Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP) Firewall
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
abuse.ch Real Time Feeds - coming soon
Actionable data signals on cyber threats, with a focus on malware and botnets, to strengthen threat investigations, detections, and help prevent data breaches.
Integration | MDaemon
Block over 99% of email-borne threats with Spamhaus’ real time DNS blocklists and MDaemon® Email Server.
Integration | Halon
Safeguard your email stream using Spamhaus’ real time DNS blocklists and Halon’s secure email infrastructure.
Integration | Messageware
Enhance Microsoft Exchange protection by blocking malicious IP addresses from connecting to your on-premise server in real time.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Exploits Dataset Statistics
View the geolocation, hosting network, malware names associated with each detection, and other critical data points.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
abuse.ch Threat Intelligence Feeds – coming soon
URLhaus, MalwareBazaar, ThreatFox, YARAify, Feodo Tracker and Sandnet enrich CTI feeds and support vulnerability mangement.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find a partner
Discover our partners and how they can support you.
Become a partner
Learn about the benefits of being a Spamhaus partner and how to get started.
Discover a wide range of blog posts, case studies and reports.
Spamhaus’ insight into malware, botnet C&Cs, and the domain reputation landscape.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
The Reputation Portal
A tool for ASN owners to get visibility of their IPs’ reputation and proactively manage listings.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by Sarah Miller on 30 Mar 2022
The unique selling point of .bank is that you can trust this TLD. Yes, it may sound like marketing hype, but it’s true. Due to its restrictions for access, stringent verification procedures and security requirements, you can guarantee that any email coming from a .bank domain or any website using this top-level domain (TLD) will be legitimate.
Not a lot of TLDs can say that! However, with this trust comes great responsibility and takes a significant amount of effort. So, fTLD, the registry behind .bank, turned to Passive DNS to ease the burden.
fTLD Registry was granted the right to operate .bank in 2014, and .insurance a year later. Its mission is to run trusted, verified, more secure, and easily identifiable online locations for banks, insurance companies and producers, and their customers.
Security requirements for these TLDs were written together with the financial industry, ensuring they were relevant and applicable. Even today, fTLD continues to engage with a working group to review and stay one step ahead of the evolving threat landscape.
All .bank and .insurance applicants undergo a thorough verification process before being awarded a domain and must comply with strict registry policies ensuring ongoing compliance with fTLD’s Security Requirements.
Needless to say, monitoring registrants’ digital assets is paramount for fTLD to maintain this high level of security. One element is ensuring that every hostname set up by a registrant is compliant; for example, an A or AAAA record is correctly set up in the DNS. The issue fTLD experienced was how to identify all the hostnames existing within their zones, to be able to pass them onto a third party for testing.
fTLD initially considered the option of convincing registrars to set up access to transfer zones with AXFR. This would have involved a complete zone transfer, including all subdomains. There were multiple challenges in going down this cumbersome route. Instead, they looked to Spamhaus’ Passive DNS.
Passive DNS utilizes non-personally identifiable information (PII) relating to DNS connections when a cache miss occurs. If you’re comfortable with DNS, skip the explanation below, but if you’re less familiar, you may want to follow the arrows.
The Spamhaus Passive DNS database is vast, collecting over 200 million DNS records per hour from numerous independent organizations across the globe. Hundreds of billions of records are stored every month.
The breadth and volume of this data enable fTLD registry to search for all hostnames with the .bank or .insurance TLD. Additionally, it provides a wealth of information regarding other resources associated with those hostnames, including name servers, IP addresses, and mail exchange records. In Heather Diaz’s words, Senior Director of Compliance & Policy at fTLD, “Our system benefits from this additional data to provide more precise results.” Heather added, “it’s enabled us to discover security issues that would have been left unnoticed without this service.”
Spamhaus’ API integration made implementation straightforward. In a typical month, fTLD executes more than 90,000 queries and processes approximately 1.2 million records from the passive DNS database.
In Heather Diaz’s words, “We needed the technical capability to listen at the root DNS of our registry system, and a zone transfer option was too complicated. Spamhaus’ Passive DNS is a great solution to enable fTLD, or any registry, a fast and simple way to analyze its zones. This was the key to implementing our compliance security monitoring solution for .bank and .insurance.”
Our Passive DNS allows you to quickly and easily navigate through billions of DNS records to shine a spotlight on potentially malicious internet resources associated with your network or domain.
23 March 2022
Here, fTLD, the registry for .bank and .insurance top-level domains (TLDs), provides their view of how a TLD can make it simple for users to trust their interactions with websites.
10 March 2022
XYZ Registry explains how the lack of visibility into a bad actor's domain causes issues and provides suggestions to overcome this problem.
3 March 2022
We've been reaching out to registries for their views and opinions on combating internet abuse for this blog post series. Recently we had an in-depth conversation with XYZ on their approach to domain abuse.