The Spamhaus Project

news

Spamhaus Releases Exploits Block List (XBL) to Combat Illegal Spam Relaying

by The Spamhaus TeamJanuary 01, 20042 minutes reading time
Email security
DNSBL
Compromised
IP Reputation

London, 1 January 2004

To help stop the rising tide of spam coming from illegal 3rd party exploits, the Spamhaus Project today released the Exploits Block List (XBL), a realtime DNS-based database of IP addresses of illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits utilized by spammers.

Spam comes from two main sources; it is either sent directly from the spammer's own IP addresses, or is sent via 3rd party exploits in an effort to obfuscate the origin. The XBL is designed to sit alongside the Spamhaus Block List (SBL) which blocks incoming spam from direct spam sources.

The XBL wholly incorporates the highly-trusted CBL (Composite Block List) from cbl.abuseat.org and is available immediately free of charge as xbl.spamhaus.org.

The combination of SBL and XBL enables ISPs to safely reject a high volume of incoming spam outright, without needing to accept it into their mail queues for processing. This enables the use of further slower post-receipt spam filters to process a vastly reduced volume of remaining spam.

Because of the fail-safe design of DNS-based blocklists, both the SBL and the XBL provide instant feedback to the Sender in the event an incoming message is rejected, informing the Sender via the standard SMTP rejection (bounce) message of the reason the message was rejected and what to do about it. This differs from post-receipt spam filter systems which accept all email and then silently discard or route to a trash mailbox email identified as spam without the Sender knowing.

Because of the SBL's reputation for precision combined with the fail-safe design of block lists, the Spamhaus Block List was widely adopted in 2003 by major banks, airlines and industries to whom email delivery integrity is vital. In December 2003 the number of mail users protected by the SBL surpassed 200 Million. With the addition of the XBL, Spamhaus aims to provide the maximum spam blocking possible with the safest solution.

For more information see:

http://www.spamhaus.org/xbl

Help and recommended content

See below for helpful articles and recommended content

Query the legacy DNSBLs via Microsoft? Move to Spamhaus Technology’s free Data Query Service

If you're using the free legacy DNS Blocklists (DNSBLs) through the Public Mirrors while running on Microsoft’s infrastructure, you'll need to make a few small adjustments to your email setup. These changes are simple to apply, but if you don’t take action, you risk having some - or even all - of your email blocked after April 9, 2025!

Email security
DNSBL
Blog • March 11, 2025 • The Spamhaus Team

If you query the legacy DNSBLs via Hetzner move to Spamhaus Technology’s free Data Query Service

Currently accessing the free legacy DNS Blocklists (DNSBLs) via the Public Mirrors, and using Hetzner's network? You'll need to make some minor changes to your email infrastructure. The changes are simple to implement, but if you fail to do so, you could find that at some point post-February 19th 2025, all or none of your email is blocked!

Email security
DNSBL
Blog • January 08, 2025 • The Spamhaus Team

PEC “invoice scam” - Stealing time, money, and trust from businesses

PEC stands for “Posta Elettronica Certificata” - a type of legally binding “certified email” used in Italy. It's also a hub of abuse targeting business owners. In this article, we share a real-life case of criminals stealing PEC credentials to send malicious emails, causing significant loss of time and money, and explore the risks of a proposed European PEC system.

Cybercrime
Email security
Blog • December 12, 2024 • The Spamhaus Team
Home
Home
...
Home