Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP)
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find out who we work with and how you can become a Spamhaus Partner.
Discover a wide range of blog posts, case studies and reports.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by Barry Branagh on 4 Jul 2018
Do you utilize Spamhaus' free blocklists via the public mirrors? Are you currently using Google's Public DNS or a similar public recursive server?
You may not be aware, but with this combination, every time you make a query to Spamhaus it will return a 'non-existent domain' (NXDOMAIN), and soon will start to return an error code. That means you are not receiving reputation advice about whether or not to receive that email i.e. your spam emails will not be blocked by the queries you are running. Here's why...
There are many reasons why people choose to employ a public DNS resolver, such as Google Public DNS. Perhaps your Internet Service Provider’s (ISPs) recursive name server suffers from high latency due to it being overloaded. Let’s be honest, given the competitive nature of this marketplace, some providers have been known to ‘skimp’ in this area to reduce operating costs.
Also, let’s not forget its ease of use. If you’re setting up an address to use as your DNS resolver, then 184.108.40.206 (one of Google’s public DNS resolver IP addresses) is one of the simplest numbers to remember.
So why don’t Spamhaus’s free DNSBLs work through some public DNS resolvers?
Regrettably, we have had to block some public DNS resolvers because some users can exploit them to get more than their fair share of a free service.
Back in 1998, when both the world wide web (w.w.w.) and Spamhaus were in their infancy, 3.1% of the global population utilized the internet, according to data from the International Telecommunication Union.
Fast forward 20 years, and now 48% of the world’s population uses the internet. That takes the numbers from 188 million users in 1998 to 3,663 million users in 2017. This means that not only are the number of global internet users increasing at a phenomenal rate, but the number of those using Spamhaus’s free public mirrors is also dramatically increasing.
We believe in providing the public with threat intelligence for free, helping small independent businesses, schools, and non-profit organizations safely filter their email at no cost.
With a network of over 80 public DNSs spread across 35 countries, this significant international DNS infrastructure serves billions of queries to the public every day for free.
But note the word ‘public’ in the above paragraph. This free service is intended to be available for those who are genuinely ‘the public,’ fulfilling all of the following criteria:
Spamhaus understands that anything free is difficult to resist. Therefore usage is monitored of these free DNSBLs to ensure this resource isn’t being exploited. If an IP address regularly exceeds the above criteria, it is suggested the user pays to use the commercial DNSBL Data Query Service (DQS).
It’s simple – public recursive name servers act as an anonymizing service and enable large-scale users to hide behind them. Given the lack of transparency and inability to identify those who are abusing the free service, a difficult decision was made to add some public domain name servers to our access control list… ultimately blocking your query.
To quantify the issue, over a 24 hour period, Spamhaus receives approximately two billion queries from what could be argued the most popular public recursive DNS. This is roughly 20% of the total number of queries made over the same period.
Not a problem, as long as you meet the criteria detailed above. Spamhaus can provide you with free access to our DNSBL datafeed via our Data Query Service (DQS). Sign up for a low-volume free DQS account here. It’s straightforward and can be set up in a matter of minutes, and enables you to have access to our domain name server blocklists whilst still using a public DNS.
You can increase your catch rates with two additional blocklists that are included in this service, at no additional cost:
1. Zero Reputation Domains (ZRD) – This lists newly registered domains for 24 hours. Domains that have just been registered are rarely used by legitimate organizations immediately; meanwhile, cybercriminals register and burn 100s of domains daily.
The Zero Reputation Domain (ZRD) blocklist helps to protect your users from clicking on links and visiting newly registered domains until it is established that they are not associated with zero-day attacks; phishing, bot-herding, spyware, and ransomware campaigns.
2. Auth Blocklist (Auth BL) – This is a subset of the XBL, listing IP addresses known to host bots using brute force or stolen SMTP_AUTH credentials to send email-borne threats. This blocklist is available separately, so you can use it at SMTP Auth as a score to ensure someone isn’t trying to misuse a user’s account.
For a full comparison of functionality across Spamhaus’ DNSBL offerings, take a look at this table.
Any questions? Simply contact us.
Article updated 15/03/21
If you are using the Spamhaus Project’s Public Mirrors and are suddenly experiencing issues with your email stream, it is likely that you are having issues parsing newly introduced error codes.
We have collated all the information you need to help you understand what you need to do to fix the problem and find out why these error codes have been introduced.
17 January 2022
Are you currently using the Spamhaus Project’s DNS Blocklists (DNSBLs) and use Cloudflare’s DNS? If you've answered "yes" to both of these questions, you need to make some changes to your email infrastructure.
21 February 2021
If you are a Spamhaus Project Public Mirror user, here's the technical information on how to configure your MTA correctly to accept error codes.
11 February 2021
The Spamhaus Project are introducing error codes to indicate when no data is being returned. If you're using these blocklists ensure you check your MTA configuration.