Blocklist Removal Center
About Spamhaus  |  FAQs  |  News Blog   
Frequently Asked Questions (FAQ)
BGPf FAQ
Datafeed FAQ
DNSBL Usage
DROP FAQ
Generic Questions
Glossary
ISP Spam Issues
Legal Questions
Marketing FAQs
Online Scams
Organization
ROKSO FAQ
Spamhaus BCL
Spamhaus CSS
Spamhaus DBL
Spamhaus PBL
Spamhaus SBL
Spamhaus XBL



Spamhaus BCL

What is the BCL?
What's the purpose of BCL?
How do I use the BCL?
Is there a difference between the BCL and the BGPf?
How often is the BCL updated?
How to obtain access to BCL?
Can the BCL block legitimate traffic?


What is the BCL?
The Spamhaus Botnet Controller List ("BCL") is a specialized subset of the Spamhaus Block List (SBL), an advisory "drop all traffic" list consisting of single IPv4 addresses, used by cybercriminals to control infected computers (bots). BCL does not contain any subnets or CIDR prefixes larger than /32.

BCL listings are made according to policies outlined in BCL Listing Criteria.


What's the purpose of BCL?
Unlink other data feeds Spamhaus provides, the main purpose of BCL is not to block spam emails but rather than to block malicious traffic at the network edge.

BCL can be implemented on different layers, such in a network security device like an IDS / IPS or firewall. However, BCL can not only be used to block malicious traffic, it can also be used passively e.g. by checking log files of web proxies, firewalls or any other security devices to detect malicious botnet generated traffic in your network, such as generated by infected computers (bots) in your local are network (LAN).


How do I use the BCL?
The Spamhaus Botnet Controller List ("BCL") is available in different formats and intended to be used by Open Source Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) such as Snort or Suricata, corporate DNS servers, firewalls or any other network security device. Unlink other data feeds published by Spamhaus, the main purpose of BCL is not for mail filtering rather than identifying and blocking malicious network traffic.

BCL is available in different formats, such as a rule file for Snort and Suricata IDS / IPS, plain-text file, CSV, as a Response Policy Zone (RPZ) and via the Spamhaus BGP Feed ("BGPf").


Is there a difference between the BCL and the BGPf?

No. The BGPf (Spamhaus BGP feed) is just a different delivery method of the BCL. Currently, we provide the BCL in CSV format, as a Snort/Suricata IDS rule file and through our BGP feed.



How often is the BCL updated?
BCL gets updated several times per day.

BCL listings in the past 30 days

Number of BCL listings in the past 30 days.


How to obtain access to BCL?
To obtain access to the BCL, you will have to sign up for the BCL data feed at SpamTEQ website.


Can the BCL block legitimate traffic?
The BCL's primary objective is to avoid 'false positives' while blocking as much malicious traffic as possible. So far, BCL false positives are extremely rare. Since BCL is a subset of SBL, every BCL listing is based on an investigation by one of the Spamhaus SBL team members. BCL does not contain any automated listings. All listings on BCL have been issued and reviewed by a human individual.


© 1998-2017 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy