Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP) Firewall
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find a parter
Discover our partners and how they can support you.
Become a partner
Learn about the benefits of being a Spamhaus partner and how to get started.
Discover a wide range of blog posts, case studies and reports.
Spamhaus’ insight into malware, botnet C&Cs, and the domain reputation landscape.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
The Reputation Portal
A tool for ASN owners to get visibility of their IPs’ reputation and proactively manage listings.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by Sarah Miller on 7 Dec 2022
Spamhaus has introduced a new Border Gateway Protocol (BGP) community. This new feed focuses on malware families, such as Emotet, where operators favor using compromised devices to host their botnet command and controllers. Users will benefit from increased protection against the threat of data loss and encryption by ransomware. Even better news – there is no extra charge for existing users of BGP.
If you’re reading this and are a little bemused about how BGP feeds can provide protection, read A beginners guide to BGP. Otherwise, read on.
Spamhaus BGP feed subscribers currently get access to the following three communities:
The new community, Botnet Controller List – Compromised, lists the IP addresses of legitimate devices that threat actors actively abuse to host botnet C&Cs.
Every malware family has its own way of working. Operators of malware, such as the infamous Emotet, prefer to host botnet C&Cs on compromised devices, rather than a dedicated server. There are several reasons for this including:
So, if you’re blocking connections to dedicated botnet C&C IP addresses only, you are still leaving your network open to some of the most dangerous threats out there, such as Emotet and Qakbot
Firstly, let’s be clear…. Listing an IP address connected to a legitimate device is NOT a false positive. Defenders should be dropping traffic to IP addresses seen hosting a botnet C&C, regardless of whether the entity responsible for the host is aware of the fact. Remember – operators of networks hosting the compromised device are immediately informed by our researchers as soon as an IP address is listed. So the abuse desks at these networks should rapidly work to resolve the situation. Once the issue is remediated, and the botnet C&C becomes inactive, the listing on our BGP feeds will automatically be removed within hours.
Historically the traditional BCL (which only lists IP addresses dedicated to hosting a botnet C&C) follows a zero false positive policy. Understandably, users of this new compromised BCL dataset may be concerned that some legitimate connections may be dropped.
The truth is “yes”; there may be some minor collateral damage. But let’s look at those words “collateral damage”. You have to weigh up your interests, the security interests of your customer(s), and the resilience of your network versus minimal minor inconvenience.
Do you want to accept any traffic from an IP address that is known to be hosting a botnet C&C, enabling threat actors to compromise your users’ data and extort them with ransomware? What is more destructive: a large corporate network being encrypted with ransomware or blocking, in the worst case, a minimal amount of potentially legitimate connections to a single DSL subscriber located on a third-party network?
Furthermore, this new dataset has a much shorter time to live (TTL); our researchers list IPs for a significantly shorter period on this dataset and continually re-validate these entries to verify the botnet C&C is active.
If you’re an ISP reading this, rest assured you won’t be the first to block compromised IPs hosting Botnet C&Cs, at the network edge. Nor will you be the last.
Spamhaus’ new partnership with abuse.ch has further extended its access to data. The new BCL – Compromised hosts dataset includes data from abuse.ch’s Feodo Tracker, which tracks and validates botnet C&C Infrastructure connected to the current top malware threats, including Emotet, Qakbot, Dridex, and Bumblebee. Incidentally, all of these malware families were listed in the Top 20 in our Botnet Update, Q3 2022.
Consuming this data via Spamhaus gives you access to technical support, a robust service, and quick resolution to any false positives that may arise.
As we mentioned, there is no additional cost to access this extra community for current BGP users.
To access the data, log into the Customer Portal and “Contact Us”, requesting access to the new BGPf profile, including the Botnet Controller List – Compromised Hosts.
Border Gateway Protocol (BGP) Firewall provides your users and network with up-to-date protection against botnets and other external attacks.
Set up takes minutes; our data is constantly updated in real time by our experienced researchers on your behalf and can be utilized in your existing firewalls or routers.
7 December 2022
Border Gateway Protocol Firewall (BGPF) is an effective and low-cost way to drop traffic to and from the worst of the worst IP addresses. Discover how it works and why it's invaluable to protect your network.
6 December 2022
Malware threats such as Emotet and Qakbot are re-emerging. Here’s an effective and economical way to protect against them.