Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP)
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find out who we work with and how you can become a Spamhaus Partner.
Discover a wide range of blog posts, case studies and reports.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by Sarah Miller on 23 Mar 2021
Reducing the time your customers spend analyzing reports by weeks is quite an achievement. Here's how Spamhaus Intelligence API assisted Red Sift in accomplishing that and more.
The Red Sift Open Cloud is a data analysis platform that is purpose-built for the challenges of cybersecurity. By harnessing the power of Artificial Intelligence (AI), it securely collates, computes & visualizes data from thousands of individual signals, delivering intelligent automation to its global customers.
From its inception in 2015, Red Sift’s client portfolio has rapidly grown. Product development teams were always aware that they would need to lean on threat intelligence data to help them keep one step ahead of the competition.
Initially, for their OnDMARC and OnINBOX products, they required DNS blocklists (DNSBLs) to validate the reputation of IPs and domains sending email. For the OnINBOX product, utilizing blocklists helps Red Sift supply customers with an Authentication, Contents and Trust score (ACT) highlighting what emails are safe to interact with, helping combat Business Email Compromise (BEC).
After trialing various DNSBL vendors, Red Sift chose Spamhaus’ IP and Domain blocklists. Multiple factors led to this decision, including the quality and consistency of Spamhaus’ datasets, not to mention its global footprint providing widespread coverage. Additionally, accessing the DNSBLs was simple with Spamhaus’ Data Query Service. This provided Red Sift with a set-and-forget solution, which hasn’t failed since it went live in 2015.
With an increasing number of enterprise-sized customers, Red Sift was servicing more complex infrastructures. This meant a greater volume of report generation. One key aspect of DMARC is classifying your assets listed in these reports and mapping IPs to known senders.
In the first instance, customers had to undertake manual analysis, primarily done via lengthy internal conversations or outsourcing to consultants, both expensive and time-consuming.
With Red Sift’s focus on intelligent automation, they turned to Spamhaus Intelligence API (SIA), enabling them to provide their customers with additional insights that saved time and quickly highlighted urgent areas to focus on.
This API provides a wealth of metadata related to listings in Spamhaus’ blocklists, specifically the Exploits Blocklist (XBL), which lists IPs related to compromised behavior, e.g., machines infected with malware.
A DNSBL provides a binary “yes, it is listed” or “no, it is not listed” response. Meanwhile, SIA provides numerous data points relating to the listed IP address, furnishing the user with more in-depth insight into the compromised IP’s activity.
When Red Sift identifies an IP listing on the XBL, they make a call to the API. Currently, 20-25% of all IP addresses they process are listed on the XBL and therefore called into SIA.
With the added intelligence SIA provides, Red Sift can automatically score the IP and provide its customers with the relevance of why the IP is being blocked; automated, immediate intelligence.
As previously mentioned, before SIA, enterprise customers were manually working through hundreds of reports. Now Red Sift automates the analysis, giving a contextual layer of why an IP is considered “bad.”
Users of OnDMARC can now log in and view a list of senders, along with an IP score that delivers a quick health check. This score can indicate to users if a legitimate sender has bad list hygiene or, worse, unsolicited use.
This intelligence is invaluable for OnDMARC users, saving them from sifting through reports and wasting valuable time, providing instant insight into what to prioritize and focus on.
One customer, a specialized agency of the United Nations, used OnDMARC to analyze over 29,000 sending IPs in just minutes. The intelligent automation behind this analysis was powered using SIA. As a result, 22% of their sending IPs were instantly highlighted as “known malicious,” saving the organization weeks of work.
In the words of Deepak Prabhakara, Red Sift’s Founding Engineer and CTO, “Spamhaus data allows us to add huge amounts of value for our customers and beyond.”
Here are the additional benefits being experienced by Red Sift:
Saving time: With the additional insight SIA brings, Red Sift’s Customer Success Teams can quickly classify potential threats, dramatically reducing report analysis time, freeing them up to provide additional value to their customers.
Scalable solution: In the words of Deepak, “We don’t have to worry about scale. The data is easy to access and a great benefit for us.” He added, “We can push as much traffic as we need towards Spamhaus, and we know it’s going to work.”
Product innovation: Red Sift utilizes SIA to help realize their product roadmap, and there’s more in the pipeline for Red Sift’s customers in terms of automation and further insights.
Simple implementation: Deployment of DQS was very straightforward, with standard DNS queries. For SIA, the Red Sift technical team uses a specially written reverse proxy, which goes from the client, performing a DNS request, caching it and automating the token refresh, avoiding the potential of multiple active tokens.
The threat intelligence that SIA provides Red Sift is assisting them with product innovation. As a result, their customers rapidly gain visibility of problem IPs and understand the context surrounding the issue. This enables them to remediate issues far quicker. Ultimately, productivity is significantly increased, which is always a positive outcome.
Meanwhile, Red Sift can focus on further innovations, while Spamhaus is detecting threats 24/7 on their behalf, delivering accurate IP and domain reputation data via a robust infrastructure.
This API provides access to multiple datasets containing metadata relating to compromised IP addresses. These IP addresses may be exhibiting compromised behavior, including malware, worm, and trojan infections, and SMTP-specific traffic emitting spam, or cybercriminals are using them to control infected computers – botnet command & controllers.
The breadth of data available via an easily consumable API provides security developers with scores of opportunities.
25 January 2022
The breadth of reputation data available via the Spamhaus intelligence API is increasing - the extended Botnet Controller List is now included.
30 June 2021
Spamhaus has released the extended CSS Blocklist (CSS) and made it available via our API service. This provides users with additional insights relating to compromised and malicious IP addresses.
23 March 2021
We're aware that it can take time to find the right use case and build the right application to meet its needs. So, we've created a license to give developers access to the data without the 30-day time limit attached to a trial. The developer license runs for six-month periods.