What is Spamhaus’ Rsync?
Rsync provides users with full control to host Spamhaus datasets locally by synchronizing the files directly to your infrastructure. It transfers data efficiently by sending only the changes between the source and destination, enabling frequent and incremental updates. This makes it ideal for those needing to handle queries in-house, or perhaps distribute updated data internally while maintaining a local copy.
What is the Malicious Domain Intelligence dataset?
Delivered in JSON format, this dataset contains domains and hosts from the Low Reputation Domains Dataset (Domain Blocklist, DBL), with the added benefit of contextual metadata. This includes domains associated with phishing, spam, malware, botnet command and controllers (C2s), and redirector domains.
Each domain record has rich intelligence, including:
- Domain Score: reputation assigned by Spamhaus
- Registrar Information: registrar responsible for the domain
- First listed: date and time domain first listed
- Last seen: date and time domain last seen
- Expiry: date and time domain listing will expire
- Tags (where available): categorization based on behaviour. This includes malicious activity such as spam, phishing, malware and general activity like transactional, educational, and corporate.
Who can use the dataset?
This dataset has a wide range of applications, from supporting investigations and malware research, to enriching threat-intelligence workflows, and assisting with malicious domain or URL takedown.
With such a wide range of use cases, we recommend speaking with our technical support team to explore the benefits of how the data can support your exact needs.
What other data is available via Rsync?
You can access our entire binary DNS blocklist data and more - including:
DNSBL:
- Bruteforce IPs (Authentication Blocklist - AuthBL)
- Email Spam IPs* (Combined Spam Sources - CSS)
- Low Reputation Domains* (Domain Blocklist - DBL)
- Low Reputation Resources (Hash Blocklist - HBL)
- Malware Domains* (Malware Domains)
- Non-mail Emitting IPs (Policy Blocklist - PBL)
- Malicious Network Ranges (Spamhaus Blocklist - SBL)
JSON:
- Compromised IPs* (Exploits Blocklist - XBL)
- Highly Malicious ASNs (Don't Route or Peer - ASN) (ASN-DROP)
- Highly Malicious Networks (Don't Route or Peer - DROP)
*Includes contextual data.
How do you access the dataset?
If you’d like to trial this dataset via Rsync, you can sign up for a free 30-day trial here. Already an Rsync customer? Please contact your Account Manager, who will enable access to trial the data.