The Spamhaus Project

Domain Blocklist (DBL)

About the Data

The Domain Blocklist covers any domain indicating signs of spam or malicious activity. It includes domains owned by bad actors, or hijacked domains otherwise used for legitimate purposes. Due to the nature of how domains are set up, suspicious activity can be identified before being seen in the wild, making this a highly proactive dataset.

Policy statement

The Spamhaus DBL is a list of domain names with poor reputation which is published in a domain DNSBL format. Domain reputation is calculated from a wide range of observed domain behaviors, and is maintained in a database which, in turn, feeds the DBL zone itself.

The DBL includes domains which are used in unsolicited bulk email including phishing, fraud, malware distribution, and those with poor reputation based on a broad range of heuristics.

Benefits of this data

If you are only filtering email using IP-based data, you are missing a simple, yet highly effective, step to increase your catch rates. With the Domain Blocklist, identify, classify, or reject mail containing listed domains - particularly for emails that pass IP-based protection at the SMTP transaction. Bad actors willing to put time and resources into evading IP-detection can fall short instead with domain-based detection.

Email administrators can apply this real time DNSBL to reduce the overflow of inbound email traffic associated with spam and other malicious emails. Gain industry-leading catch rates with extremely low false positives to reduce risk of security incidents, reduce email infrastructure costs, and reduce human resource requirements.

How to utilize this dataset

To make the best use of Spamhaus' data, blocklists should be utilized at specific points during the email filtering process.

The Domain Blocklist should be used:

  • The initial connection – against the domain associated to the connecting IP via rDNS.
  • Throughout the pre-data phase of an email, i.e., the SMTP transaction - against the HELO string, and Mail From domain.
  • Once the email data has been accepted, during content inspection - by looking up domains appearing in the mail headers and body e.g., URLs or contact email addresses.

For more information on this, read this best practice.

Get more protection, for free

Each blocklist targets a specific type of behavior; using one blocklist independently limits the effectiveness of the data. Spamhaus offers four IP-based blocklists for free, to get rid of the bulk of spam:

These IP blocklists can be used via ZEN which combines the above datasets for easier and faster querying.

Technical information

You can utilize the data via the SMTP server configuration for connection and SMTP transaction checks, and via open source tools, such as SpamAssassin and Rspamd, for content analysis.

Plugins for both are readily available to minimize configuration time, for users of Spamhaus Technology's free Data Query Service.

Alternatively, integrate with your existing anti-spam platforms with technical information to support here. Set up takes minutes and you instantly gain real time protection.

Accessing the data

Use of the Spamhaus DNSBLs is free of charge for low-volume, non-commercial users. If you’re unsure, please check our DNSBL usage criteria. Free accounts are made available through our partner, Spamhaus Technology - sign up to access the data via Data Query Service.

Where data is being used for commercial purposes, an annual subscription-based service is required. Sign up for a free 30-day trial.

Best practices to maintain a positive domain reputation

Spamhaus’ data protects billions of mailboxes globally. To avoid getting listed and your email service being impacted, some important best practices are:

  1. Registrar security services - ask your registrar what services they provide and take advantage; this can include registry lock or monitoring for any DNS changes.
  2. Monitor DMARC reports - for attempts to spoof your domain.
  3. Restrict outbound SMTP traffic - configure your firewall to allow outbound SMTP traffic (destination port 25) only if originated from your mail server internal IP (if you have one).
  4. Infrastructure - check your internet infrastructure providers, e.g. ISPs. See reputation statistics on ISPs/networks.
  5. Use double opt-in – to avoid spam traps and ensure only real and interested recipients are sent your emails.
  6. Configuration – ensure that your hostname and your HELO match, and that your reverse DNS (PTR record) is defined and pointing to the same hostname.

N.B. We recognize these are not all managed by email administrators; where applicable, communicating with other functions, like network administrators and deliverability specialists, is critical.

Removal

If your domain is listed on the Domain Blocklist, you should visit https://check.spamhaus.org. This will take you to our IP and Domain Reputation Checker for more information , and the only place where DBL removals are handled.

FAQs

Other Blocklists Available From Spamhaus

CSS

Combined Spam Sources

Learn more

DBL

Domain Blocklist

Learn more

XBL

Exploits Blocklist

Learn more

PBL

Policy Blocklist

Learn more

SBL

Spamhaus Blocklist

Learn more

ZEN

PBL, SBL & XBL combines

Learn more