Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP)
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find out who we work with and how you can become a Spamhaus Partner.
Discover a wide range of blog posts, case studies and reports.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
Help for Spamhaus Public Mirror users
Using the Project’s Public Mirrors and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by Swapneel Patnekar on 23 Sep 2020
This year there have been numerous accounts of phishing websites impersonating high profile brands in India. In this article, guest author Swapneel Patnekar looks at how Passive DNS data can help brand specialists and marketing teams quickly identify domains that could potentially harm both their brand and reputation.
How many phone numbers can you recall? In days gone by, before the advent of the smartphone, most people could remember multiple telephone numbers, as we dialed them manually on a daily basis. Nowadays, with Siri and Alexa making calls for us, it’s difficult to remember one’s mobile number, let alone anyone else’s.
Now imagine if every time you needed to visit a website, you had to recall the relevant internet protocol (IP) address, e.g., 18.104.22.168 (and that’s a short IPv4 address, we won’t even think about an IPv6 one!). Unless you are a numerical savant, such a system wouldn’t be sustainable.
To simplify things, the domain name system (DNS), which is a distributed database, associates domain names with IP addresses, e.g., www.spamhaus.com is associated with 22.214.171.124 & 126.96.36.199. The DNS then operates somewhat like a telephone directory, looking up and connecting with the requested ‘device’ that’s assigned to the IP address in question.
Registering a domain name is easy. Any available domain name can be registered by anyone, in any part of the world. Well, this isn’t entirely true (nothing is ever simple, is it?). There are certain country-code top-level domains, which have some restrictions on them, but for this article’s sake, let’s not over complicate the narrative!
Most users registering domain names do so for legitimate purposes: business, entertainment, education, hobbies, etc.. However, bad actors abuse the system by registering domain names and using them with the sole purpose of deception, e.g., phishing websites for identity theft and/or financial fraud.
We’ve all heard the stories relating to banking fraud; nefarious individuals register a domain name that closely resembles the bank’s domain name. They build a lookalike website and defraud users into parting with their private banking credentials, and in turn, go off and use these credentials to empty the accounts of their victims.
It’s not only financial services that are open to this kind of abuse. Recently, in India, a spate of domain names have been used to masquerade as popular brands.
Amul, a high-profile dairy brand, went to the Delhi High Court earlier this year in relation to phishing websites. The result was a restraint being placed on various well-known domain registrars selling or offering for sale, any name with “Amul” as a suffix or prefix.
See the legitimate website of Amul.com below, cautioning its audience of websites impersonating the brand for financial fraud.
Meanwhile, also in India, Reliance Retail is also struggling with cybercriminals impersonating their Jiomart brand, an Indian online grocery delivery service. Once again, the focus of this activity is to deceive victims into applying for a franchise. Here’s the legitimate domain name; www.jiomart.com, and here are some of the fake domains created, as reported by The Times of India:
It’s understandable how victims can easily be fooled into thinking these domain names are part of the legitimate brand.
Brand specialists and marketing teams can utilize Passive DNS to highlight shadow domains or typosquatting and identify entities who are masquerading as their company, brand, or trademark and potentially hurting their customers and damaging their brand.
At a very basic level, Passive DNS is historical data which records the changes in the IP addresses associated with a hostname when a hostname is looked up on the internet. To take a deeper dive into Passive DNS, read this article.
Given the volume and breadth of data recorded, you can see what domains have been observed globally over a period of time. Simply searching a single domain can bring up a wealth of information:
Each of these searches takes less than a minute to run and reveals a wealth of information in one screen, allowing teams to focus on getting the offending domains taken down as quickly as possible, minimizing damage to their brand and reputation.
Why don’t you take a look for yourself, and find out what domains are closely related to your brand, which are not legitimate? Trial Passive DNS for free, with no credit card or payment details required.
1. A hostname is the name of a device connected to the internet
Our Passive DNS allows you to quickly and easily navigate through billions of DNS records to shine a spotlight on potentially malicious internet resources associated with your network or domain.
13 August 2018
Understand how Passive DNS is changing the way Security and Marketing professionals operate when it comes to identifying cyber threats and fraud.
Read how Passive DNS can help organizations uncover spoofed domains that can potentially damage their brand reputation.