Man monitoring servers

The Spamhaus Block List (SBL) is a database of IP address ranges that are involved in distributing unsolicited emails.

The list can be queried in real-time by mailservers, allowing mail server administrators to identify, block, or tag incoming mail from SBL-listed IP addresses.

SBL includes IP addresses of devices that have been observed to be sending spam; that are hosting botnet C&C servers; URIs of compromised websites; IP addresses involved in email appending services; and domains and services that are advertised within spam emails.

This list can be used as both a sender IP blocklist and a URI blocklist, to help protect your mailstreams from spam and botnet malware.

Senders whose IP addresses have been listed in the SBL will receive a bounceback message, allowing them to check the email addresses of recipients, or correct any other sending issues.

There are several components to the SBL with two large sections being:

  • A list that is manually maintained by a dedicated team of Spamhaus researchers
  • An automated Composite Snowshoe listing mechanism (CCS), which lists individual IP addresses involved in sending low reputation email. CSS is designed to help you to block email sent from static spam emitters, such as snowshoe operations and compromised hosts. Listing on the Spamhaus CSS results from multiple events and heuristics and is based on a range of inputs.

Since February 2016, SBL has contained IPv6 data to help block Snowshoe spam.

The SBL contains data that is also made available as separate lists:

The Botnet Controller List (BCL) consists of single IPv4 addresses of command and control servers that are being used by cybercriminals to control infected computers. BCL does not contain any subsets, or CIDR prefixes larger than /32. All IP addresses included in BCL are also linked to an SBL listing that provides information on why that specific IP was listed.

Do not Route Or Peer (DROP) and extended Do not Route Or Peer (eDROP) lists. These are advisory, “drop all traffic” lists, consisting of netblocks of IP addresses that have been hijacked or leased by professional spammers or cybercrime operations and which are being used for the dissemination of malware, trojan downloaders, or other malicious activities.

SBL makes up part of the Spamhaus ZEN composite blocklist, comprising SBL, XBL and PBL.

Click for your free 30 day trial

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch

Latest News

Brian Krebs | Bitcanal - "Hijack Factory" Shunned from Web

Brian Krebs covers the Bitcanal "Hijack Factory" story which hit the news this week. In the article Krebs highlights that virtually all of Bitcanal's IP address ranges had been listed by Spamhaus.

Read more

Doug Madory | Shutting down the BGP Hijack Factory - Bitcanal

This week sees Spamhaus featuring in the news again. Bitcanal, a notorious bad actor, who has continually hijacked Border Gateway Protocol (BGP) routes, has effectively been kicked off the internet. Doug Madory, Director of Internet Analysis at Oracle Dyn, takes an in-depth look at the story: Shutting down the BGP Hijack Factory.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.