Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Spamhaus' DBL as a Response Policy Zone (RPZ)

2011-06-10 12:58:00 UTC, by Quentin Jenkins
Recent News Articles

Network Hijacking on the Rise

Subscription Bombing: COI, CAPTCHA, and the Next Generation of Mail Bombs

More Domain Stats: The 10 Most Abused Registrars

SBL/ZEN DNS lookups to return DROP/eDROP status

Spamhaus Presents: The World's Worst Top Level Domains

Verizon Routing Millions of IP Addresses for Cybercrime Gangs

Brazilian internet users suffer SoftLayer's security fail

Network under attack? You might be surprised where that's coming from!

Older News Articles:
Spamhaus News INDEX

All too frequently electronic security breaches result from some form of social engineering trick which entices a user to visit a harmful website by providing a clickable link (URL) with a specially-registered domain which ultimately leads to the user being defrauded or their machine being infected with malware.

Once infected, criminals very quickly gain complete control of that user's computer: if that user is on a corporate network, the criminal would immediately gain all that user's privileged access within the company's network. This can result in the theft of confidential corporate data, in many cases financial losses and the possibility of lurid headlines in the press.

While security professionals can and do block access to domains that are known to cause harm, this has so far only been possible once the harm has been identified. And that's too late - the harm is already done. The criminals who use these techniques are now registering domains by the thousand in order to circumvent such blocks, "paying" for them with stolen credit cards and using each domain for a very small number of attacks.

The Spamhaus DBL was launched in 2010 as a way to identify these domains very rapidly so that network administrators can block them in advance. But even so, there has so far been no way to provide this protection automatically.

Now, Response Policy Zones (RPZs) allow DNS administrators selectively to block the DNS resolution of sites. The bad domains or hosts will then simply disappear from that network's view of the Internet - and the malware will no longer be able to reach that network.

Spamhaus' Domain Block List (DBL) contains tens of thousands of domains known to be suspect. The DBL already is being updated with new threats every sixty seconds of every day. By making this list of bad domains available as an RPZ, Spamhaus and their technical collaborators (Deteque and ISC) are giving security administrators an additional tool which they can use to protect their network from the inadvertent actions of unsuspecting users.

This data is updated very rapidly by broadcasting only changes to the list rather than the full list. This means that the frequent updates generally take less than a second to propagate, effectively mitigating threats in near real time.

Spamhaus' DBL RPZ is now available for beta testing. A BIND server (version 9.8.0+) is needed to utilise this feature and at this time networks will need to contact Spamhaus <> to register their BIND server to use this RPZ.

For further information see:

DNS Response Policy Zones <>
Spamhaus Domain Blocklist <>
Taking Back the DNS <>
RPZ FAQ (PDF. 38KB) <>
Response Policy Zone - History, Usage and Research (PDF. 180KB) <>
Cisco: Using DNS RPZ to block malicious DNS requests <>
Internet Identity: Happy Birthday RPZ <>
Imperial College of London: What are DNS Response Policy Zones? <>

Update 2014-10-31
We're happy to announce that the Spamhaus RPZs have proved their worth in a number of production environments. As such, the beta test period is over. To trial the service, please visit selecting the appropriate service(s).

Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
Spamhaus' DBL as a Response Policy Zone (RPZ)

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy