Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP) Firewall
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find a parter
Discover our partners and how they can support you.
Become a partner
Learn about the benefits of being a Spamhaus partner and how to get started.
Discover a wide range of blog posts, case studies and reports.
Spamhaus’ insight into malware, botnet C&Cs, and the domain reputation landscape.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
The Reputation Portal
A tool for ASN owners to get visibility of their IPs’ reputation and proactively manage listings.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by Sarah Miller on 6 Dec 2022
Malware threats such as Emotet and Qakbot are re-emerging, hitting global corporations hard. You only have to look to Spamhaus' Monthly Malware Digest to see the growing prevalence of these malware families. But what do these threats have in common?
Besides the fact that they both act as Initial Access Brokers, the operators of these botnets favor using compromised devices to host their botnet command and controllers (C&Cs) rather than dedicated servers.
These malware infections can ultimately lead to data exfiltration and encryption with ransomware. A fate no cyber-security specialist or network administrator wants to deal with. Here’s an effective and economical way to protect against them.
Organizations and network operators can peer with BGP feeds using existing equipment, meaning there is no additional capital expense to infrastructure costs, making this a cost-effective solution. Even if you don’t own an ASN, Spamhaus supports the use of private ASNs to establish sessions with our BGP Feeds.
You can apply this threat intelligence to any router or modern-day firewalls like CISCO, Sophos, or Fortinet. These feeds are lists of IP addresses that effectively stop malicious traffic from compromised devices within your network perimeter communicating with external botnet C&C servers. Blocking this traffic at the network level prevents spam campaigns, loss of data, and encryption. Read The Beginner’s Guide to BGP to better understand how these communities/feeds work.
Until recently, Spamhaus has provided BGP feed subscribers with access to the following three BGP communities to use with firewalls or routing equipment, blocking malicious traffic:
To protect against threats such as Emotet and Qakbot, we now have a fourth: Botnet Controller List (BCL) – Compromised.
Most threat actors host their botnet C&C infrastructure on dedicated hosts, which serve no other purpose than controlling botnets. Through our BCL – Dedicated feed, we provide protection against this infrastructure.
Currently, however, some of the most dangerous and dominant threats (such as Emotet and Qakbot) rely on compromised devices, usually on residential internet lines, to host their botnet C&C infrastructure. Additionally, operators of these botnets rely entirely on direct IP communication, not using any domain names. This means they bypass existing security mechanisms, such as DNS Firewalls (Response Policy Zones).
This newly introduced BGP feed BCL – Compromised closes this gap in your security defense, protecting against malicious traffic to compromised hosts acting as botnet C&C servers.
Recently, we became a partner with abuse.ch, and one of their platforms, Feodo Tracker, tracks and validates botnet C&C infrastructure connected to the top malware threats. It provides reliable, validated data on botnet C&C infrastructure used by the likes of Emotet and Qakbot. Spamhaus has expanded its existing BCL datasets and made this dataset available via our BGP feeds, increasing protection for our users.
Consumers of this data via Spamhaus get access to technical support, a robust service, and quick resolutions to any perceived false positives that may arise.
Any ISP, or anyone in charge of protecting their network, will doubtlessly become twitchy at the mere mention of “false positives”. The three original communities in our BGP feeds have zero false positive rates. BUT please note the word “perceived”. If any IP address hosts a botnet C&C, you should block traffic between your network and this IP address. It is irrelevant if a legitimate device is hosted on that IP. This doesn’t make it a false positive. It makes your network safer for dropping traffic from it!
Consider the following two scenarios, and ask yourself, “Which would I prefer to be dealing with?”
It’s also worth noting if you are concerned about perceived false positives, IP addresses placed on the BCL – Compromised have a much shorter listing time, and our research team consistently revalidates them to ensure the botnet C&C is still active, continuing to pose a threat to your network and your customers.
If you’re interested in seeing how this data performs in your network environment, you can trial the data for free for 30 days. If you’re already using the Spamhaus BGP feeds for network edge protection, you can get access to this additional community for free, log into the Customer Portal and contact us, so we can update your profile.
Border Gateway Protocol (BGP) Firewall provides your users and network with up-to-date protection against botnets and other external attacks.
Set up takes minutes; our data is constantly updated in real time by our experienced researchers on your behalf and can be utilized in your existing firewalls or routers.
7 December 2022
Border Gateway Protocol Firewall (BGPF) is an effective and low-cost way to drop traffic to and from the worst of the worst IP addresses. Discover how it works and why it's invaluable to protect your network.
Spamhaus has introduced a new Border Gateway Protocol (BGP) community. This new feed focuses on malware families, such as Emotet. Users will benefit from increased protection against the threat of data loss and encryption by ransomware.