Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About
Back to Previous Page

Blog

A new dataset is available via the Spamhaus Intelligence API

Posted on
June 30, 2021 Author
Sarah Miller Read time
2 mins

APISpamIP Reputation

In this guide

IntroductionWhat is the Spamhaus Intelligence API (SIA)?What is the extended CSS (eCSS)?What else is available via SIA?How do you access the eCSS?
Introduction

Introduction

Spamhaus has released the extended CSS Blocklist (eCSS) and made it available via our API service.  This provides users with additional insights relating to compromised and malicious IP addresses.

What is the Spamhaus Intelligence API (SIA)?

The name gives it away – it’s an API that’s easy to integrate with existing systems, which delivers enhanced IP reputation data. This metadata gives increased visibility and context to users, speeding up investigations and accelerating reporting relating to IP addresses.

Red Sift Open Cloud utilizes SIA to help their customers rapidly classify potential threats, enabling them to dramatically reduce the amount of time spent analyzing reports. Read more.

What is the extended CSS (eCSS)?

This dataset is specific to SMTP traffic, i.e., it only lists port-25 based detections. The focus is on spam and other low-reputation sources. Our researchers list IPs on this dataset if they observe any of the following behavior:

  • Sending bulk unsolicited email
  • Having poor email marketing list hygiene
  • Sending out malicious emails due to compromised accounts, web forms, or content management systems (CMS)

The eCSS contains between 300,000 – 1.5 million listings, with up to 285,000 new listings added every 24 hours. Not only can it be used by abuse desks for remediation, but, given its SMTP focus, senders can utilize it from a reputation perspective too. Additionally, receivers can use the CSS to take a deeper dive into the reasons behind a listing on the CSS blocklist.

What else is available via SIA?

A dataset called the extended eXploits blocklists (eXBL) is also included. This lists IP addresses belonging to any device showing signs of compromise and includes the Internet of Things (IoT) traffic. Listings on the eXBL result from:

  • Malware infections
  • Trojan infections
  • Worm infections
  • Devices controlled by botnets command and controllers (C&Cs)
  • Third-party exploits, such as open proxies.

This dataset on average contains 7.5 million listings, with up to 75,000 newly observed IPs added every 24 hours.

How do you access the eCSS?

If you’d like to trial this data via SIA, you can sign up here. Alternatively, for those who would like an opportunity to experiment with our data over an extended period, sign up for our free Developer License, which gives six months of access to these datasets without any charge.

Related Resources

APISpamIP Reputation
Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon