About the Data
The Policy Blocklist is a dataset containing end-user IP address ranges from which email should never be sent directly to the final destination. This is predominantly IPv4-based, though does include IPv6 ranges - with most listings in Classless Inter Domain Routing (CIDR) format.
Policy statement
The PBL detects end-user IP address ranges which should not be attempting to directly deliver unauthenticated SMTP email to any Internet mail server. All the email originated by an IP listed in PBL is expected to be submitted - using authentication - to a SMTP server which delivers it to destination. The SMTP server can be either supplied by the ISP connecting the IP or by an external mail service.
The PBL can list both dynamic and static IPs; any IP which by policy (whether the block owner's or - interim in its absence - Spamhaus' policy) should not be sending email directly to the MX servers of third parties. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.
If the Policy for a particular network allows it, end users can have their IP excluded from PBL. Use this link https://check.spamhaus.org/, then enter your IP and follow the steps provided.
Benefits of this data
The IPs in this dataset are not necessarily “bad” - simply, they should never be sending email. Networks directly add and maintain many of these ranges, resulting in strong data efficacy. With highly skilled research, Spamhaus supplements this information, identifying end-user IP space which is observed as having high concentrations of "botnet zombies", a major source of spam. This dataset provides valuable protection by containing more than 1.4 billion IPv4s, corresponding to almost 40% of the routable IPv4 space. It is actively maintained and keeps growing.
Email administrators can apply this real time DNSBL to reduce the overflow of inbound email traffic associated with spam and other malicious emails emanating from residential address spaces. User-generated exclusions contribute to prevent rejections of legitimate mail coming from listed blocks. Gain industry-leading catch rates with extremely low false positives to reduce risk of security incidents, reduce email infrastructure costs, and reduce human resource requirements.
How to utilize this dataset
To make the best use of Spamhaus' data, blocklists should be utilized at specific points during the email filtering process.
PBL is a unique dataset that must be used exclusively in a single point: against the connecting IP in the initial SMTP connection.
For more information on this, read this best practice.
Get more protection, for free
Each blocklist targets a specific type of behavior. Using one blocklist independently limits the effectiveness of the data. Spamhaus offers three other IP-based blocklists for free:
- Spamhaus Blocklist (SBL)
- Combined Spam Sources blocklist (CSS) (dataset included in the SBL DNSBL zone)
- Exploits Blocklist (XBL)
These IP blocklists can be used via ZEN which combines the above datasets for easier and faster querying.
The majority of malicious email is dropped at the SMTP transaction, however many bad actors invest time and money to evade IP-detection. So to gain the best catch rates, domain and hash blocklists should also be used to filter email, once the email has been accepted. For this, Spamhaus provides the Domain Blocklist (DBL) for free. Find more on why you should use domain and hash blocklists here.
Technical information
You can utilize the data via the SMTP server configuration for connection and SMTP transaction checks, and via open source tools, such as SpamAssassin and Rspamd, for content analysis.
Plugins for both are readily available to minimize configuration time, for users of Spamhaus Technology's free Data Query Service.
Alternatively, integrate with your existing anti-spam platforms with technical information to support here. Set up takes minutes and you instantly gain real time protection.
Accessing the data
Use of the Spamhaus DNSBLs is free of charge for low-volume, non-commercial users. If you’re unsure, please check our DNSBL usage criteria. Free accounts are made available through our partner, Spamhaus Technology - sign up to access the data via Data Query Service.
Where data is being used for commercial purposes, an annual subscription-based service is required. Sign up for a free 30-day trial.
Best practices to maintain a positive IP reputation
Spamhaus’ data protects billions of mailboxes globally. To avoid getting listed and your email service being impacted, some important best practices are:
- Restrict outbound SMTP traffic - configure your firewall to allow outbound SMTP traffic (destination port 25) only if originated from your mail server internal IP (if you have one).
- Segment - so your email infrastructure is separate from the rest of your network’s IP space.
- Infrastructure - check your internet infrastructure providers, e.g. ISPs. See reputation statistics on ISPs/networks.
- Use double opt-in – to avoid spam traps and ensure only real and interested recipients are sent your emails.
- Configuration – ensure that your hostname and your HELO match, and that your reverse DNS (PTR record) is defined and pointing to the same hostname.
N.B. We recognize these are not all managed by email administrators; where applicable, communicating with other functions, like network administrators and deliverability specialists, is critical.
Removal
Do note, IPs in this dataset are not necessarily “bad”, but if your IP is incorrectly listed on the Policy Blocklist, you should visit https://check.spamhaus.org. This will take you to our IP and Domain Reputation Checker for more information, and the only place where PBL removals are handled.
Take control of your PBL ranges
Network owners and ISPs can submit PBL ranges to gain control of your network's IP space. Add, edit, and delete IP ranges under your control, setting specific policies for specific ranges (including allowing or disallowing removals from certain ranges). Sign up for a PBL ISP account here.