Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP)
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find a parter
Discover our partners and how they can support you.
Become a partner
Learn about the benefits of being a Spamhaus partner and how to get started.
Discover a wide range of blog posts, case studies and reports.
Spamhaus’ insight into malware, botnet C&Cs, and the domain reputation landscape.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
The Reputation Portal
A tool for ASN owners to get visibility of their IPs’ reputation and proactively manage listings.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Using Spamhaus' free legacy blocklists? Suddenly having problems with emails? You can switch to the Data Query Service to avoid further issues.
To stop its Public Mirror infrastructure from being abused, the Spamhaus Project will block queries if usage is outside their Fair Use Policy, e.g. if they come via a public/open resolver, or a user makes an excessive number of queries.
The Project is introducing two error codes to provide a clear signal that there is an issue to users. Users will experience problems if their email infrastructure isn’t set up correctly to parse error codes.
Answer these two questions:
If the answer is “yes” to both, you are likely getting an error code because you are using a resolver with non-attributable DNS. Keep reading below to find out how to fix the problem.
If the answer is “no” to #2, then check the section opposite.
The Project’s Public Mirrors exist to help small independent businesses, schools, and non-profit organizations safely filter their email at no cost. See their Fair Use Policy.
Unfortunately, some users take advantage of a public resolver’s anonymity and use the Public Mirrors for large-scale queries. As a result, queries made via a public/open server may be blocked, returning the result: “NXDOMAIN” (non-existent domain), i.e., no query you run via a public resolver returns a “listed” result.
For further information, read Successfully accessing Spamhaus’ free blocklists using a public DNS.
Many users are unaware their email stream isn’t protected when querying via a public/open resolver. To provide a clear signal of an issue, the Project is introducing the error code: 127.255.255.254.
If users don’t have their email infrastructure set up to parse error codes correctly, they will experience problems with their email stream.
The Spamhaus Project has been planning this for some time and has published several articles introducing these error codes.
The Project Team has been slowly rolling out the introduction of these error codes to ensure they can assist users who are struggling with their email configuration.
You have two options:
To understand how functionality compares between the different Spamhaus DNSBL offerings, take a look at this table.
If the answer is “yes” to both, you are likely getting an error code because you are making an excessive number of queries to the Public Mirrors. Keep reading below to find out how to fix the problem.
If you don’t believe that either of these newly introduced error codes is why you are experiencing issues, contact the Spamhaus Project directly.
The Project’s Public Mirrors exist to help small independent businesses, schools, and non-profit organizations safely filter their email at no cost. They are not suitable for commercial organizations or large query volumes.
Where users take advantage of this free service and are regularly outside the Fair Use Policy, the Spamhaus Project may return “NXDOMAIN” (non-existent domain), i.e., none of your queries will return “listed” result.
Many users are unaware their email stream isn’t protected when they’re outside the Fair Use Policy. To provide a clear signal of an issue, the Project is introducing the error code: 127.255.255.255.
You can trial the blocklists for free for 30-days. You will get access to additional blocklists and all queries will be real time.
IP addresses that have been observed to be involved in sending or hosting spam, including hijacked servers and computers infected with botnet malware. These are the longest established blocklists in the industry.
Constantly updated content-based lists including the Domain and Hash blocklists. These use multiple sources to define whether the entity is involved in malicious activity, or whether it is hosting or sending harmful content.
To continue using Spamhaus blocklists via a public resolver sign up for the free Spamhaus Data Query Service.
22 September 2022
Are you currently using the Spamhaus Project’s DNS Blocklists (DNSBLs) and use Amazon Web Services' DNS? If you've answered "yes" to both of these questions, you need to make some changes to your email infrastructure.
26 July 2022
This quarter botnet C&C activity reduced slightly, and operators within the LatAm region appeared to be getting control of newly observed botnet C&C abuse, but two well-known global network operators struggled to get to grips with continuing abuse.
17 January 2022
Are you currently using the Spamhaus Project’s DNS Blocklists (DNSBLs) and use Cloudflare’s DNS? If you've answered "yes" to both of these questions, you need to make some changes to your email infrastructure.