ISPs – Ensure you & your customers have continued access to Spamhaus’ DNSBLs

How to protect email

There are multiple solutions, feeds, and services in the commercial anti-spam marketplace, including blocklists. This form of email filtering is simple, exceptionally effective (99%+ catch rate), and for many small-scale users, it is free.

Malicious emails are blocked before they even reach your users’ inboxes reducing storage costs, bandwidth usage, and of course, increasing your email security.

Experienced security researchers and threat hunters update the DNSBLs 24/7. Their sole focus is to track spam and cyber-related threats, such as phishing, malware, and botnets. 

Currently, three billion mailboxes (for those of you who are precise, see here for today’s exact number) use Spamhaus’ blocklists.

So, what has this got to do with ISPs?

Good question. Keep reading.

A free service to the public

Occasionally large-scale users like to avail themselves of Spamhaus’ free public mirrors (DNSBL servers). Spamhaus has always believed in protecting individuals, small businesses, and nonprofit organizations for free. 

Over the years, a global network of over 80 servers has been built, serving billions of queries to the public at no cost, as long as the usage is within limits set out in the policy detailed below:

1. FAIR USE PRINCIPLES – You are not automatically entitled to the use of Spamhaus’ DNSBL Public Mirrors. Use of the DNSBL Public Mirrors via DNS queries to our public DNSBL servers is free of charge provided you meet all of the following criteria:
   1. The DNSBL Public Mirror is provided free of charge for non-commercial use by small and medium sized organisations.
   2. Your DNSBL Public Mirror query volume must not exceed volumes reasonably expected in circumstances of non-commercial use.
   3. The network originating the DNS Query must be identifiable. This means you must query the Spamhaus DNSBL Public Mirrors from a recursive resolver run on your own network or from a public resolver which supports ECS.
   4. Queries originating from large shared hosting environments are not accepted. As a workaround, please apply for a free Datafeed Query Key.
2. COMMERCIAL USE – Use of the DNSBL Public Mirrors by companies, organizations, individuals and networks with email traffic likely to breach or exceed the fair use principles set out above, or by ISPs or commercial spam filter services will require a subscription to our Datafeed Service, a service designed for users with professional DNSBL requirements.

But why should ISPs care?

Suppose you are an ISP provider with one or multiple customers over-querying the public servers through your recursive server(s). In that case, there is the potential that the recursive server(s) in question will be blocked from returning queries via the public mirrors service.

This means that not only do those who are guilty of abusing the service lose out, everyone does. Moreover, you will probably be completely unaware that the service is blocked.

Ignorance isn’t bliss, particularly not for your customers

We understand the inconvenience and potential risks an outage of threat intelligence could mean for all concerned: 

• You, as the ISP, stand to lose the free service (even if you are using it within the stated fair-use policy). 
• Your customers also stand to lose the free service. Even worse – there’s a high probability that your customers won’t be aware of this fact and continue, ignorant of the fact that their emails aren’t protected.

Keeping everyone happy

We all know you can’t keep everyone happy all of the time, but we like to try. Therefore, we offer Spamhaus’s public servers/mirrors users access to our free Data Query Service (DQS). 

This service provides every user with a unique key, which identifies their individual query usage, stopping the aggregation of data usage across a single DNS resolver.

The even better news is that the DQS has multiple advantages:

• The DQS is FREE – as long as the usage is within policy limits (see above).
• Increased data quality – this is a commercial-grade feed updated in real time.
• Set-up is quick and straightforward – it takes only minutes to set up on most modern mail servers, and it doesn’t require additional software or servers. Our technical documents provide an overview of configuration examples.
• Extra datasets – you also receive the Zero Reputation Domain Blocklist (ZRD) and Auth Blocklist (Auth BL) to increase catch rates.
• Continuous service assurance – providing you keep within the usage policy.
• Only your usage is monitored – not that of everyone else using the same recursive server as you.
• Sign up for the feed is easy – just complete this form. 

Spread the word

All you need to do is share this message with your customers to ensure there are no potential access issues to the Spamhaus blocklists for anyone.

We suggest dropping your marketing team a note to see how they could help you communicate this information to your customers.

Add value to your service

An alternative route and one many ISPs take to increase the value of your service offering is to provide this added layer of email protection to your customers’ mailboxes for free.

“Ouch,” we hear you say, “that’s going to be expensive.” Don’t jump too hastily to that conclusion – connect with us today to find out what the actual costs would be to your business. After all, a ransomware attack is likely to be far more costly.