There are a number of Internet Service Providers (ISPs), along with their customers, who are unwittingly missing out on the opportunity to have uninterrupted access to Spamhaus’s commercial grade threat intelligence. Here’s how to ensure you stay protected with our domain name server block lists (DNSBLs), and furthermore, increase the value of the service you provide to your customers.

How to protect email

There are multiple solutions, feeds and services in the commercial anti-spam marketplace. Currently three billion mailboxes, for those of you who like precise numbers, click here for today’s exact number, are being protected by Spamhaus’s business grade data feeds.

These DNSBLs are updated around the clock by a highly experienced group of security researchers, whose sole focus is to track spam and cyber related threats, such as phishing, malware and botnets. Malicious emails are blocked before they even reach your inbox reducing storage costs, bandwidth usage, and of course, increasing your email security.

So, what has this got to do with ISPs?

Good question. Keep reading.

A free service to the public

Occasionally large scale users like to avail themselves of Spamhaus’s free DNSBL servers. Spamhaus has always believed in protecting individuals, small businesses and nonprofit organizations for free. Over the years a global network of over 80 DNSBL servers has been built, serving billions of queries to the public at no cost, as long as usage is within the limits set out in the policy below:


  1. Use of the Spamhaus DNSBLs is non-commercial
  2. Your email traffic is fewer than 100,000 SMTP connections per day
  3. Your DNSBL query volume is fewer than 300,000 queries per day
    Sadly, as previously mentioned, a minority abuse this policy. To ensure fair usage this service is now monitored. Where a recursive server is flagged as over querying it may potentially be blocked. This will result in any users running queries through it to return a ‘non-existent domain’ (NXDOMAIN) which in this case means we are not providing reputation advice about whether or not to receive that email. Ultimately it means that the user will no longer be protected from malicious emails through these queries.

But why should ISPs care?

If you are an ISP provider with one, or multiple customers over-querying through your recursive server(s) there is the potential that the recursive server(s) in question will be blocked from the free DNSBL service. Regrettably this means that not only do those who are guilty of abusing the service lose out, everyone does. Moreover it’s highly likely that you would be completely unaware that the service is being blocked.

Ignorance isn’t bliss, particularly not for your customers

We understand the inconvenience and potential risks an outage of threat intelligence could mean for all concerned. You, as the ISP, stand to lose the free service (as long as you are using it within the stated query and traffic volumes), but additionally your customers stand to lose it too. Even worse – there’s a high probability that your customers would be completely unaware of the fact they are not protected.

Keeping everyone happy

We all know you can’t keep everyone happy all of the time, but we like to try. Therefore we offer users of Spamhaus’s free DNSBL servers access to our Data Query Service (DQS). This DQS has multiple advantages:

  • The DQS is FREE – as long as usage is within policy limits (see above).
  • Increased data quality – updated in real-time: this is a commercial grade feed.
  • Set-up is simple and quick – it should take you literally one minute to set up on most modern mail servers and it doesn’t require additional software or servers.
  • Continuous service assurance – providing you keep within the usage policy.
  • Only your usage will be monitored – not that of everyone else using the same recursive server as you.
  • Sign up for the feed is easy – click here

Spread the word

All you need to do is share this message with your customers, to ensure there are no potential access issues to the Spamhaus DNSBL for anyone. We suggest dropping your marketing team a note to see how they could help you communicate this information to your customers.

Share email threat protection with your customers

An alternative route, and one many ISPs take, is to increase the value of your service offering by providing this added layer of email protection to your customers’ mailboxes for free. “Ouch” we hear you say, “that’s going to be expensive”. Don’t jump too hastily to that conclusion – connect with us today to find out what the actual costs would be to your ISP business. After all, a phishing attack or potential loss of business is likely to be far more costly.

Related Products

Data Query Service (DQS)

Spamhaus’ Data Query Service (DQS) is an affordable and effective solution to protect your email infrastructure and users.

Using your existing email protection solution, you will be able to block spam and other related threats including malware, ransomware, and phishing emails.

The service has never failed and utilizes the longest established DNSBLs in the industry.


  • Proactive & preventative
  • Save on email infrastructure & management costs
  • Actionable


Why you should use domain and hash blocklists

18 May 2020


It's a well-known fact that filtering emails using IP blocklists (DNSBLs) blocks the vast majority of malicious emails. It's effective and economical, using minimal computational power. So why should you also use domain and hash blocklists for filtering?

The value of Hash Blocklists

18 May 2020


IP & Domain Blocklists (DNSBLs) are very effective at filtering malicious emails. However, they do have one big limitation: How do you block an email sent from a compromised account at Gmail, Hotmail or any other large email service provider (ESP)? Hash blocklists are the answer.

Botnet Threat Update Q1 2020

15 April 2020


The number of botnet Command & Controllers (C&Cs) associated with fraudulent sign-ups, reduced by 57% in Q1 2020, however it isn't all good news. Find out the full details on botnet C&C activity here.