Response Policy Zones (RPZs) via Spamhaus DNS Firewall

Posted on
July 14, 2022 Author
Spamhaus Technology Team Read time
3 mins

DNS Filtering DNS Firewall Network security

In this guide

Introduction Content Which zones are available? Domain Intel zones (Domain Blocklist)Zero Reputation Domains (ZRD)Botnet C2 IP zone (Botnet Controller List)Highly Malicious Network zone (DROP)Domains Generated Algorithm zone Bogon IPs zone Choosing the right RPZs

Introduction

Our team of research experts have been compiling threat intelligence data for over 20 years. They understand the rapidly changing threat landscape. Working 24/7 on your behalf, they deliver actionable, real-time RPZs.

Spamhaus RPZs prevent users from accessing malicious sites, freeing overstretched security and IT teams to focus on higher-priority tasks.

Which zones are available?

The Spamhaus RPZs list a wide range of threats, including phishing, malware, adware, botnet command & controllers (C&Cs) and cryptomining.

Here’s an overview of all available zones:

Domain Intel zones (Domain Blocklist)

Adware Hosts: Domains identified as hosting adware.
Bad Nameserver Hosts: Domains that are being used as the host record for a nameserver, and are classified as having a bad reputation.
Bad Nameserver IPs: Nameserver IP addresses that are hosting domains, and are classified as having a bad reputation.
Bad Reputation Hosts: Uncategorized domains identified as having a bad reputation. This includes hosts owned by known spammers, payload URLs, malicious tracking domains and domains associated with low reputation networks, amongst other factors.
Botnet C&C Hosts: Domains identified as hosting a botnet command & controller (C2).
Botnet Hosts: Domains identified as hosting a botnet resource that are not a botnet command and controller.
Malware Hosts: Domains identified as hosting malware.
Phishing Hosts: Domains identified as hosting a phishing site(s).

Zero Reputation Domains (ZRD)

Domains, listed for only 24 hours, that have been recently registered or have been identified as previously dormant.

Botnet C2 IP zone (Botnet Controller List)

Botnet C&C IPs: IP addresses identified as hosting botnet command and controller (C&C) malware.

Highly Malicious Network zone (DROP)

Do Not Route or Peer: IPs that have been identified as being hijacked, belonging to bullet proof hosters, or are being leased by professional malicious organizations. The very worst of the worst.

Domains Generated Algorithm zone

Domains created from multiple domain generated algorithms (DGA). These are automatically generated and usually associated with malware.

Bogon IPs zone

IP addresses that have not yet been assigned to an entity, and should not be generating any incoming or outgoing traffic.

Choosing the right RPZs

Accessed through Spamhaus DNS Firewall our RPZs provide the ultimate in flexibility. Depending on the zone there are different levels of data from standard, to edited. The protection provided by an edited zone is lower than that of its standard zone.

With Spamhaus DNS RPZs choose the zones you want to consume based on the level of risk that is right for your organization - learn more here.

Related Resources

DNS Filtering DNS Firewall Network security