Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP) Firewall
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find a parter
Discover our partners and how they can support you.
Become a partner
Learn about the benefits of being a Spamhaus partner and how to get started.
Discover a wide range of blog posts, case studies and reports.
Spamhaus’ insight into malware, botnet C&Cs, and the domain reputation landscape.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
The Reputation Portal
A tool for ASN owners to get visibility of their IPs’ reputation and proactively manage listings.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by Joe Bloggs on 17 Mar 2019
DNS Firewall Threat Feeds are delivered in the industry standard Response Policy Zones (RPZ) format. These zones are called "policy" for a good reason, i.e., they allow you to choose and implement the protection policies that you want. When choosing DNS Firewall Threat Feeds it's key to ensure you pick the right ones based on the relevant level of protection your business requires, otherwise you could be making things more tricky than they need to be.
Have you been to a buffet breakfast recently? Did you overeat? Be honest…. A little or a lot? It is so tempting to fill the plate with fruit and yogurt, followed by bacon & eggs, finishing up with a couple of pancakes before finally squeezing in a pastry.
When we’ve paid for something we want to get our money’s worth. It’s tempting to do the same with DNS Firewall Threat Feeds. The subscription has been paid so it makes sense to utilize all the feeds at their highest level of security, right? Surely the more intelligence data you utilize, the safer your network and the happier your end-users will be?
Sadly this is not the case. You need to be strategic in your choice of feeds based on the following:
Take a look at the tales of two businesses below to understand what we mean:
An internet service provider (ISP), let’s call it KommuneeK8, uses DNS Firewall Threat Feeds. They have chosen to utilize every piece of data available in their response policy zones, i.e., all standard feeds and all hacked feeds.
KommuneeK8 has a domestic customer called Susie. Susie has an expectation (and rightly so) that she will always be able to access her favorite independent shopping website called Spinning Tunes, to purchase rare vinyl records.
Meanwhile, in another corner of planet earth, the shared hosting environment which Spinning Tunes’ website is hosted on has been compromised and is being used as part of a botnet command & control (C&C). As a result, the internet protocol (IP) address, on which Spinning Tunes’ domain resides has been listed on Spamhaus’ “BotnetCC IPS Hacked” feed.
The consequences of the listing are that Susie is unable to access the Spinning Tune’s website and has subsequently missed out on purchasing the rare Beatles Abbey Road 1987 UK LP pressed on red vinyl. Susie is not happy. So she calls her ISP to loudly express her dissatisfaction at the fact.
While KommuneeK8 had the best intentions of providing a safe browsing environment for their end-user, in this case, the IP listing of a shared resource is going to cause multiple false positives. Ultimately the ISP implemented security policies and chose DNS Firewall Threat Feeds that were too restrictive for their commercial needs.
Now let’s visit a healthcare provider…
Frank works in the finance team of a large healthcare provider. He also wants to visit Spinning Tunes website, and like Susie can’t access it because his company is running DNS Firewall Threat Feeds.
Frank gets pretty frustrated and calls his IT help desk who remind Frank that he is using company property, on a company network, in company time to make a personal purchase! They advise him that healthcare has more breaches than any other sector, and the highest costs associated with stolen data records, therefore they have chosen to follow a low-risk strategy when it comes to cybersecurity. In this scenario, when you weigh up the risk to the company against service to the end-user, it’s perfectly acceptable for the healthcare provider to be utilizing the feeds that are likely to block all domains & IPs that have any potential risk associated with them. The healthcare provider’s IT security team understand that more sites than perhaps necessary may be blocked, but consider this to be a better outcome than their network being compromised.
As a security or network professional, you have the unenviable task of balancing business needs against the expectations of your end users. As this hypothetical example has shown, different businesses will have different needs and approaches.
In fact, different users within the same business present different risk profiles and may warrant different policies. Be clear about your business’ security profile. Get appropriate sign-off. Then communicate the selected approach to customer-facing support teams and, more importantly, end users.
Sign up for DNS Firewall Threat Feeds here.
Applied at the DNS level of your infrastructure, these threat feeds automatically stop users from accessing malicious sites including phishing and malware dropper websites.
These threat feeds can be integrated with existing recursive DNS servers, or for those who don’t manage their own DNS, we have a managed service available.
29 June 2022
Internet Service Provider, CitraNET balances providing customers with the resources they request, while keeping them protected, with DNS Firewall Threat Feeds.
16 December 2021
To streamline access to various aspects of our DNS Firewall service we’ve brought everything together in our customer portal.
3 April 2020
Healthcare providers are facing an increasing number of cyber attacks in the face of the COVID-19 crisis. To help combat malicious threats including malware, phishing and ransomware we are offering Healthcare providers free access to our DNS Firewall Threat Feeds until the end of this year.