Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Spamhaus' DBL as a Response Policy Zone (RPZ)

2011-06-10 12:58:00 UTC   |   by Quentin Jenkins   |   Category:  malware, phish, rpz, dns, firewall, threat, intelligence
Recent News Articles

Spamhaus Blocklist (SBL) listings are moving

The conundrum that is the modern use of NAT at a carrier grade level

QNAMEĀ MinimizationĀ and Spamhaus DNSBLs

The beta nature of the Threat Intel Community Portal

Want to submit data? Be our guest!

The return of the ASN-DROP

Qakbot - the takedown and the remediation

Poor sending practices trigger a tidal wave of informational listings

Older News Articles:
Spamhaus News INDEX

All too frequently electronic security breaches result from some form of social engineering trick which entices a user to visit a harmful website by providing a clickable link (URL) with a specially-registered domain which ultimately leads to the user being defrauded or their machine being infected with malware.

Once infected, criminals very quickly gain complete control of that user's computer: if that user is on a corporate network, the criminal would immediately gain all that user's privileged access within the company's network. This can result in the theft of confidential corporate data, in many cases financial losses and the possibility of lurid headlines in the press.

While security professionals can and do block access to domains that are known to cause harm, this has so far only been possible once the harm has been identified. And that's too late - the harm is already done. The criminals who use these techniques are now registering domains by the thousand in order to circumvent such blocks, "paying" for them with stolen credit cards and using each domain for a very small number of attacks.

The Spamhaus DBL was launched in 2010 as a way to identify these domains very rapidly so that network administrators can block them in advance. But even so, there has so far been no way to provide this protection automatically.

Now, Response Policy Zones (RPZs) allow DNS administrators selectively to block the DNS resolution of sites. The bad domains or hosts will then simply disappear from that network's view of the Internet - and the malware will no longer be able to reach that network. This functions as a network "DNS Firewall".

Spamhaus' Domain Block List (DBL) contains tens of thousands of domains known to be suspect. The DBL already is being updated with new threats every sixty seconds of every day. By making this list of bad domains available as an RPZ, Spamhaus and their technical collaborators (Deteque and ISC) are giving security administrators an additional tool which they can use to protect their network from the inadvertent actions of unsuspecting users.

This data is updated very rapidly by broadcasting only changes to the list rather than the full list. This means that the frequent updates generally take less than a second to propagate, effectively mitigating threats in near real time.

For further information see:

DNS Response Policy Zones <>
Spamhaus Domain Blocklist <>
Taking Back the DNS <>
RPZ FAQ (PDF. 38KB) <>
Response Policy Zone - History, Usage and Research (PDF. 180KB) <>
Cisco: Using DNS RPZ to block malicious DNS requests <>
Internet Identity: Happy Birthday RPZ <>
Imperial College of London: What are DNS Response Policy Zones? <>

Update 2014-10-31: Full service offered
We're happy to announce that the Spamhaus RPZs have proved their worth in a number of production environments. As such, the beta test period is over. To trial the service, please visit Spamhaus Technology selecting the appropriate service(s).

Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
Spamhaus' DBL as a Response Policy Zone (RPZ)

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2024 The Spamhaus Project SLU. All rights reserved.
Legal  |  Privacy