Blocklist Removal Center
About Spamhaus  |  FAQs  |  News Blog   
Frequently Asked Questions (FAQ)
BGPf FAQ
Datafeed FAQ
DNSBL Usage
DROP FAQ
Generic Questions
Glossary
ISP Spam Issues
Legal Questions
Marketing FAQs
Online Scams
Organization
ROKSO FAQ
Spamhaus BCL
Spamhaus CSS
Spamhaus DBL
Spamhaus PBL
Spamhaus SBL
Spamhaus XBL



Spamhaus CSS

What is CSS?
How do I use CSS and what is its return code? (127.0.0.3)
Does CSS list IPv6 addresses?
How are CSS listings removed?


What is CSS?
Spamhaus CSS is a part of the SBL zone which lists single IP spam sources. As part of SBL zone, it is also included in Zen zone, so if you use SBL or Zen, you already use CSS. It is fed by multiple detection methods using a variety of heuristics. It is highly automated for both listing and expiration of zone entries. It allows fast, no-questions-asked removals - within limits - but it also relists quickly upon redetection. CSS is highly effective at blocking spam during SMTP delivery with very low false positive detections.


How do I use CSS and what is its return code? (127.0.0.3)

Use CSS just as you would use SBL or Zen. In fact, you must use one or the other (but not both!) of those zones in order to use CSS; CSS is not a separate zone. If you are already using SBL or Zen then you are already using CSS.

The return code for CSS in either sbl.spamhaus.org or zen.spamhaus.org zone is 127.0.0.3. For more about Spamhaus DNSBL usage and all our return codes, see the DNSBL Usage FAQ.



Does CSS list IPv6 addresses?

Yes, CSS lists both IPv4 and IPv6 addresses.

CSS lists single "/32" IPv4 addresses.

CSS lists "/64" CIDR blocks in IPv6. Without such aggregation, IPv6 zone size could become unworkably large. Also, various gaming strategies used by spammers are much more difficult with aggregated blocks rather than single "/128" IPs. "/64" is the industry standard for the smallest IPv6 allocation to individual customers, even in home-use situations like cable, DSL or wireless. Thus, for ISPs which follow standard industry practices, CSS IPv6 listings will only affect a single customer.

Spamhaus IPv6 strategy statement, published June 2011, is the result of extensive discussions we had with various members of the anti-abuse community including a large number of ISPs: http://www.spamhaus.org/organization/statement/12/

The M3AAWG IPv6 Policy document provides an excellent summary; see in particular 'Tracking and Actioning Aggregate IPv6 Assignments Instead of Individual /128 Addresses': https://www.m3aawg.org/sites/default/files/document/M3AAWG_Inbound_IPv6_Policy_Issues-2014-09.pdf

The "/64" choice has RFC4291 as its origin, but what is more important is that essentially no one in the M3AAWG community objected to the adoption of a /64 granularity for blocking lists.

More technical reasons for choosing /64 customer assignments are indicated in http://etherealmind.com/allocating-64-wasteful-ipv6-not/



How are CSS listings removed?

CSS listings expire quickly, normally three days after last spam detection.

CSS also allows removal via our website. Start with the Blocklist Removal Center and follow the links from there.

IMPORTANT: Identify and stop whatever caused the spam problem before you remove an IP from CSS. While CSS will allow you to remove an IP, it will also relist it immediately if spam continues to be detected. Also, there are limits on removals so if you reach the limit of allowed removals without fixing the problem, you will need to wait for the three day expiration after last detection.



© 1998-2017 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy