Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

Frequently
Asked
Questions

Frequently asked questions about our solutions and data. If you can’t find what you’re looking for, get in touch below - we’re happy to help.

Categories

abuse.chBorder Gateway Protocol (BGP)Botnet C2 IPsBotnet Controller ListData Query ServiceDNS BlocklistsDNS FirewallDo Not Route or Peer (DROP)General account questionsGeneral terminologyHighly malicious networksListing removalsPassive DNSReputation PortalResponse Policy Zones (RPZ)Sharing data with Spamhaus
Spamhaus Intelligence APISpamhaus Intelligence API - Developer License

FAQs | Spamhaus Intelligence API

Spamhaus Intelligence API

  • Are domains categorized as phishing, malicious, or malware, or do you only allocate a score?

    Yes. In addition to the reputation score, relevant domains may be categorized with one of the following tags: “abused,” “adware,” “botnet,” “botnetcc,” “cdn,” or “compromised.”

    You can find more information here: https://docs.spamhaus.com/sia/docs/source/10-API-Interface/310-Domains.html#tag-list.

  • Does a reputation score of 0 mean a domain is neutral?

    Yes, the domain is rated as neutral.

  • Do you get denied access to Spamhaus Intelligence API after the query limit has been reached?

    There are two query limits: Soft and hard. The soft limit will generate a warning email. The hard limit will prevent access. Further information can be found in our technical documentation.

  • How can you track query volumes in the Spamhaus Intelligence API?

    This is done via an API call as detailed in our technical documentation.

  • How do I access the beta Domain Reputation Dataset via the Intelligence API?

    Update: We are no longer accepting applications for the beta Domain Reputation Dataset.

    Apply to access the beta domain data via this form.

    One of our team will be in touch to set up your access. Once you’ve received confirmation that access has been enabled, you can log into the customer portal and create a user profile.

  • How low can a reputation score be?

    There is no limit. However, +/—50 would indicate a very good/bad reputation.

  • Is a domain with a reputation score of -50 or 50 considered malicious or non-malicious?

    No. The score is based on a summary of IOCs and signals and is a measure of reputation, not maliciousness.

    Therefore, a score of -50 indicates that a domain has a very poor reputation. The reason that reputation is poor will depend on the IOCs and metadata associated with that entity. For example, it may be due to phishing if the metadata collected implies this.

    Poor reputation can also be achieved by association, e.g., with negatively rated domains, ASNs, registries, etc. Again, these are signals rather than conclusions of malicious activity.

    It’s also important to note that not all entities will have IOCs from the same sources. For example, a reputation score of 10 from the dimension “human (research)” is proportional with what we know when we allocate the score based on available sources. If another domain has a score of 10, but this time from the “identity” dimension, it will be in line with what we know at the time, based on the sources we have. i.e., it is not meant to be conclusive evidence of good or bad.

  • Is Spamhaus Intelligence API a monthly or yearly subscription?

    It is a yearly subscription.

  • Is there a threshold for classifying domains as malicious or non-malicious with a 99% certainty to reduce false positives?

    For email, a reputation score of -5 would mean a domain is listed, and when used by organizations that filter and block email, this domain would be blocked.

    However, in cybersecurity, you are dealing with levels of risk. As the reputation score is unrelated to whether the domain is benign, suspicious or malicious, it is more difficult to allocate a score threshold related to definitions or grades of maliciousness. You would need at least two fields to get a maliciousness score – for example, the reputation score and a tag associated with malicious behavior.

    Here is an example:

    Domain: example.com

    Score: -6

    Tags: malware

    A score of -6 is not automatically malicious. A tag of “malware” does not necessarily mean it’s malicious either, as many large service providers have tags such as “malware” or “phishing” associated with their domain. At a minimum, you would need both fields to determine, within your own business, a threshold score defining malicious domains while minimizing false positives.

  • Is the Spamhaus Intelligence API a stand-alone product or does it require in-house development?

    Customers will be able to plug the Spamhaus Intelligence API (SIA) into a SIEM device, however, they will need to develop a connector of some type unless the SIEM can make API calls natively.

Need Help?
Get in touch

0

Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.

I agree to receive other communications from Spamhaus.

Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon