A misuse of Spamhaus blocklists: PART 1 - blocking outbound email
One issue our folks handling tickets submitted by blocked users experience are messages like: Help! My IP is listed by Spamhaus and now I can’t send emails! My provider is rejecting all my emails! You may be asking “Is this not exactly what is supposed to happen in case of a listing?”. Surprising, the answer is “No, it is not!” This is a misuse of our blocklists
The Policy Blocklist: what is it, and why should you be on it?
It’s not always "bad" to be listed on one of Spamhaus' DNS Blocklists. Despite what you may think, there is one list you may want to be on: the Policy Blocklist (PBL). Want to know more? Let's dive into the PBL, what it is, how it works, and how it affects users. Whether you're an Internet Service Provider (ISP) or an end user, find out everything you need to know.
Spamhaus Blocklist (SBL) listings are moving
Any abuse desk worker or Trust and Safety team member who has received a Spamhaus Blocklist (SBL) email notification, can view the full details of the listing on www.spamhaus.org. However, change is coming soon. Please read on, otherwise, you may think you've been phished, when the URL in one of these notifications is different and directs you to a different place!
QNAME Minimization and Spamhaus DNSBLs
On October 4th the Internet Systems Consortium (ISC) issued an article highlighting a problem with Spamhaus’ RBLDNS servers incorrectly answering partial queries that are sent due to QNAME minimization. Our technical team has deployed an initial patch for this issue, and we are in open dialogue with the ISC as...
The return of the ASN-DROP
Further to requests from the community we've reinvigorated the ASN-DROP. With a new algorithm, ASN-DROP is now available in JSON format, listing Autonomous System Numbers (ASNs) associated with the worst of the worst behavior. These are ASNs that our researchers wouldn’t recommend engaging with and are highly likely to announce...
UPDATE - Informational Listings in the Spamhaus Blocklist
Informational listings have received a lot of attention recently, including some helpful of feedback - namely, the intelligence is helpful but it creates too much "noise" in the SBL. So the Project Team will be making changes in the near future.
"The day I blocked a nation from sending email..." and its unlikely aftermath
In celebration of the first-ever networked email being sent 50 years ago today (!), one Spamhaus Project researcher recounts when they blocked the whole of Italy from sending email, and nobody wanted to do anything to fix it!
Using our public mirrors? Check your return codes now.
Back in late 2019, we advised of some new return codes for users of our public mirrors. We appreciate world events may have distracted you from this technical update. However, we will soon be implementing these codes and want to ensure these changes don’t cause you any serious operational issues....
Update for Composite Blocklist (CBL) Users
As of the first week of 2021, the Composite Blocklist (CBL) is being retired. This data, however, is included in the eXploits Blocklist (XBL). We advise any users currently accessing the CBL through cbl.abuseat.org to reconfigure and query xbl.spamhaus.org. ## Will access be stopped for cbl.abuseat.org? No. Access will remain...
Spamhaus DNSBL return codes: technical update
Spamhaus' primary data sets are published in DNS zones known as DNSBLs. Users of that data ask the zone a question (a "query") and the zone provides a response - a return code - in the form of an IPv4 IP address within a designated range (RFC1918 internal network). The...
MTA developers: allow use of domain DNSBLs at the SMTP level
Blocking by domain, rather than IP address, is arguably the most effective strategy to protect against snowshoe and hailstorm spam. However, we often find that users are failing to use domain block lists during the initial SMTP negotiation, before the body of the message is transmitted. Some overlook this aspect...
Exploits Block List - Two Botnets Contribute to 50% Increase in Listings
If you’ve been monitoring the Exploits Block List (XBL) recently you will have noticed a significant increase in the number of listings. The past few weeks have seen a lift from approximately 10 million to 15 million listings. The question is why? Our botnet specialist explains…
Did anyone recently notice that the Spamhaus XBL just got really big?
Yes, the XBL grew by over 50%! Over the past three weeks, some of our users have noticed that the XBL (CBL) database has grown substantially in size. There are two major reasons for this. 1) Increase from the Internet of Things (IoT) There has been a substantial increase...
Changes in Spamhaus DBL DNSBL return codes
Spamhaus engineers have been busy developing new data for the Spamhaus Domain Block List (DBL) during the past several months. Our efforts have produced several specialized subsets of the DBL data set which will provide Spamhaus DBL users with better protection against spam as well as against other cyber threats...
The Spamhaus Policy Block List now covers One Billion IP addresses
As we always try keep tabs on what spammers do, we couldn't help to overhear this at an Evil Botnet Spam Gang's headquarters...