Blocklist Removal Center
About Spamhaus  |  FAQs  |  News Blog   
Frequently Asked Questions (FAQ)
Datafeed FAQ
Generic Questions
ISP Spam Issues
Legal Questions
Marketing FAQs
Online Scams
Spamhaus BCL
Spamhaus CSS
Spamhaus DBL
Spamhaus PBL
Spamhaus SBL
Spamhaus XBL

Spamhaus CSS

What is CSS?
How do I use CSS and what is its return code? (
Does CSS list IPv6 addresses?
How are CSS listings removed?

What is CSS?
Spamhaus CSS is a part of the SBL zone which lists single IP spam sources. As part of SBL zone, it is also included in Zen zone, so if you use SBL or Zen, you already use CSS. It is fed by multiple detection methods using a variety of heuristics. It is highly automated for both listing and expiration of zone entries. It allows fast, no-questions-asked removals - within limits - but it also relists quickly upon redetection. CSS is highly effective at blocking spam during SMTP delivery with very low false positive detections.

How do I use CSS and what is its return code? (

Use CSS just as you would use SBL or Zen. In fact, you must use one or the other (but not both!) of those zones in order to use CSS; CSS is not a separate zone. If you are already using SBL or Zen then you are already using CSS.

The return code for CSS in either or zone is For more about Spamhaus DNSBL usage and all our return codes, see the DNSBL Usage FAQ.

Does CSS list IPv6 addresses?

Yes, CSS lists both IPv4 and IPv6 addresses.

CSS lists single "/32" IPv4 addresses.

CSS lists "/64" CIDR blocks in IPv6. A very large number of emitting IPv6 addresses in different /64 blocks within the same network may cause listing expansion to larger blocks. Without such aggregations, the IPv6 zone size could become unworkably large. Also, various gaming strategies used by spammers are much more difficult with aggregated blocks rather than single "/128" IPs.

"/64" is the industry standard for the smallest IPv6 allocation to individual customers, even in home-use situations like cable, DSL or wireless. Thus, for ISPs which follow standard industry practices, CSS IPv6 listings will only affect a single customer.

Spamhaus IPv6 strategy statement, published June 2011, is the result of extensive discussions we had with various members of the anti-abuse community including a large number of ISPs:

The M3AAWG IPv6 Policy document provides an excellent summary; see in particular 'Tracking and Actioning Aggregate IPv6 Assignments Instead of Individual /128 Addresses':

The "/64" choice has RFC4291 as its origin, but what is more important is that essentially no one in the M3AAWG community objected to the adoption of a /64 granularity for blocking lists.

More technical reasons for choosing /64 customer assignments are indicated in

Customers of providers that place different customers within the same /64 block should contact the provider support, ask for a dedicated /64 assignment and move mail service to a non-shared /64 range. In particular, customers of Linode should read this document and open a ticket to get a /64.

How are CSS listings removed?

CSS listings expire quickly, normally three days after last spam detection.

CSS also allows removal via our website. Start with the Blocklist Removal Center and follow the links from there.

IMPORTANT: Identify and stop whatever caused the spam problem before you remove an IP from CSS. While CSS will allow you to remove an IP, it will also relist it immediately if spam continues to be detected. Also, there are limits on removals so if you reach the limit of allowed removals without fixing the problem, you will need to wait for the three day expiration after last detection.

© 1998-2018 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy