Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP)
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find out who we work with and how you can become a Spamhaus Partner.
Discover a wide range of blog posts, case studies and reports.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
In depth information about the technical details and implementation of our products.
Posted by on 11 Sep 2018
If you are looking to protect your users, customers and IoT devices from connecting to malicious sites via a domain name system (DNS) firewall you have multiple choices. Here are key questions to ask your potential DNS Firewall provider (and yourself!) to ensure you make the right choice for your business's needs.
Let’s start with the basics; currently, there are 3 different ways to deploy DNS Firewall:
Be certain to look at this implementation holistically and consider the ‘big picture’. Ensure you choose a solution that meets your needs, and not simply one that is the fastest to install. Key elements to consider are:
Cost is always a key factor when looking at purchasing new services or hardware. Consider if you have (or need to make a business case for) capital budget, or are wanting a solution which can fit into your operational budget, on a subscription basis.
Remember that some on-premises solutions and direct DNS data feeds both have a more complex set-up (see #1). Having said this, you will be rewarded for your efforts by having a large amount of control, both in terms of the different data feeds you utilize, and instant access to your redirect/block information.
Organizations need to have the flexibility to assess the amount of risk they want to take. Question if you are able to pick the data feeds (i.e. the threat intelligence that’s being used to block/redirect on your network) that provide the right level of security for your business requirements.
Some industries e.g. financial and healthcare services require additional levels of security so they may want to have a strong focus on policy-based data feeds. On the other hand, if you need to be less risk adverse e.g. those managing end-user networks, you don’t want to have to pay for feeds that you don’t use.
Furthermore, there are organizations who require multiple levels of security across different areas of their network, for example, academic institutions will require a different level of protection for students compared to that of the staff.
Cybercriminals use a range of techniques to extort information, and ultimately money, from their victims. Your DNS Firewall is only as good as the threat data it receives to block connections. These feeds need to be diverse and well researched, protecting you against as many malicious domains as possible. Furthermore your threat data needs to have a low rate of false positives, particularly across non-policy focused feeds.
Whether you go down the route of choosing an appliance or decide to configure your own DNS, you will need to source a supplier for the data feeds. Ensure it is someone who is well established in providing threat intelligence and draws data from a wide range of independent sources.
If a business critical domain is being redirected/blocked you need to be certain that you can make an exception to the policy decision of your DNS Firewall, so your business can continue to operate without disruption.
Timely threat intelligence is fundamental to countering cybercriminal activities across your network. According to a Ponemon Institute Survey, 37 percent of attackers quit if they can’t yield value after a period of 10 hours.
With this in mind, ensure that the data protecting you is delivered as continuously as possible: An update that occurs only every hour could fail to protect from the potential damage malware can do upon its initial release.
Whilst you can control most of what happens on your network, you can’t control what happens within your customer environment(s) or when employee devices are taken offsite, for example, working at a client’s offices, or from home.
Botnet Command & Controller (Botnet C&C) listings increased by a huge 32% in 2017 (read the full Botnet Threat Report). Given the upsurge in threats from this area, it is vital to be able to trace any infected devices on your network, to enable you to take rapid and effective action.
Establish with your DNS firewall provider how attempted access to malicious sources can be detected using DNS firewalls on your network. Remember to check if there is any need to install additional agents/software, which would lead to additional costs and complexity.
Having ‘control’ is fundamental to most IT security teams. The sooner a threat is flagged, the sooner relevant remediation can take place, be that for your customer if you are an ISP or Hosting provider, or your employee if you are an enterprise business.
On-premises open source software: Ascertain that any provider of Threat Feeds has multiple access points for their data. This will ensure that even if there is an issue with some of their servers you will continue to receive service from one of their alternative locations.
Why is this important? Well, because it is an opportunity to transform something negative i.e. a cybercrime into a teachable moment for the end-user.
A generic message only informs that a block/redirect has occurred:
The requested web page from has been blocked
However, a carefully crafted landing page which provides the end-user with ‘why’ they have been blocked and ‘how’ they can protect themselves in the future will positively contribute to increasing the ongoing security of your network. For further information and examples of “Ëœteachable moment’ landing pages, click here.
With such a huge growth in the DNS Firewall market over the past few years there are plenty of options to choose from. Simply (!) take the time to understand your business needs and carefully research what option meets them.
Applied at the DNS level of your infrastructure, these threat feeds automatically stop users from accessing malicious sites including phishing and malware dropper websites.
These threat feeds can be integrated with existing recursive DNS servers, or for those who don’t manage their own DNS, we have a managed service available.
14 September 2018
With the ever increasing demands on IT, security and networking teams, tools that reduce workloads, which don't cost the earth, are always welcome. One such tool is DNS Firewall. Find out how it works, and the benefits it provides.
29 March 2018
Global managed cloud provider Rackspace is protecting customers and improving connectivity by using DNS Firewall threat feeds to block malicious domain traffic and botnet activity. Find out the challenges they were facing and how they overcame them.
23 December 2016
Read how Spamhaus' DNS Firewall Threat Feeds helped a company block over 10,000 attempted botnet C&C connections to distribute malware.