The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.

If your IP address is listed by the XBL, see the XBL FAQs for solutions

Incorporates CBL data

XBL is a list of spam sources due to exploited computers or other devices. It is mostly composed of--as well as the primary distribution zone for--CBL data (cbl.abuseat.org). It may also include other lists of spam sources due to exploited computers and other devices.

NJABL closing information

The NJABL has announced it is shutting down and is now serving an emtpy zone. NJABL should not be queried by any system from now on, and accordingly has been removed from XBL. For more information, please visit http://www.njabl.org/

XBL Usage

The Exploits Block List can be used by all modern mail servers, by setting your mail server's anti-spam DNSBL feature (sometimes called "Blacklist DNS Servers" or "RBL servers") to query xbl.spamhaus.org. XBL is also part of a combined DNSBL comprising SBL, XBL and PBL, see: ZEN

Mail servers already using cbl.abuseat.org should NOT also use xbl.spamhaus.org or you will be making 'double' queries to basically the same data source and only one DNSBL will appear to work (the other(s) will appear to not catch anything).

For information on CBL see http://cbl.abuseat.org/

Use of the Spamhaus DNSBLs is free of charge for low-volume non-commercial use. To check if you qualify for free use, please see: Spamhaus DNSBL usage criteria.