Domain Blocklist (DBL)
The Spamhaus Domain Blocklist (DBL) protects your business and your customers by reliably blocking malware, phishing domains, spam, and other cyberthreats.
The DBL is a list of malicious domains involved with spam and cyberattacks across the internet. This list contains a variety of domains that send spam, host spam content, and provide DNS services to other spam domains.
The Domain Blocklist contains a wide range of ‘bad’ domains used in cyberattacks, including malware, phishing, and ransomware. The DBL contains two domain categories:
- ‘Current, active bad domains’ owned and used by spammers and cyber criminals
- Legitimate domains that have been hacked by cyber criminals to send spam or host malicious content
DBL identifies what type of cyberthreat the domain is involved in, allowing you to handle each situation appropriately.
Spamhaus researchers assess over 3 million domains every day and update the Domain Blocklist within minutes of detection. The Spamhaus Data Query Service provides updates in near real-time, so the newly identify threats can be stopped before reaching your users.
BETA 2.0 AVAILABLE MARCH 15, 2023
Domain Reputation Data
via Spamhaus Intelligence API
Rich Metadata for Security Professionals
- Information on every single domain observed by Spamhaus researchers is now available via Spamhaus Intelligence API
- Access to 12 different APIs for tailored data queries, including Reputation Dimensions, Domain Listing Data, Clusters, and more.
- Easy to consume and integrate in API format
Data Available via API
High Level Domain Data
Reputation Dimensions: Insight into which category is affecting domains’ reputation.
Domain Contexts: Insight into where domain was seen (e.g. “dkim-header”)
Domain Listing Data: Information on which blocklist domain is included in and length of listing
Domain Senders: Sending IP addresses of domain
Hostnames Listed: Information on which hostnames are listed by Spamhaus
Nameserver Reputation: Reputation of name servers hosting domain
Clusters: Related domains based on authentication, registration and infrastructure information.
Malware: Names of malware known to be associated with the queried domain
Beta 2.0 Now Available!
Most recent updated to the DBL via API is now available in Beta! Beta 2.0 testing is being offered (no-obligation) March 15, 2023 through May 11th.
Spamhaus DBL Key Features & Benefits
Highly Comprehensive: Accurate, actionable data currently protecting 3 billion users worldwide. As a result of their extensive global coverage, Spamhaus is considered an international authority on botnets and IP reputation.
Near-Zero False Positives: Spamhaus data feeds have <0.02% false positives. Accurate coverage ensures legit IP addresses can be reached.
Real-time Updates: Spamhaus DBL is updated as soon as researchers observe a threat. As soon as new threats are listed, users are protected against it.
Expertly Research Data: Spamhaus has 23 years of experience hunting cyber threats.. Over 13.4 Billion global SMTP connections, 1.5 million IPs, 3 million domains analyzed daily.
Simple Integration: Using traditional DNS queries or Restful APIs ensures easy configuration. Data feeds can easily be added to your existing mail filtering systems.
Delivery Options: Block lists are available via Data Query Service or Spamhaus Intelligence API. Choose the method that works best for your team.
“Set and Forget” Product: No maintenance required after initial set up.
Reduce Processing & Storage costs: Blocking threats before they can enter a network to free up bandwidth and server space.
Minimize Risk: Save on associated remediation costs and potential loss of reputation due to security incidents.
Spamhaus DBL Categories
Each Domain Blocklist category includes several specific domain types. Spammer-owned domains include:
- Spam domains: Domains owned and used by spammers to send spam, host spammed content, and support spam operations
- Phishing domains: Domains that send phish, host phish websites, and support phish operations
- Malware domains: Domains that send malware, host malware, and support malware distribution operations
- Botnet Command and Control (C&C) domains: Domains that control networks of computers that are infected with spam-sending malware.
Legitimate, but hacked domains that participate in spam activities include:
- Abused legit spam domains: Legitimate domains that have been hacked and send spam or host spammed content
- Abused legit redirector domains: Legitimate domains that redirect to a spam website
- Abused legit phishing domains: Legitimate domains that have been hacked or compromised and now send phish or host phish websites
- Abused legit malware domains: Legitimate domains that host websites that have been infected with malware and engage in “drive-by” attempts to infect any computer that visits the website by sending emails that contain malware, a link to a malware website, or that host malware
- Abused legit botnet C&C domains: Legitimate domains that have been hacked and are now used to control botnets
Spamhaus DBL Uses
How Spamhaus DBL Works
The Spamhaus Domain Blocklist is loaded onto an internal secure DNS server that’s configured to act as a DNSBL for your networks, and your mail server is configured to query this internal DNSBL. The DBL can be used to:
- Reject inbound email from IP addresses with rDNS that include a listed domains, that contain From or Reply-to headers set to a listed domain, or that contain a URL in the message body that includes a listed domain*
- Score and tag inbound email that contains a listed domain in the headers or message bodies of email
- Filter email sent by your smarthosts or SMTP AUTH outbound mail servers and block or hold email that contains URLs on the Domain Blocklist.
*NOTE: The abused-legit category of domains is not designed for outright blocking. You should configure your mail server to block only if the domain is identified as outright spam, phish, or malware domain. (Botnet C&C domains rarely send email or host spammed content.)
Want to know about how you can use the Spamhaus Domain Blocklist to provide network and email security for your business? Sign up for your 30 day free trial below!
Start your free trial.
Design the best set of data feeds to meet your needs!
Experience improved cybersecurity and stop phishing emails, ransomware, malware, and other cyber threats. Sign up for your free consultation and receive an in-depth technical deep dive and a 30-day free trial.