These networks are completely controlled by criminal organizations and send zero legitimate traffic. They are solely used for spamming; hosting malware-infected sites; distributing phishing emails; hosting botnet command and control servers; and launching DDoS attacks against other networks.
The extended DROP list (eDROP) is a list of IP ranges that cybercriminals have leased from ISPs for the same purposes.
Any traffic from your network to a DROP/eDROP listed IP address is likely to be a user responding to a phishing email, or a device infected with botnet malware.
Both DROP and eDROP can be loaded into your router, BGP gateway, IDS, or firewall and used to block malicious email and internet traffic at your network edge.
By simply blocking connections from any IP address from a listed range, you can avoid wasting bandwidth and protect your users from being exposed to phishing links and malware embedded in spam emails.
Spamhaus updates the DROP and eDROP lists every few minutes. However, these lists generally remain stable because criminals tend to control IP address blocks for an extended period.
All networks that are listed in DROP and eDROP are also listed in the Spamhaus SBL. From 1st June 2016, in addition to returning the standard return code 127.0.0.2 for an SBL listing, all three zones: sbl.spamhaus.org; sbl-xbl.spamhaus.org; zen.spamhaus org, have also returned the new code 127.0.0.9, to denote that an IP address is listed in DROP/eDROP as well as the SBL.
Click for your free 30 day trial