Have you been blocked?
All blocklists are researched and managed by The Spamhaus Project.
Simply click on the link below, which will take you to the Project’s IP and Domain Reputation Checker. From here you will be able to enter your IP or Domain and begin your request for removal.
Please note that the Project’s IP and Domain Reputation Checker is the only place where removals are handled.
IT and security teams consistently face multiple business challenges. Discover how our solutions can help overcome some of those issues.
From processing issues, to email-borne threats our blocklists easily integrate with your current email set-up to improve anti-spam & anti-virus email filtering.
Employ our threat intelligence to increase visibility across security events, reveal potential weaknesses in your network, and threats to your brand.
Stay on top of the latest threats and proactively combat botnet infections, and other forms of abuse, with our solutions.
From clicking on phishing emails to visiting malware dropper sites, our threat intelligence provides automatic protection for your users.
Our products provide additional layers of security for networks and email. They also present security teams with additional insight into malicious behavior.
Border Gateway Protocol (BGP)
Block the worst of the worst at your network edge, taking advantage of your existing BGP-capable routers. Configuration only takes minutes.
Data Query Service (DQS)
Benefit from industry-leading real time blocklists. These DNSBLs easily plug into your existing email infrastructure to block spam and other email threats.
A powerful research tool to investigate relationships between internet infrastructures. Quickly pivot to new areas of concern to rapidly investigate potential threats.
Immediately block connections to dangerous sites, including phishing and malware dropper websites. A ‘set and forget’ solution.
Spamhaus Intelligence API
Threat intelligence data in API format to enable users to easily integrate metadata relating to threats with their own applications, programs, and products.
A wide range of datasets, providing multiple layers of protection. They can be plugged directly into your existing hardware, making them an affordable choice.
Border Gateway Protocol (BGP) Feeds
Do Not Route Or Peer (DROP) and Botnet Controller List (BCL) datafeeds can peer with your existing BGP-capable router.
Domain (DBL), Zero Reputation (ZRD) and Hash blocklists (HBL) enable you to block content in emails, filtering out a higher rate of email-borne threats.
Data for Investigation
Passive DNS and extended datasets give you additional information on internet resources. They provide deeper insights into incidents and possible threats.
DNS Firewall Threat Feeds
A wide range of feeds to apply to your DNS recursive server. Choose the right level of protection for your organization.
Spam (SBL), Policy (PBL), Exploits (XBL) and Auth (AuthBL) blocklists allow you to filter email from IPs associated with spam, botnets, and other threats.
Find out more about us.
Learn more about Spamhaus; who we are, and what we do.
Find out who we work with and how you can become a Spamhaus Partner.
Discover a wide range of blog posts, case studies and reports.
Commonly asked questions about Spamhaus products and processes.
The Blocklist Tester
A tool to help you check if your servers are correctly configured to use Spamhaus DNSBLs.
In depth information about the technical details and implementation of our products.
Posted by Barry Branagh on 21 Sep 2015
About a month ago the Spamhaus Project added several new lists to its Top-10 Worst pages. These are in addition to our existing Top-10 lists: Worst spammers, spammer hosting nations and spammer hosting Internet Service Providers (ISPs).
Every second of every hour of every day Spamhaus collects a vast quantity of real-time threat intelligence from around the globe. We analyze and use this data to produce the data sets that protect billions of users from spam and other attack threats. To better show where the largest numbers of botnet-related threats of all types are located, we have added the following three lists:
Many issues may contribute to to a country’s bot density, including technical, policy and socioeconomic factors. Currently, fifty percent of the countries with the worst botnet infestations are in Asia, where good anti-virus software is less available and ISP best practices such as outbound port-25 management (.pdf) or filtering has not yet been widely implemented. Vietnam, India and China lead the way each with over 1,000,000 systems detected running spam-bots. The sheer numbers of botnet-infected personal computers in these countries is staggering. What can be more staggering is when one computes the per-capita infection rates
It always surprises and somewhat saddened us to still see western nations in the worst list. This time we see the USA in at #8 and Italy at #10 with around a quarter of a million IP addresses identified.
In fourth place is a nation that straddles Asia and Europe: Russia. With almost 600,000 compromised computers running malware.
It holds a unique position in botnet issues. Five to ten years ago, when big botnets first appeared, the predominantly Russian based cybercriminals that operated them attacked other countries but left their own nation’s citizens alone. This changed some time ago; now managing botnets is all about the money to be made from cybercrime. The criminals who run botnets in Russia have seen that, as in other nations, there is nearly no enforcement of laws against cybercrime, so they attack everybody without regard for where they live.
Some Russian citizens (who presumably were not well informed about botnets) even hailed Russian “GameOver Zeus” botmaster Evgeniy Mikhailovich Bogachev (for whom the US FBI has offered a $3-million reward-for-capture) as a sort of a hero for “liberating” money from Europeans and N.Americans. He was no hero. Our data showed that the “GameOver Zeus” malware had infected tens of thousands of Russian citizens’ computers, whose hard-earned money was stolen by these same cybercriminals.
The majority of ISPs with the worst botnet problems are also in Asia. The reasons why are much the same as outlined above. These companies allow a large number of malware-infected computers belonging to their users to remain infected, remain connected to their network, and attack other networks and computers. As this article is being written, one Vietnamese ISP has over a million infected computers. We hope that these ISPs, seeing their names on this list, might make changes in their policies and practices so that they do not continue to contribute materially to the crimes committed by botnet owners.
The third list covers Autonomous System Numbers, another way of viewing this issue. An ASN is a collection of IP address ranges that are under the control of a single administrative entity or network (usually a large company, ISP, or government).
The arrival of the Internet brought new freedoms to people all over the world. Civilized society has rules which prohibit people and companies from releasing toxic waste into the environment, where it harms other people and damages a common resource that belongs to us all. Society also needs rules which prohibit people and companies from operating malware-infected computers on the Internet, for the same reasons. The Internet is a common resource. Individual people and companies do not have the right to damage a resource that is held in common and can be used by all. Although Spamhaus can provide the data to help protect your network from this damage, until the companies that provide Internet access and the end users themselves start “stepping-up” and taking responsibility for their online actions, the botnet plague will remain with us.
Spamhaus’ Data Query Service (DQS) is an affordable and effective solution to protect your email infrastructure and users.
Using your existing email protection solution, you will be able to block spam and other related threats including malware, ransomware, and phishing emails.
The service has never failed and utilizes the longest established DNSBLs in the industry.
Our Passive DNS allows you to quickly and easily navigate through billions of DNS records to shine a spotlight on potentially malicious internet resources associated with your network or domain.
15 April 2020
The number of botnet Command & Controllers (C&Cs) associated with fraudulent sign-ups, reduced by 57% in Q1 2020, however it isn't all good news. Find out the full details on botnet C&C activity here.
24 January 2020
Spamhaus Malware Labs identified a 71.5% increase in the number of botnet command & controllers in 2019. Find out who and what was driving that increase.
29 October 2019
In this Osterman Report, over 200 companies were interviewed to find out how they were utilizing threat intelligence data. Compare yourself to the market place, and find out how others are protecting themselves.