X

Have you been blocked?

All blocklists are researched and managed by The Spamhaus Project.

Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.

Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.

Visit Spamhaus Project
X

Hi

It looks like you already have an account with us.

Thanks for applying for the Developer License. This service can be applied for directly from your account on the Customer Portal.

Click on the link below, log into your account, and you will be automatically directed to the Spamhaus Intelligence API product page.

Log into account

Increase your data coverage and understanding with rich, contextual, reputation intelligence. This expansive signal supports security teams with risk detection, incident response, and proactive threat research. Offered in API format, adapt this data to your needs and assess its value.

A Spamhaus Developer License is automatically offered free for 6 months, without commitment or expectation. All that’s required is quick feedback, once you’ve tested, to influence enhancements.

Put the data through its paces, experiment in your test environments, and get problem-solving!

Latest Data Release

URLhaus data - BETA release

Spamhaus’ trusted partner, abuse.ch, is one of the most well-regarded malware and botnet command and controller (C&Cs) data specialists globally. Recognized among security vendors and analysts, network administrators, and researchers, its URLhaus dataset provides metadata on URLs that are being used for malware distribution.

This intelligence is constantly validated to identify which URLs are active, ensuring the data remains up to date and relevant. Signals included with the Developer License cover various internet entities, including URLs, domains, malware families, IPv4 addresses, ASNs and hashes. Combine this targeted malware data with the context-rich IP and domain metadata from Spamhaus to enhance your investigations.

Read the blog Technical Documentation

Additional data available via API

BCL

Botnet Controller Dataset

Contains single IPv4 addresses only – being used to host botnet command and controller servers (C&Cs). No inbound or outbound network connections should be made to these IP addresses under any circumstances.

This dataset contains approximately 300 – 1,500 entries, with up to 50 new detections every 24 hours.

DBL

Domain Dataset

This dataset provides metadata on every domain observed and analyzed by our researchers.

Metadata relating to each domain is provided, including reputation areas to strengthen, domain contexts, nameserver reputation, A Record reputation, correlated related domains, listed Hostnames, and malware.

XBL

eXploits Dataset

Focuses on exploited or exploiting devices. Our research team lists IP addresses showing indications of malware, Trojan or worm infections, devices controlled by botnets command and controllers (C&Cs), along with third-party exploits, such as open proxies.

This dataset, on average, contains 2 million entries, with 650,000 new detections relating to exploit IPs every 24 hours.

CSS

Combined Spam Sources Dataset

Specific to SMTP traffic, only listing port-25 based detections. Potential triggers include unsolicited emails, having poor email marketing list hygiene, or sending out malicious emails due to compromised accounts or content management systems (CMS).

This dataset contains between 300,000 – 1.5 million entries, with up to 285,000 new listings added every 24 hours.

More dataset information

How does this work?

Sign up for an account and create a user profile. From there, a Spamhaus Intelligence API token will be generated for you to start testing. As a Spamhaus Developer License user, you will:

  • Gain free access to Spamhaus Intelligence API for 6 months.
  • Have up to 5,000 queries per month.
  • Increase query volumes - available on request pending use case.
  • Ability to renew after expiry for ongoing needs, where applicable.
  • Feedback to directly influence the development roadmap.
  • Gain early access to new data releases.

What data do I get access to?

Spamhaus Intelligence API

The Spamhaus Intelligence API (SIA) gives you access to a variety of metadata signals, covering:

– URLs used for malware distribution

– Botnet command and controller IPs

– Exploited and exploiting IPs

– All domains observed by Spamhaus

– IPs relating to SMTP traffic with poor reputation

Derived from the 24/7 analysis of billions of data points and accessible from a single source, this data feed has multiple applications. Integrate into your existing infrastructure, including threat intelligence platforms, manual investigation tools, customer vetting operations, websites, and reporting mechanisms.

  • Access to context rich metadata enabling you to answer “what” and "why" quickly, to pinpoint areas of interest and rapidly respond.
  • Ability to query only what’s relevant to your use case, without the need to download large files.
  • The REST API using JSON format makes tailored insight easy to access and integrate across multiple applications.
  • Investigate with world-class intelligence, providing rich, reliable and timely contextual insight.
Visit Page

Spamhaus Developer License for Spamhaus Intelligence API

FAQs