Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Data for Integration
Enhance your service and create competitive advantage by integrating Spamhaus’ world-class IP and domain reputation data.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP) Firewall
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
abuse.ch Real Time Feeds - coming soon
Actionable data signals on cyber threats, with a focus on malware and botnets, to strengthen threat investigations, detections, and help prevent data breaches.
Integration | MDaemon
Block over 99% of email-borne threats with Spamhaus’ real time DNS blocklists and MDaemon® Email Server.
Integration | Halon
Safeguard your email stream using Spamhaus’ real time DNS blocklists and Halon’s secure email infrastructure.
Integration | Messageware
Enhance Microsoft Exchange protection by blocking malicious IP addresses from connecting to your on-premise server in real time.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Exploits Dataset Statistics
View the geolocation, hosting network, malware names associated with each detection, and other critical data points.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
abuse.ch Threat Intelligence Feeds – coming soon
URLhaus, MalwareBazaar, ThreatFox, YARAify, Feodo Tracker and Sandnet enrich CTI feeds and support vulnerability mangement.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find a partner
Discover our partners and how they can support you.
Become a partner
Learn about the benefits of being a Spamhaus partner and how to get started.
Discover a wide range of blog posts, case studies and reports.
Spamhaus’ insight into malware, botnet C&Cs, and the domain reputation landscape.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
The Reputation Portal
A tool for ASN owners to get visibility of their IPs’ reputation and proactively manage listings.
Help for the Project's legacy DNSBLs users
Using the Project’s legacy blocklists and suddenly experiencing email issues? This page may be able to help.
In depth information about the technical details and implementation of our products.
Posted by Vincent D’Angelo on 29 Mar 2023
Choosing a domain name registrar may seem simple, but considering security risks in the domain and DNS ecosystem is crucial. In this blog post, Vincent D'Angelo, Global Director at CSC, shares insight into the role of domain registrars in domain ecosystem security and reputation. Discover the risks and how to enhance your organization's position proactively.
When I started my career with a domain registrar over 20 years ago, companies and individuals alike only had a few accredited domain registrars to choose from, and the aim was to quickly secure a domain registration – so your website or email address could be fired up within minutes. Today, these providers are in the crosshairs of cyberattacks as evidenced by the recent GoDaddy breach.
With this in mind, the U.S. National Cybersecurity Strategy announced by the Biden administration finally puts a focus on securing critical infrastructure – cloud services, domain registrars, email providers, hosting providers, DNS, and other digital services. From my perspective, this is encouraging news because it begins to address phishing and related scams like business email compromise (BEC), ransomware and wire transfer fraud at the source: the web domain.
Furthermore, the potential weaponization of millions of trusted web domains when compromised, along with the registration of “fake” web domains associated with critical infrastructure, has a far-reaching impact on government and brands. Though not yet widely recognized, there is a ripple effect on domain reputation, domain trust, across security appliances (i.e. firewalls, email gateways) and on zero trust practices. This creates challenges in differentiating: Friend vs. Foe!
An important point to remember is that no provider—regardless of size—is immune to the risks of a breach. But more can be done pre-emptively to secure and protect web domains to plan for when these attacks happen.
Choose your domain registrar wisely!
When it comes to anything associated with your domain, vendor selection matters, including the complexities of the domain registrar ecosystem. Is your domain registrar focused on domain security capabilities, thereby increasing your odds of securing your web domains and organization from these risks?
Step beyond your owned domains.
With corporations owning multiple brands, and hundreds or even thousands of domains within their portfolios, it’s crucial to have proactive security measures in place, along with a rapid detection and de-activation capabilities to manage the threat of fraudulent domains that imitate trusted brands. Organizations should not only be watching and monitoring the domains they own, but also their domain ecosystem, which encompasses any domain registrations that are similar to their own brands.
Implement essential domain security measures.
Our recent Domain Security Report shows that most organizations overlook domain protection and external attack surface risks associated with the domain name portfolio. As adversaries launch successful takeovers of domains, they essentially acquire the keys to that front door.
Our research shows that nearly 75% of the Forbes Global 2000 have implemented less than half of the 8 domain security measures we analyzed (ie DMARC, DNSSEC, and Domain Registry Lock). In another CSC report, Threatening Domains of the Top 10 Most Valuable Brands Report, we found that 99% of the identified domain names that closely matched legitimate brand names were owned by third parties. This resulting chronic abuse of domains adds a layer of significant risk that can impact the security posture, consumer safety, intellectual property, and revenue of victim companies.
Adversaries know that domains represent the digital “front door” that customers and business partners associate with a company’s products, email communications and corporate persona. However, today many large organizations and brand owners are still using consumer-grade registrars that cater to personal users and small businesses. But, why?
Analysts, policy makers and other experts have not yet segmented domain registrars (and cloud providers) based on business capabilities and focus on domain security, brand protection and fraud protection. In addition, cyber insurance carriers and companies themselves are not evaluating domain portfolios with a wide enough lens to see the crucial cyber security, legal infringement, reputation, and revenue risks associated with the lack of domain security measures.
In late 2021, CSC and Security Scorecard—the global leader in cyber security ratings for enterprise organizations—released research in a whitepaper that shows a company’s choice of domain registrar really does matter when it comes to cyber security. A company’s total security rating on average is one-half to one whole letter grade higher if using an enterprise-class registrar. That’s a compelling difference when you’re trying to maintain strong domain reputation.
The checklist below is a great way of ensuring that you have selected your organization’s domain registrar based on capabilities, expertise and solutions that focus on cybersecurity, data protection, consumer safety and safeguard intellectual property:
To learn more about CSC’s best practices for domain security, visit our recommendations to protect your domain reputation.
About Vincent D’Angelo
Vincent D’Angelo is global director with CSC. With his 20+ years of experience, Vincent has a deep understanding of the digital business ecosystem inclusive of brand protection, phishing, fraud and the cybersecurity of domain names, certificates and the domain name system (DNS). He’s an industry recognized subject matter expert helping the world’s most valuable brands mitigate related business risks with the development of best practices, policies, and strategies. Vincent serves as the chairperson of the cybersecurity domain/DNS abuse subcommittees for the International Trademark Association (INTA) and the American Bar Association (ABA). He’s also a dynamic forward-thinker, keeping a pulse on the impact of emerging technologies on digital brand strategies and the cyber security of digital business assets.
23 March 2023
The Domain Name System (DNS) is the backbone of the internet, enabling agile communication between internet entities. This blog post will focus on top-level domains (TLD), and how they can impact the security landscape.
12 March 2023
Reputation gives us a parameter for if, when, and how we engage with a domain. But what really is it, who's using this threat insight, and how does it impact you?
11 March 2023
Nurture your new domain and successfully build its reputation to ensure it’s an asset for the long term, not just the next 10 minutes. Learn how in this best practice.