Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP) Firewall
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
abuse.ch Real Time Feeds - coming soon
Actionable data signals on cyber threats, with a focus on malware and botnets, to strengthen threat investigations, detections, and help prevent data breaches.
Integration | MDaemon
Block over 99% of email-borne threats with Spamhaus’ real time DNS blocklists and MDaemon® Email Server.
Integration | Halon
Safeguard your email stream using Spamhaus’ real time DNS blocklists and Halon’s secure email infrastructure.
Integration | Messageware
Enhance Microsoft Exchange protection by blocking malicious IP addresses from connecting to your on-premise server in real time.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Exploits Dataset Statistics
View the geolocation, hosting network, malware names associated with each detection, and other critical data points.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
abuse.ch Threat Intelligence Feeds – coming soon
URLhaus, MalwareBazaar, ThreatFox, YARAify, Feodo Tracker and Sandnet enrich CTI feeds and support vulnerability mangement.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find a partner
Discover our partners and how they can support you.
Become a partner
Learn about the benefits of being a Spamhaus partner and how to get started.
Discover a wide range of blog posts, case studies and reports.
Spamhaus’ insight into malware, botnet C&Cs, and the domain reputation landscape.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
The Reputation Portal
A tool for ASN owners to get visibility of their IPs’ reputation and proactively manage listings.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by on 11 Oct 2023
The Hash Blocklist (HBL) is a formidable dataset to have in your email filtering arsenal. Highly regarded for its real time, automatic protection against malicious email content - today, it grows even stronger, with the inclusion of malicious and suspicious URLs. Discover how this enhancement will provide even better catch rates, for even more protection.
In today’s digital landscape, sharing content via URL is just as common as sharing a file. This presents a big opportunity for cybercriminals. By tapping into this well-utilised communication method, vast amounts of malicious content are being shared, using online file storage providers, URL shorteners, and URL redirectors.
Yet, millions of people worldwide use the same URL services for legitimate purposes. So, for those tasked with the security of email infrastructure, this presents a challenge: to effectively block malicious content, without inadvertently blocking legitimate users too.
So, how can you maintain accuracy in content filtering without drowning in a sea of false positives?
For those unfamiliar with the Hash Blocklist (HBL), it’s a list of cryptographic hashes derived from malicious content. It enables users to accurately block using specific email components, such as compromised email addresses, cryptowallets, malware files… and now both malicious and suspicious URLs!
The Hash Blocklist is an important piece of the email protection puzzle. Not all traffic can be safeguarded by using IP data, or even domain data. For example, emails from large ESPs, or emails containing malware files.
URLs have a similar challenge – as mentioned above. Filtering by IP/domain isn’t going to protect against an email containing malicious content. Why not? Well, if the domains or IPs of large providers were listed on a DNSBL then you’d block vast amounts of legitimate traffic. Imagine the carnage that would ensue by blocking drive.google.com! *shudders*
A more targeted approach is required. The policy associated with the URL component of the Hash Blocklist indicates that any URL Spamhaus observes as being unsafe, is to be listed. This includes online file storage providers (e.g. drive.google.com/example), URL shorteners (e.g. bit.ly/example), and URL redirectors.
When Spamhaus observes a URL that’s associated with malicious or suspicious content, the URL is assigned a hash – a unique 30+ character string used to identify the content. The URL can then be blocked based on this unique hash. But URLs come in all shapes and sizes.
For example, one technique used by malicious actors is to include the recipient’s name in the URL, so it seems more compelling to click on. While listing a URL in its raw format could protect one user, it’s much more efficient to create a standard form for each URL by normalizing the data. This improves catch rates and makes querying more efficient.
To create uniformity and increase its breadth of protection, Spamhaus uses four algorithms to normalize URLs. To ensure queries match the listed hash, users must also normalize their URLs in the same way.
For those using the SpamAssassin plug-in, this configuration to normalize URLs has already been implemented. So just make sure you’re using the latest version, and you’ll be set to go – see here.
For RspamD users, this update will soon follow, so keep an eye out.
To take advantage of this enhancement, already included in your subscription, there is some configuration work. Details can be found here. If you don’t have time to get this into your dev cycles straight away, don’t worry! Your current HBL implementation will continue to be effective, just without the additional protection against malicious URLs.
Gain access to Spamhaus’ Content Blocklists -including both Domain and Hash data – as well as IP Blocklists. Access is free for 30 days, without the need for a credit card to trial – simply sign up via this form, alternatively contact one of the Spamhaus team.
If you’re still wanting to learn more, read about the value of our content blocklists, or find out what additional components are available on the Hash Blocklist.
It’s safe to say that the Hash Blocklist is already one of our most loved blocklists – with one customer sharing, “This [Hash Blocklist] is a game-changer. It’s the biggest single effectiveness improvement we’ve had in 10+ years, all for a simple one-off implementation”, Manager, Global Cybersecurity Software Provider.
With this latest addition to the Hash Blocklist, you will maintain filtering accuracy, block harmful content, and help safeguard your email infrastructure from malicious URLs.
No matter where your knowledge and expertise lie across cybersecurity, it’s well-acknowledged that having different sources of data is advantageous. And with that, compatibility is key for customers, for ease of use. So, a special thank you to SURBL, for supporting us to build this enhancement as a compatible solution.