Meet Webafrica
Founded in 1997, Webafrica and its subsidiary Mweb together, are one of South Africa’s largest Internet Service Providers (ISP). They serve over 350,000 customers nationwide, providing a full range of Internet connectivity solutions, from fibre, wireless LTE and VoIP to hosting and email services. As a digital-first ISP, reliable service and excellent customer experience are Webafrica’s top priorities, making security an integral part of all its platforms.
A rising security challenge
With an ever-growing customer base, new challenges and risks to infrastructure security, are something Mark Frater, Head of IT Infrastructure, knows well. Late 2025, Webafrica observed a significant rise in inbound authentication attempts and malicious traffic directed at their email and authentication systems.
In an attempt to address the large-scale brute force and credential stuffing targeting their authentication cluster, they embarked on a project to internalise their email platform infrastructure. What they needed was a reliable way to identify and block known malicious sources in real time without impacting legitimate users - specifically Spamhaus real-time DNS Blocklists (DNSBLs).
Introducing: Spamhaus real-time DNSBLs
Webafrica has since integrated real-time DNSBL lookups against Spamhaus IP datasets directly into its custom-built mail authentication layer. During every authentication event, the system performs live IP reputation checks, enabling it to throttle or block high-risk connections before a handshake is even completed.
Each non-local incoming IP is evaluated against the Spamhaus datasets, and the results are used to enforce dynamic rate limiting and blocking policies. It’s the real-time nature of the DNSBLs that is absolutely key.
The results?
By integrating this IP intelligence, Webafrica has stopped brute force attempts at the edge, reducing backend load, and significantly cutting down abuse-related alerts and logs. Mark shares, “We’ve seen an immediate and measurable drop in malicious connection attempts, around a 30% reduction in general outbound spam, and a marked reduction in repeated brute-force traffic on our mail auth endpoints.”
Furthermore, the reduced CPU load and smaller log footprint have freed up system resources and improved authentication responsiveness for its legitimate users. Overall, system stability and infrastructure security posture has improved dramatically for the South African ISP.
Trustworthy. Proven. Reliable.
Before committing to a solution, Webafrica evaluated several public and commercial DNSBL options, but found most failed to meet the needs of an ISP scale environment. Mark explains, “The combination of accuracy, low latency, global coverage and reliability of Spamhaus real-time DNSBLs was unmatched in our testing. Spamhaus’ reputation for data quality and its long-standing presence in the anti-abuse ecosystem made it the clear choice.”
For Webafrica, the confidence that comes from working with a globally trusted organization is invaluable. In Mark's own words, “Spamhaus has been a valuable partner in strengthening our authentication security posture. Their data quality, uptime, and support have been excellent. For any ISP or large-scale service provider dealing with abuse mitigation, Spamhaus is a tried and tested component to integrate with.”
Learn more about Spamhaus real-time DNS Blocklists, or to sign up for a free 30-day trial.