With over 1.5 million customers worldwide and managing more than 2.5 million domains, one.com is on the front line against threats from phishing and other malicious activities. To keep users safe and combat these threats, one.com utilizes Spamhaus’ Data Query Service with SpamAssassin, and a custom integration with Spamhaus DNSBLs. This creates multi-layered protection; a best practice in (email) security to safeguard infrastructure, operations and end users. Read on to find out how.

Meet one.com

Starting out in 2002 as a small startup in Denmark, one.com has grown into an international company, now part of group.one. Providing web hosting, domain registration, mailbox services, and website building tools, today they host customers across more than 100 countries! With a purpose to be “Your number one online partner,” they are committed to helping customers grow their online presence successfully and securely

Security at one.com

As a shared web hosting and mailbox provider, one.com has a responsibility to provide robust mitigation against security threats to ensure a reliable and secure service to its customers – most critically to protect against:

Phishing and malicious email: Dan Malm, Systems Engineer at one.com shared over the past 3-4 years the company has witnessed an uptick in phishing attempts targeting customers, so, “Protecting the infrastructure from phishing and other malicious emails is a significant and persistent challenge.”

Compromised accounts: In a shared hosting environment, if one account is compromised, all other accounts on the same server are vulnerable to exploitation. This is not just a theoretical risk for one.com but a constant source of work for the abuse team.

In addition to continuous monitoring of threats and vulnerabilities, customer education, and other technical measures, one.com has deployed several filtering tools and services, including Spamhaus’ Data Query Service (DQS), to help mitigate these risks.

How does Spamhaus’ data support email protection?

one.com takes a layered approach to email filtering to enhance security and strengthen defenses against the wide array of email-borne threats. Following industry best practices they have developed a custom integration of Spamhaus DNSBLs to analyzeand filter out the bulk of unwanted emails at the pre-data phase. At the point of SMTP connect, one.com queries:

1. First, the sender IP via the ZEN Blocklist,
2. Next, sender domain with the Domain Blocklist (DBL), and,
3. Finally, the sender address via the Hash Blocklist (HBL).

If the IP address is listed, one.com drops the connection immediately, without scanning any content. Operationally this saves time and reduces costs related to bandwidth, storage activity, as well as overall memory, storage, and CPU requirements.

Once this phase is complete, content inspection commences. Here one.com has implemented the industry-leading DQS with SpamAssassin. The email filtering solution enables one.com to scan the message content and check the sender’s IP, domain, and email addresses, as well as detecting cryptowallets, malware files, and URLs. If the message can be classified as spam, it is marked accordingly and filtered into the spam folder.

And, for email on the outbound?

On the outbound, one.com uses the Spamhaus Blocklist (SBL) and Exploits Blocklist (XBL) as indicators of compromised accounts. The DNS blocklists are integrated into internal filters to check the sender IP. Connections from a listed IP are then used to signal possible account compromise. Where compromise is confirmed after investigation from the Compliance team, the account is suspended, meaning no emails can be sent until the issue is resolved. This protects one.com’s IP reputation, while also protecting the brand reputation of their customers, and their ability to consistently and securely send email.

What are the main benefits for one.com?


With decades of experience as the trusted authority in IP and domain reputation data, Spamhaus was the clear choice for one.com. After using Spamhaus’ data for many years, one.com highlights three key benefits:

  • Reduced processing and storage costs – Where an IP is listed, inbound email is dropped early on in the process before one.com scans the content, saving on storage and processing costs.
  • Overall reduction of spam – With DQS, one.com protects its customers and infrastructure from up to 99% of malicious emails.
  • Control of compromised accounts – Using the SBL and XBL, one.com has set up automation for handling compromised accounts, meaning they can react quickly and suspend accounts before they cause bigger problems.

Enhanced protection through targeted filtering

It’s important to remember that not all organizations receive the same spam, phishing, or malware emails. Each organization will encounter unique traffic based on its location and industry. By sharing basic email connection data, Spamhaus can identify spammers and threats in one.com’s customer’s email traffic – without needing any personally identifiable information (PII). 

This not only enhances the performance of our data for one.com but at the same time benefits all other users. When asked why sharing data with Spamhaus is important to one.com, Dan responded, “Keeping our customers safe is absolutely critical to us. Spamhaus enables us to do this – ultimately helping you, helps us, but it also helps make the Internet a safer place for everyone.”

As part of this service, Spamhaus processes 175 records per second every day on behalf of one.com. From this process, an average of 180 listings are considered to be of low reputation or associated with spamming, and a further 80 listings are considered malicious, suspicious, or from compromised bot-controlled machines. That’s an additional 240 emails, every day, which one.com and its customers are now safe from, following a simple data-sharing setup.

To learn more about Spamhaus’ Enhanced Protection, please contact us here, or to sign up for a free 30 day Data Query Service trial, click here.

Data Query Service (DQS)

Spamhaus’ Data Query Service (DQS) is an affordable and effective solution to protect your email infrastructure and users.

Using your existing email protection solution, you will be able to block spam and other related threats including malware, ransomware, and phishing emails.

The service has never failed and utilizes the longest established DNSBLs in the industry.

  • Proactive & preventative
  • Save on email infrastructure & management costs
  • Actionable

Akéreon tackles shipping spam with Spamhaus’ Data Query Service

6 March 2024

Case Study

Find out how Spamhaus’ Data Query Service (DQS) has assisted Akéreon in spotting which emails to give a wide berth.

Egress prevent business email compromise with Spamhaus’ Data Query Service

8 March 2022

Case Study

Global email and data security company, Egress uses Spamhaus’ Data Query Service to provide users with simple intelligence about malicious actors.

UOL’s IT team gain huge efficiencies using Spamhaus’ Data Query Service

6 October 2020

Case Study

Data Query Service enables email provider, Universo Online (UOL) to protect millions of users from spam and other malicious email threats while freeing-up 20% of the team's time resources.