Second beta release of domain reputation via API – increased actionable data

Posted on
March 10, 2023 Author
Sarah Miller Read time
4 mins

Domain Reputation API Insight Contextual data

In this guide

Introduction What’s new in beta 2.0?Reputation Dimensions Context Tags Listed domains Clusters Hostnames Malware Additional intelligence Technical documentation Find out more and sign-up

Introduction

Towards the end of 2022, Spamhaus released a beta API that provided access to information relating to every domain that researchers observe. This API provided an overview of a domain’s reputation and its associated resources. Having listened to the feedback from beta testers, which was along the lines of “It’s OK, but we want more insight,” our development team went into overdrive to produce an API that meets (and hopefully exceeds) expectations.

What’s new in beta 2.0?

Everything! Well, almost. This API is now broken up into several different calls, allowing users to tailor the insight they query based on their individual use cases and requirements. Each part of the API focuses on a different aspect of the signal available, as detailed below:

Reputation Dimensions

We’re sharing the various dimensions(scores) that your domain’s reputation score is composed of – giving you insight into what dimension may be dragging your reputation score down, so you can take constructive steps to improve your domain’s reputation. The following areas have a score attached to them:

smtp: reputation in the SMTP area.
identity: reputation of the domain’s identity, for example, the owner and registrar.
infra: reputation of the infrastructure of the domain, for example, nameservers and hosts.
malware: reputation of the domain as affected by malware, bots, and distribution of such threats.
human: the human reputation for a domain. This dimension represents the viewpoint of Spamhaus researchers about the domain.
3rdparty: the reputation score trusted third parties provide relating to the domain.

Context

For those of you who want to know where the domain has been observed, the context is provided, listing all places the domains have been sighted, for example, in a dkim header.

Listed domains

To establish if a domain is listed on a blocklist, you can query the **Domain Listings API.**This will advise if the domain is listed, the timestamp of when it was listed, and the listing expiry date.

Clusters

These Cluster hashes are used to correlate domains to patterns of behavior across the following two areas:

Auth – relating to patterns in behavior associated with authentication patterns relating to email.
Infra – relating to patterns in domain registration – when and how it was registered and the infrastructure it is using.

Note: This is available to users with Extended Access and must be used cautiously. Clustering is not an exact science but merely indicates potential associations between domains, and further investigations must always be undertaken before assuming all returned domains are associated.

Hostnames

Spamhaus tries to minimize the impact and the reach of a listing on a blocklist or Response Policy Zone, and, when possible, we list hostnames rather than domains. Within SIA, there is now an API call that returns hostnames that are (or have been) listed for a specific domain in the recent past, including timestamps.

Malware

This API call outlines the malware associated with the domain (if any).

Additional intelligence

Various resources relating to the domains are being made available, from sending IP addresses to nameservers (NS) and A Records. Timestamps and the number of domains served by these resources are also provided.

Technical documentation

To get a complete technical overview of the beta 2.0 API, read our technical documentation.

Related Resources

Domain Reputation API Insight Contextual data