Content
Email administrators can block email containing links to listed domains by performing message body URI checks. You can use our return codes to simply block emails, or use them as part of a spam scoring system, according to your organization’s policies, risk profile and tolerance for false positives.
Which datasets are included?
At Spamhaus we offer three different datasets based on content reputation: Low Reputations Domains, Zero Reputation Domains and Low Reputation Resources. All datasets are carefully curated by an expert team of researchers, who use machine learning, combined with manual investigations and heuristics, assessing over 3 million domains every day!
Here is an overview of each dataset:
Low Reputation Domains (Domain Blocklist, DBL)
This dataset contains domains owned by spammers and used for spam or other malicious purposes. It also contains domains owned by non-spammers which are used for legitimate purposes, but have been hijacked by spammers.
The data protects email containing domains associated with spam, phishing, malware, botnet command and controllers (C&Cs) and redirector domains. Due to our strong relationships with domain registries, some domains are listed before they are seen in the wild.
Discover all the ways you can access and consume ‘Low Reputation Domains’ data.
Zero Reputation Domains (ZRD)
This lists newly registered domains for 24 hours. Domains that have just been registered are rarely used by legitimate organizations immediately. Cybercriminals register and burn 100s of domains daily.
The Zero Reputation Dataset helps to protect your users from clicking on links and visiting newly registered domains until it is established that they are not associated with zero day attacks; phishing, bot-herding, spyware and ransomware campaigns.
Discover all the ways you can access and consume ‘Zero Reputation Domains’ data.
Low Reputation Resources (Hash Blocklist, HBL)
This dataset contains the following content areas: cryptowallet (Bitcoin etc.), malware, email addresses and URLs (including shorteners, redirectors and online file storage providers).
Low Reputation Resources are lists of cryptographic hashes associated with malicious content, as opposed to IP addresses or domains. They are extremely useful for filtering fraudulent emails coming from ISPs, domains, or IP addresses that Spamhaus is unable to list e.g. Gmail, or URL providers we are unable to list, e.g. drive.google.com. Additionally, they block emails containing malware files and cryptowallet addresses.
Due to our collection and dissemination methods, we can list malware hashes within 30 secs of initial observation by our researchers – “This [Low Reputation Resources dataset] is a game-changer. It’s the biggest single effectiveness improvement we’ve had in 10+ years, all for a simple one-off implementation.” Manager, Global Cybersecurity Software Provider.
Discover all the ways you can access and consume ‘Low Reputation Resources’ data.
Content filtering with DNSBLs
All the above datasets are included in a single subscription, available via Real Time DNS Blocklists. Use these datasets in combination with our IP-based DNSBLs and filter over 99% of spam and malicious emails, utilizing your existing email infrastructure.