (DNSBLs) covering IPs, domains, and hashes (including malware files, cryptowallets, email addresses and URLs). Use for protection or get a quick, binary indication on whether an internet identifier is positive or negative in reputation.
Fast response
Low latency, high efficacy data to understand Internet identifier reputation with speed.
Immediate & trusted signals
Real-time updates with low-false positive rates.
No additional costs
Easily integrated into your existing infrastructure.
DNS Blocklist data via HTTPS
Why are there two different names for the data?
Our datasets have been supporting users for a very long time. With new users requesting our support, the dataset names are being updated for clearer understanding. We’re documenting two names, for now, to best support all users.
Datasets Included
Use cases for DNS Blocklist data via HTTPS
This real-time data has several applications, including protecting your email infrastructure, wider network, and users from email-borne threats, in addition to enrichment for threat intelligence tools and workflows.
Please note: This service provides real-time data and does not make available historic data. If you require this information, please trial via API here.
Threat Intelligence Enrichment
Email Compliance
Threat Intelligence Enrichment
Threat Intelligence Enrichment
Email Compliance
Blocklist data via HTTPS for Threat Intelligence Enrichment
Simply, this service provides a binary yes/no, listed/not listed response. Using HTTPS in JSON format, this data is very flexible. One common CTI use case, to keep query volumes down and reduce low-impact alerts, is a quick response on internet identifiers that might be of most concern, e.g. botnet C2 IPs.
On understanding whether the identifier is listed, you gain a clear indicator that further research should be conducted to get the full picture, and what the means for your company/clients. This keeps data costs low and the ability to pivot fast.
Proactive signals
Our Domain datasets and Non-mail emitting IPs (Policy Blocklist) can protect against threats before they are seen in the wild.
Flexible data
Supported across most programming languages, CTI platforms, and threat feeds. Quickly plug into your SIEM, detection systems, or custom pipelines.
Real-Time Retrieval
To support live threat hunting or continuous threat monitoring, where data ingestion can be automated.
DNS Blocklist data via HTTPS for Email Protection and Compliance
Using this binary data can provide significant value for high-volume email senders. It provides a trusted source to highlight suspicious activity before it impacts your reputation. You can follow this binary flag up with contextual data to build a bigger picture and determine the best course of action. Some examples of this are:
1. Analyse outbound messaging before it is sent. For example, a Marketing campaign with a bad URL can be flagged, or the associated domain.
2. Preventing/flagging mailing list signups if the IP of the signee comes back as listed in one of our DNSBLs.
3. Prevent/flag service signup for a domain that has zero reputation, or a negative/malicious reputation.
4. Checking on the current portfolio of domains to see if they are listed.
5. Checking the network's (sending or otherwise) IPs to see if they have been listed.
6. Checking IPs at login (mailbox, control panel, account)
Getting started
How do I start a free 30 day trial?
Simply complete the form and submit. No credit card or payment details are required for the free trial.
What happens next?
You’ll receive an email asking you to verify your address. If you haven’t already, you’ll be prompted to create an account.
Once verified, log in to the Customer portal to view your access key and follow the setup instructions provided in the manual.
Need help?
If you have any questions, please add them to the comments box below. Once you gain access to the data, technical support is available via our Customer Portal.
Technical documentation
Pricing and purchase
Ready to start
your free trial?
Get a free 30 day trial to query Spamhaus’ real-time DNSBLs via the Web Query Service (WQS). No credit card details required.
Frequently Asked Questions
Who can use the Web Query Service?
Threat Intelligence Enrichment - this service is relevant for Security Engineers, Product Managers, and IR Specialists.
Email Protection and Compliance - Email administrators and email engineers running their own mail transfer agent (MTA) or email infrastructure.
Explore more
Data Access
Intelligence API
Learn More Integrate context-rich metadata relating to IP and domain reputation to enhance existing data feeds, or consume as an independent data source. Gain additional intelligence to monitor, assess and remediate as required.
Data Access
Spamhaus Consultancy
Learn More Data-driven consultancy to help networks prevent and resolve email-related challenges. By utilizing our unique internal databases against specific behavior patterns, we provide tailored, data-driven reports and actionable 1:1 advice.
Data Access
Rsync
Learn More Incremental synchronization of binary and contextual datasets to local servers, including access to our entire binary DNS blocklist data. Efficiently transfer data by only copying changes between the source and destination.