Man monitoring servers

Domain-based protection updated every 60 seconds

According to the latest Verizon Data Breach Investigation Report, which analysed 100,000 incidents, almost 10% of phishing attacks resulted in a data security breach.1

On average, the first phishing email link was clicked within 3 minutes and 45 seconds. Almost a third of phishing emails were opened and, of that proportion, 12% of people took the bait by opening attachments and clicking on links. Using this technique, 80% of cybercriminals compromise systems within minutes and start exfiltrating data within days.2

To help mitigate the risks created by users visiting bad domains and clicking on links in phishing emails, Spamhaus developed its Domain Block List (DBL) to provide near real-time protection for your network assets.

Criminals register thousands of domains and only use them for short periods, to try to evade detection. The Spamhaus security researchers use automated systems to constantly monitor newly-registered domains and identify links to cybercriminal activity, allowing us to rapidly list suspect domains.3

Spamhaus Technology DBL is provided as a Response Policy Zone that can be added to your BIND server to selectively block DNS resolution to malicious domains, before users can click on links and do any harm to your network.4

Parts of the DBL are managed as zero false positive listings and use senders’ domains, contained within SMTP headers, to safely reject harmful emails at SMTP connection time.

The whole Spamhaus DBL protects mailservers and networks by performing message body URI checks to enable administrators to block email containing links to listed domains. As an administrator, you can use the DBL return code to simply block emails, or use it as part of a spam scoring system, according to your organisation’s policies, risk profile and tolerance for false positives.

Spamhaus Technology DBL contains tens of thousands of bad domains and is updated every sixty seconds. Domains are removed from the list once they cease to pose a risk. Therefore, the DBL is maintained as a relatively small list, with only changes to the list being shared. This facilitates frequent updates: offering near real-time protection against the latest domain-based threats to your network.

A much larger version of the DBL dataset, which retains domains for a longer period, is also available from Spamhaus Technology.

1 Spamhaus Domain Blocklist

2 Source: Verizon Data Breach Investigation Report 2016

3 Source: Financial Times “10% of phishing scams lead to data breach,” 26th April 2016

4 eDBL DNS Response Policy Zones

Click for your free 30 day trial

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch

Latest News

Brian Krebs | Bitcanal - "Hijack Factory" Shunned from Web

Brian Krebs covers the Bitcanal "Hijack Factory" story which hit the news this week. In the article Krebs highlights that virtually all of Bitcanal's IP address ranges had been listed by Spamhaus.

Read more

Doug Madory | Shutting down the BGP Hijack Factory - Bitcanal

This week sees Spamhaus featuring in the news again. Bitcanal, a notorious bad actor, who has continually hijacked Border Gateway Protocol (BGP) routes, has effectively been kicked off the internet. Doug Madory, Director of Internet Analysis at Oracle Dyn, takes an in-depth look at the story: Shutting down the BGP Hijack Factory.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.