Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP)
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A “˜set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find out who we work with and how you can become a Spamhaus Partner.
Discover a wide range of blog posts, case studies and reports.
Commonly asked questions about Spamhaus products and processes.
In depth information about the technical details and implementation of our products.
Posted by Milly Fawcett on 14 Sep 2018
With the ever increasing demands on IT, security and networking teams, tools that reduce workloads, which don't cost the earth, are always welcome. One such tool is DNS Firewall. For those not familiar with how DNS Firewall works, and the benefits it provides, read on...
At its most basic level, similar to traditional firewalls, DNS Firewall blocks/redirects end-users from accessing malicious sites. The main difference between the two is that DNS Firewall is applied at a different layer and phase, namely intelligence Threat Feeds are applied to the domain name system (DNS). This circumvents the loss of visibility that is making traditional firewalls less effective due to the significant increases in end to end encrypted traffic.
In addition to protecting your users against identity theft, installation of malware and data exfiltration, there are other reasons to use this type of firewall as part of your multi-layered security, including:
Educating your end users: Following an attempt to connect to a bad domain you can enlighten your end-user as to the danger they have just avoided e.g. potentially connecting to a phishing site. This can either be done via a landing page which they are redirected to, or by reaching out to them directly; turning a bad decision into a positive teaching opportunity.
Freeing up your busy team: Utilizing this kind of firewall automatically mitigates some of the serious issues that may arise on your network as a result of it being compromised. This provides your teams with additional time to focus on resolving other pressing network and security issues.
Gaining insight to be proactive: It provides you with more visibility into compromised users or clients on your network. This enables you to take immediate action without the time lag of either being notified by a third party, or discovering the issue at a later date, be that days, weeks or months after the attack.
It’s easy to apply & simple to maintain: Once this firewall has been applied to the DNS all the clients on your network, including IoT devices, are protected from accessing malicious sites. This minimizes deployment resources. Meanwhile the data feeds, against which potential connections are checked, are continuously update. This removes the need for upgrades and updates.
Brand protection: For “˜trusted’ brands online security breaches can have a huge impact on business. One only has to look to British Airways in the UK and their significant data breach to understand the consequences. It is vital to have multiple layers of security to keep company networks and users “˜safe’.
Lower cyber risk insurance costs: Insurance (and its associated costs) probably don’t fall under your department’s responsibilities or budget. However, it’s highly likely that someone in your organization will be pleased to discover that implementing DNS Firewall can reduce your cyber risk insurance costs.
There are three ways to implement DNS Firewall. It is worth noting that all three use “˜threat intelligence data feeds’ to identify bad domains, however there are differing ways in how you can access/utilize these feeds:
Let’s take a deeper dive into how DNS Firewall works:
Standard DNS Resolvers: When an end-user attempts to go to a website/domain, the resolver will query a root server, then a top-level domain server, and finally the server of the site, which will complete the resolution of the request by the end-user. The client’s request to access the site will take place regardless of whether the site is malicious or not.
DNS Resolver with DNS Firewall: During the resolution process “zones”, which consist of sets of threat intelligence data, are queried. The requested domain is analyzed for potential security risks against the data sets, and if a match is returned the request is blocked or redirected.
Take a look at the examples below to see what end-users may potentially see if they tried to connect to a phishing site in each of the following situations:
Where the DNS Firewall is enabled the end-user who has attempted to access the phishing site has been prevented from doing so, and consequently protected from the potential harm that could lead to. Moreover, because the mitigation has occurred at the DNS level there has been no need for the end-user to install an additional program or update software on their workstation.
DNS Firewall has the potential to free up teams to accomplish other tasks and build a secure proactive, not reactive, network experience for everyone within your organization.
Now you know how DNS Firewall works it’s time to look at what considerations you need to be making when implementing it.
Sign up for a 30 day FREE trial of DNS Firewall Threat Feeds here.
Applied at the DNS level of your infrastructure, these threat feeds automatically stop users from accessing malicious sites including phishing and malware dropper websites.
These threat feeds can be integrated with existing recursive DNS servers, or for those who don’t manage their own DNS, we have a managed service available.
3 April 2020
Healthcare providers are facing an increasing number of cyber attacks in the face of the COVID-19 crisis. To help combat malicious threats including malware, phishing and ransomware we are offering Healthcare providers free access to our DNS Firewall Threat Feeds until the end of this year.
11 September 2018
With such a huge growth in the DNS Firewall market over the past few years there are plenty of options to choose from. Read our Top 10 questions for your next DNS Firewall provider.
29 July 2018
DNS Firewall Threat Feeds enabled a regional healthcare provider to protect their networks, and ultimately their patients' data, from the rapidly changing cyber threat landscape, with minimum cost and effort.