Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP)
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find out who we work with and how you can become a Spamhaus Partner.
Discover a wide range of blog posts, case studies and reports.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
In depth information about the technical details and implementation of our products.
Posted by The Spamhaus Team on 29 Jul 2018
DNS Firewall Threat Feeds enable a regional healthcare provider to protect their networks, and ultimately their patients' data, from the rapidly changing cyber threat landscape, with minimum cost and effort.
This case study follows a leading U.S. regional healthcare provider with more than 2,500 medical staff across approximately 90 primary care and ambulatory locations. Looking beyond today to what’s next, this provider has an innovative and multi-layered approach to healthcare, which flows throughout the business, including their security and network teams.
Several years ago, this healthcare provider found that on email their domain was blocked regularly. This was as a result of a number of botnet-infected machines on their network. The healthcare provider’s Network and Security team turned to Border Gateway Protocol (BGP) feeds from Deteque to resolve the issue.
The BGP feeds blocked the IP addresses of the infected devices that were trying to contact botnet Command & Control servers; stopping traffic between these devices. Immediately the email issues were resolved.
Having experienced strong success with the BGP feeds, both in terms of results and costs, the same team was keen to see what other solutions Deteque had to offer. As their Senior Design Architect & Network Security Engineer explained, “One single product is not going to be the answer, it’s important to find complementary products to your current infrastructure.” DNS Firewall was an obvious choice. “Its ‘set and forget’ format is a perfect fit for us” he added, “it allows us to focus on other issues.”
The regional healthcare provider benefits from real-time threat intelligence, at the DNS level. Rather than configuring their own DNS recursive servers, the team chose Deteque’s managed service. To ensure a seamless changeover, they switched one of their resolvers over to Deteque’s DNS Firewall resolver, while keeping the Google DNS resolver in place for several weeks, to ensure no issues arose.
To facilitate a smooth deployment, the regional healthcare provider had identified both business and technical owners, prior to the go-live, to gain business buy-in. As one of the provider’s Information Security Engineers explained: “Security is everyone’s problem and should be at the forefront of everyone’s mind.”
Recently a similar organization, within the same region, was subject to a high-profile ransomware attack. The victim healthcare provider had their systems shut down for five days and paid an undisclosed ransom.
Given the integrated nature of healthcare across the State, there was concern that the healthcare provider who was using Deteque’s DNS Firewall could have been hit by ransomware too. They didn’t experience any such attack. The Senior Design Architect & Network Security Engineer explained, “This is due to having a strong security strategy and the right security solutions in place, like DNS Firewall.”
Protection in the right places: 65% of blocked connections to the internet are in the ‘Cryptominer zone.’ This correlates with an article published by Forbes on the exponential increase in this kind of malware.
The charts below illustrate the significant increase in cryptominer malware that has been blocked on a regional healthcare provider’s network by DNS Firewall, comparing April 2018 to December 2018.
Given the ever-changing cybersecurity landscape, leveraging the research expertise of Deteque ensures that they have the right threat intelligence immediately. This covers any potential knowledge gaps in cyber threats that may occasionally arise across small teams.
Reduction in workloads: Combining the DNS Firewall and BGP feeds has seen a vast decrease in the number of machines requiring re-imaging. The healthcare provider’s policy is to re-image a device once it’s identified as infected. With users no longer able to access bad domains the risk of becoming infected has dramatically reduced. This frees up onsite technicians to focus on other matters.
Best use of existing resources: This ‘set and forget’ solution is one of the best defenses available based on the team’s current resources, freeing them up to focus on other issues
One of the healthcare provider’s Information Security Engineers perfectly summed up the value DNS Firewall has brought them “There is no tech tool to repair reputation” they explained, “DNS Firewall has enabled us to keep our patient’s faith that their data is safe with us. This confidence allows us to maintain ‘the charge’ in Healthcare. Keeping our customers happy is key.”
Applied at the DNS level of your infrastructure, these threat feeds automatically stop users from accessing malicious sites including phishing and malware dropper websites.
These threat feeds can be integrated with existing recursive DNS servers, or for those who don’t manage their own DNS, we have a managed service available.
Border Gateway Protocol (BGP) Feeds provide your users and network with up to date protection against botnets and other external attacks.
Set up takes minutes; our data is constantly updated in real time by our experienced researchers on your behalf, and can be utilized in your existing BGP capable routers.
24 January 2020
Spamhaus Malware Labs identified a 71.5% increase in the number of botnet command & controllers in 2019. Find out who and what was driving that increase.
17 March 2019
When choosing DNS Firewall Threat Feeds its key to ensure you pick the right ones based on the relevant level of protection your business requires, otherwise you could be making things more tricky than they need to be.
29 March 2018
Global managed cloud provider Rackspace is protecting customers and improving connectivity by using DNS Firewall threat feeds to block malicious domain traffic and botnet activity. Find out the challenges they were facing and how they overcame them.