The DROP List (plain text)
The EDROP List (plain text)
|Spamhaus BGP feed (BGPf)
Spamhaus offers a Border Gateway Protocol (BGP) feed of three of its lists, the Botnet C&C list, the DROP list, and the extended DROP list (EDROP). These lists are intended to be loaded into routers and used to block packets originating from IPs involved in certain types of malicious activity. Following is further information about the three lists on the BGPf.
Spamhaus DROP list as well as Spamhaus extended DROP list (EDROP) are available for free in text format. A BGP feed of these two lists is available for an annual fee. For detailed pricing please request an offer from one of our Data feed providers.
You can find the Spamhaus DROP listing policy here.
You can find the Spamhaus EDROP listing policy here.
Spamhaus Botnet C&C List (BGPCC)
The Spamhaus Botnet Command and Control (C&C) list is an advisory "drop
all traffic" list consisting of single IPv4 addresses. The feed does
not contain any subnets or CIDR prefixes longer than /32. The servers on these IP
addresses host botnet C&C nodes. Botnet C&C nodes are servers that control
the individual malware-infected computers (bots) that together form a botnet. Bots
regularly contact botnet C&C nodes so that the malware on the bots can transfer
stolen data to the C&C node for delivery to the botnet's owner, and to obtain
instructions for what they are to do next. Once a botnet contacts a C&C node,
it receives instructions to send spam, host spammed web sites, attack other hosts
on the internet, and provide name service (DNS) for the domains used in those
Spamhaus Definition of Malware
Computers that are infected with this sort of malware usually participate in botnets, ad-hoc networks that are used by cybercriminals for the purposes described above.
Purpose of this List
For further information and implementation of Spamhaus BGPf please have a look at the BGPf FAQ page
Spamhaus DROP and Spamhaus EDROP as plain text lists are free for commercial and non-commercial usage (BGPf and plain text). If you want to redistribute one of the plain text feeds please ensure that you name Spamhaus as source of the data. (For example, include the copyright statement at the top of the list).
If you adopt the BGPf version of one of these lists or the botnet C&C list in your network, you are not allowed to redistribute the feed to other networks. The export of these feeds/prefixes to other networks is prohibited.