Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP) Firewall
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find a parter
Discover our partners and how they can support you.
Become a partner
Learn about the benefits of being a Spamhaus partner and how to get started.
Discover a wide range of blog posts, case studies and reports.
Spamhaus’ insight into malware, botnet C&Cs, and the domain reputation landscape.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
The Reputation Portal
A tool for ASN owners to get visibility of their IPs’ reputation and proactively manage listings.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by Sarah Miller on 28 Oct 2022
Commercial or developer subscribers to any IP datasets via Spamhaus Intelligence API (SIA) will experience improved performance and search capabilities for this service.
Since SIA’s launch just over 18 months ago, we’ve been releasing additional IP datasets that users can query. As the number of datasets via SIA has increased, we’ve received requests to query “ALL” the IP datasets. Well, in the words of the genie of the lamp, “your wish is our command”. Actually, genies had nothing to do with it – it was the Spamhaus development team who’ve been beavering away adding this “ALL” command to the search values [https://docs.spamhaus.com/sia/docs/source/10-API-Interface/110-API.html#ip-reputation-data].
With this addition, you can instantly access a broad range of intelligence, from IPs listed as hosting botnet command and controllers (C&Cs) to compromised content management systems (CMS) spewing out spam. In other words, it searches all the intelligence our researchers are observing that is available via SIA.
Users can query the following datasets when using the “ALL” command. Each one highlights different areas of abuse:
The XBL focuses on single IP addresses belonging to devices that are showing signs of compromise, i.e., exploited devices. This can be because of malware, trojan and/or worm infections, machines controlled by botnet command and controllers (C&Cs), or third-party exploits such as open proxies.
Meanwhile, the CSS focuses on port-25-based detections, i.e., SMTP traffic. This dataset contains IPV4 and IPV6 addresses that are sending bulk unsolicited email, IPs we observe to be sending email with poor marketing list hygiene [https://www.spamhaus.com/resource-center/address-acquisition-for-mailing-lists/] or sending out spam as a result of webforms or CMS like WordPress being compromised.
Finally, there’s the BCL; this small but perfectly formed dataset packs a punch. Containing only single IPV4 addresses, this dataset highlights IP addresses under the direct control of miscreants using them to host botnet C&CS.
Combining this data provides you with a rounded 360 view of any issues relating to an IP address*. Where the research team has listed an IP, detailed metadata is returned, including the timestamp of the listing, the destination IP address of the connection that triggered the detection, the associated bot name, and the geolocation, among many more [https://docs.spamhaus.com/sia/docs/source/02-data-explained/data-anatomy.html].
This rich data provides a deeper (and clearer) understanding of events, helping speed up mitigation. Additionally, the context the intelligence provides around a listing can help automate reporting, as Red Sift discovered [https://www.spamhaus.com/resource-center/red-sift-and-spamhaus-intelligence-api/].
Not only have our developers been busy, but so have our engineers. They have made numerous enhancements to ensure the infrastructure scales automatically according to the load and dramatically reduces latency. Delivering replies with very low latency enables customers to optimize and scale their code.
If you haven’t trialed the data yet, or have been waiting for this functionality and would like to trial the data again there are two options:
We welcome your feedback on this service as we continually look to provide further intelligence to help you overcome your security-based challenges.
*Please note that the Spamhaus Blocklist (SBL) will be available in 2023, however, the CSS component of the SBL is already included in SIA.
This API provides access to multiple datasets containing metadata relating to compromised IP addresses. These IP addresses may be exhibiting compromised behavior, including malware, worm, and trojan infections, and SMTP-specific traffic emitting spam, or cybercriminals are using them to control infected computers – botnet command & controllers.
The breadth of data available via an easily consumable API provides security developers with scores of opportunities.
2 November 2022
As of Wednesday, November 9th, the CSS dataset will start to grow. We anticipate the addition of 1.5 million listings over the next 4-6 months; that's approximately a 100% increase! Find out why and the impact to you in this blog.
14 September 2022
Discover the rich domain-related data points available via this easy-to-consume API and how you can become one of only 30 beta testers.
25 January 2022
The breadth of reputation data available via the Spamhaus intelligence API is increasing - the extended Botnet Controller List is now included.