Man monitoring servers


The Spamhaus Do not Route Or Peer (DROP) advisory list includes IP address ranges that are known to have been hijacked by professional spammers and cyber criminals, or have been directly allocated to criminal organizations by a regional internet registry (RIR).

These networks are completely controlled by criminal organizations and send zero legitimate traffic. They are solely used for spamming; hosting malware-infected sites; distributing phishing emails; hosting botnet command and control servers; and launching DDoS attacks against other networks.

It also contains a list of IP ranges that cyber criminals have leased from ISPs for the same purposes.

Any traffic from your network to a DROP listed IP address is likely to be a user responding to a phishing email, or a device infected with botnet malware.

DROP can be loaded into your router, BGP gateway, IDS, or firewall and used to block malicious email and internet traffic at your network edge.

By simply blocking connections from any IP address from a listed range, you can avoid wasting bandwidth and protect your users from being exposed to phishing links and malware embedded in spam emails.

Spamhaus updates the DROP list every few minutes. However, these lists generally remain stable because criminals tend to control IP address blocks for an extended period.

All networks that are listed in DROP are also listed in the Spamhaus SBL. From 1st June 2016, in addition to returning the standard return code for an SBL listing, all three zones:;; zen.spamhaus org, have also returned the new code, to denote that an IP address is listed in DROP as well as the SBL.

Click for your free 30 day trial

Keep ahead of the threat - for free

DROP is the most powerful ways to protect you from the 'worst of the worst' on the internet so we have made this Zone available as a no-cost public service to direct users of the data as part of our Response Policy Zone service.

See the positive impact real-time threat intelligence from Spamhaus can have - protecting you, your networks and your users.

Sign up

Discover why we're the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch

Latest News

Brian Krebs | Bitcanal - "Hijack Factory" Shunned from Web

Brian Krebs covers the Bitcanal "Hijack Factory" story which hit the news this week. In the article Krebs highlights that virtually all of Bitcanal's IP address ranges had been listed by Spamhaus.

Read more

Doug Madory | Shutting down the BGP Hijack Factory - Bitcanal

This week sees Spamhaus featuring in the news again. Bitcanal, a notorious bad actor, who has continually hijacked Border Gateway Protocol (BGP) routes, has effectively been kicked off the internet. Doug Madory, Director of Internet Analysis at Oracle Dyn, takes an in-depth look at the story: Shutting down the BGP Hijack Factory.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.