With the latest Virus Bulletin (VB) results*, it's evident that there is a marked difference between the two blocklist services associated with the name "Spamhaus". With one scoring a final catch rate of 99.54% and the other 72.22%, we wanted to clarify the differences in these services. This way, you can ensure you're getting the most from Spamhaus data.

The legacy DNSBL service from the Spamhaus Project

The history – Researchers within the Spamhaus Project have been at the heart of IP reputation (and, latterly, domain reputation) since 1998. The wider internet community was part of the Project’s inception, i.e. like-minded individuals joined its Founder, Steve Linford, in observing, listing and sharing malicious IP addresses to help protect those using the internet. Naturally, it was an obvious choice for the Project to share its blocklists with non-commercial organizations for free.

The Project’s free DNSBLs were (and still are) shared globally via Public Mirrors, which at the time were generously donated by sponsors and partners of the organization. Email administrators must manually set up their email infrastructure to query these blocklists via a DNS zone, e.g. zen.spamhaus.org.

In-house, this service was (and is) referred to as the “Public Mirrors. However, if you’re using these DNSBLs, you’ll likely think of them simply as “Spamhaus’ DNSBLs”.

This service still exists, and billions of queries are made to the Project’s Public Mirrors every day. This is the service that is listed as follows in the VB report:

BUT, many users are unaware that this is a legacy service. There is a superior service available, with access to additional blocklists to increase catch rates, real time listings, increased flexibility and improved performance (and it’s still free to non-commercial entities).

Welcome to the Data Query Service

The history – Spamhaus Technology developed a service called the Data Query Service (DQS) for commercial entities, taking the Project’s data and making it accessible in a way that met the demands of commercial use. As this service evolved, they started to offer the DQS to non-commercial users for free on behalf of the Project, so its “Public Mirror” users could also benefit from the improved service.

The differences – See below for a quick reference to understand how each of the services compares.

Getting the most from the DQS with plug-ins

We recognize that IT teams have increasing pressures placed on them, and as a result, they don’t always have the luxury of being able to specialize in one area. To maximize the benefits users can get from the DQS, our engineers have created plug-ins for the two most popular open-source email filters; SpamAssassin & Rspamd. These free plug-ins provide configuration to immediately optimize our IP and reputation data to ensure users get the highest catch rates. It is this set-up that is used for the VB test below:

Where is the 27% difference in VB scores?

For those wondering what the primary reasons for the noticeable difference between the two scores are, here’s our engineers’ explanation:

  • Detection of abused legitimate websites hosting bad pages due to security problems.
  • Additional scoring to mails injected through known password hijackers via AuthBL.
  • Detection of domains that just appeared on the internet via ZRD.
  • Detection of bad email addresses, cryptocurrency addresses, and malware files via HBL hashes.
  • Detection of “hailstorm spam” campaigns through quickly rotating IPs and domains thanks to the real time feature.
  • Detailed analysis of headers and contents done by the plugin.

Isn’t it time to maximize your catch rates?

If you’re using the legacy blocklists from the Spamhaus Project, we strongly urge you to move across to the DQS. Reconfiguration takes minutes, and you will be able to download a personalized manual via our Customer Portal once you sign up for the service.

 

 

*Correct at time of publication.

Related Products

Data Query Service (DQS)

Spamhaus’ Data Query Service (DQS) is an affordable and effective solution to protect your email infrastructure and users.

Using your existing email protection solution, you will be able to block spam and other related threats including malware, ransomware, and phishing emails.

The service has never failed and utilizes the longest established DNSBLs in the industry.

  • Proactive & preventative
  • Save on email infrastructure & management costs
  • Actionable

Resources

Per evitare problemi, i clienti di LibraEsva dovranno aggiornare la configurazione delle liste di blocco Spamhaus

18 May 2022

News

Desideriamo informare tutti i clienti di LibraEsva che utilizzano le liste di blocco legacy gratuite di Spamhaus, disponibili su spamhaus.org (ad es. con query in “zen.spamhaus.org”), che questo servizio non sarà più disponibile a partire dal 1° giugno 2022.

View, request and manage IP & Domain removals from the Customer Portal

26 April 2022

News Technical Information

Spamhaus' commercial customers now have easy access to our IP and domain Reputation Checker via the Customer Portal.

Spamhaus Botnet Threat Update, Q4 2021

20 January 2022

Report

Q4 update on the botnet command and controllers our researchers are observing, including geolocation and who is hosting them.