Man monitoring servers

DROP and eDROP

The Spamhaus Do not Route Or Peer (DROP) advisory list includes IP address ranges that are known to have been hijacked by professional spammers and cybercriminals, or have been directly allocated to criminal organizations by a regional internet registry (RIR).

These networks are completely controlled by criminal organizations and send zero legitimate traffic. They are solely used for spamming; hosting malware-infected sites; distributing phishing emails; hosting botnet command and control servers; and launching DDoS attacks against other networks.

The extended DROP list (eDROP) is a list of IP ranges that cybercriminals have leased from ISPs for the same purposes.

Any traffic from your network to a DROP/eDROP listed IP address is likely to be a user responding to a phishing email, or a device infected with botnet malware.

Both DROP and eDROP can be loaded into your router, BGP gateway, IDS, or firewall and used to block malicious email and internet traffic at your network edge.

By simply blocking connections from any IP address from a listed range, you can avoid wasting bandwidth and protect your users from being exposed to phishing links and malware embedded in spam emails.

Spamhaus updates the DROP and eDROP lists every few minutes. However, these lists generally remain stable because criminals tend to control IP address blocks for an extended period.

All networks that are listed in DROP and eDROP are also listed in the Spamhaus SBL. From 1st June 2016, in addition to returning the standard return code 127.0.0.2 for an SBL listing, all three zones: sbl.spamhaus.org; sbl-xbl.spamhaus.org; zen.spamhaus org, have also returned the new code 127.0.0.9, to denote that an IP address is listed in DROP/eDROP as well as the SBL.

Click for your free 30 day trial

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
Facebook Logo
 Mail RU Logo
Time Warner Cable Logo
Yahoo Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch


Latest News

Choking the botnets - RPZ protecting a client's users across the USA.

Email security providers are reducing the risks from recently registered Domains thanks to the new 'Zero Reputation Domain' data list from Spamhaus

Read more

Recently registered Domains - how to avoid the risks

Email security providers are reducing the risks from recently registered Domains thanks to the new 'Zero Reputation Domain' data list from Spamhaus

Read more

Spamhaus Technology adds DGA domains to RPZ

Last Thursday Spamhaus Technology added DGA domains to the Spamhaus Technology Botnet Control and Command RPZ (Response Policy Zones). This resulted in the RPZ increasing in size from around 500 entries to 1.2 million.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.