X

Have you been blocked?

All blocklists are researched and managed by The Spamhaus Project.

Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.

Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.

Visit Spamhaus Project

Spamhaus has released the extended CSS Blocklist (eCSS) and made it available via our API service.  This provides users with additional insights relating to compromised and malicious IP addresses.

What is the Spamhaus Intelligence API (SIA)?

The name gives it away – it’s an API that’s easy to integrate with existing systems, which delivers enhanced IP reputation data. This metadata gives increased visibility and context to users, speeding up investigations and accelerating reporting relating to IP addresses.

Red Sift Open Cloud utilizes SIA to help their customers rapidly classify potential threats, enabling them to dramatically reduce the amount of time spent analyzing reports. Read more.

What is the extended CSS (eCSS)?

This dataset is specific to SMTP traffic, i.e., it only lists port-25 based detections. The focus is on spam and other low-reputation sources. Our researchers list IPs on this dataset if they observe any of the following behavior:

  • Sending bulk unsolicited email
  • Having poor email marketing list hygiene
  • Sending out malicious emails due to compromised accounts, web forms, or content management systems (CMS)

The eCSS contains between 300,000 – 1.5 million listings, with up to 285,000 new listings added every 24 hours. Not only can it be used by abuse desks for remediation, but, given its SMTP focus, senders can utilize it from a reputation perspective too. Additionally, receivers can use the CSS to take a deeper dive into the reasons behind a listing on the CSS blocklist.

What else is available via SIA?

A dataset called the extended eXploits blocklists (eXBL) is also included. This lists IP addresses belonging to any device showing signs of compromise and includes the Internet of Things (IoT) traffic. Listings on the eXBL result from:

  •  Malware infections
  • Trojan infections
  • Worm infections
  • Devices controlled by botnets command and controllers (C&Cs)
  • Third-party exploits, such as open proxies.

This dataset on average contains 7.5 million listings, with up to 75,000 newly observed IPs added every 24 hours.

How do you access the eCSS?

If you’d like to trial this data via SIA, you can sign up here. Alternatively, for those who would like an opportunity to experiment with our data over an extended period, sign up for our free Developer License, which gives six months of access to these datasets without any charge.

News

Related products

Spamhaus Intelligence API (SIA)

Spamhaus Intelligence API (SIA) contains context-rich metadata relating to IP and domain reputation. Integrate this data with your applications to enhance existing data feeds, or consume as an independent data source.

In this easy-to-consume format, SIA can be used for threat detection and investigation, risk scoring, customer vetting, validation and much more.

  • Save valuable time investigating and reporting
  • Simple and quick to access
  • Data you can trust in
Sign up for a free trial Learn more

Resources

Second beta release of domain reputation via API – increased actionable data

10 March 2023

Blog News

Beta users tested. They provided feedback. Our product development team listened and then moved heaven and earth to produce a much-improved API.

Learn more

Additional protection with an expanding CSS dataset

2 November 2022

Blog News

As of Wednesday, November 9th, the CSS dataset will start to grow. We anticipate the addition of 1.5 million listings over the next 4-6 months; that's approximately a 100% increase! Find out why and the impact to you in this blog.

Learn more

Increased performance and search capabilities for users of IP reputation data via API

28 October 2022

Blog News

Commercial or developer subscribers to any IP datasets via Spamhaus Intelligence API (SIA) will experience improved performance and search capabilities for this service.

Learn more