Spamhaus’ intelligence contains context-rich metadata relating to IP and domain reputation. Integrate this data via API with your applications to enhance existing data, or consume as an independent data source.
Access to numerous API calls returning actionable data to expose different types of reputation signals.
Ability to query only what’s relevant to your use case, without the need to download large files.
Investigate with world-class intelligence, providing rich, reliable and timely contextual insight.
Easily access numerous signals that contribute to the reputation of IPs and domains, including botnet command and controllers (C2s). Derived from the 24/7 analysis of billions of datapoints, this data has multiple applications.
In this easy-to-consume format, the API can be used for threat hunting and investigation, risk scoring, customer vetting, validation and much more.
Why are there two different names for the data?
Our datasets have been supporting users for a very long time. With new users requesting our support, the dataset names are being updated for clearer understanding. We’re documenting two names, for now, to best support all users.
Gain a clearer understanding of the context and risk associated with individual IPs, and domains with Spamhaus’ context-rich metadata — enrich existing data sources or query the data directly.
Seamlessly pivot through context-rich metadata including active botnet C2 IPs, exploited and exploiting IPs, malicious and suspicious email traffic, and all domains observed by Spamhaus.
Access metadata including senders data, nameserver reputation, A Record reputation, correlated related domains, listed Hostnames, and malware.
Dataset contains approximately 800 – 1,500 entries, with live updates every minute, and up to 50 new detections every 24 hours.
Easily enrich your threat intelligence with reputational data on various internet identifiers, including active botnet C2s.
Suitable for organizations with mature security operations, the API (with download capability) integrates with SIEMs, SOCs, and other security or reporting applications.
Define and configure data ingestion to meet your specific requirements, and enhance your threat detection and response.
Access context-rich metadata from active botnet C2 IPs, to exploited and exploiting IPs, malicious and suspicious email traffic, and all domains observed by Spamhaus.
Quickly identify reputation issues and detect signs of malicious activity by monitoring IP and domain reputation with rich contextual data for validation and diagnosis.
The real-time signal provides early warning of potential problems, helping teams stay compliant, resolve issues before they impact deliverability and protect the overall integrity of your email infrastructure.
Build a comprehensive picture of potential customers with real-time and historical context on their IPs and domains.
Monitor access to mailboxes and control panels to detect threats early, allowing for proactive mitigation.
Review key elements of campaigns - such as sender reputation and domain history - before sending to ensure better deliverability.
Getting started is simple, complete this form and submit. There’s no requirement for credit card or payment details for the trial.
What happens next?
First, you’ll sign up for an account, then create an API user profile. After your API user profile is set up, you can generate a token through the authentication API.
Need help?
If you have any questions, please add them to the comments box on the sign up form. Once you gain access to the data, technical support is available via our Customer Portal.
How can I purchase the data?
During your free trial, you can request a quote in the Customer Portal to get the subscription cost based on your setup. You can also enable trials of additional datasets via the Customer Portal.
Get a free 30-day trial of Spamhaus Intelligence via API. No credit card details required.
Integrations
The API has multiple applications across many specialist areas. Here are some examples of how different users can benefit:
Threat analysts – increase your understanding of security events and alerts relating to IPs and domains to more effectively prioritize and report.
Product Managers – enhance existing data pools to provide additional validation points to increase customer confidence in vulnerabilities and threats.
Email Service Providers – keep your network clean by using this data to perform in-depth vetting of potential customers. Build a comprehensive picture with a vast number of domain and IP signals.
A free six-month Developer License is also available, giving you limited access to the data to explore its potential.
Data Access
High-impact data, dedicated to malware indicators, from a globally diverse, knowledge-rich community. Access enterprise-grade intelligence, with reliability and scale, to enrich, hunt and track with clarity and confidence.
Data Access
A simple API supporting a variety of query types to discover historical, and up-to-the-moment, DNS infrastructure connections from Spamhaus’ Passive DNS database with up to one year of historical data.
Data Access
Incremental synchronization of binary and contextual datasets to local servers, including access to our entire binary DNS blocklist data. Efficiently transfer data by only copying changes between the source and destination.