Man monitoring servers

Threat intelligence updated every 60 seconds

If users click on malicious links within phishing emails and inadvertently download malware or ransomware, this can lead to cyber criminals gaining a foothold in the corporate network, allowing them to copy intellectual property; steal, alter or encrypt data for financial gain; install spyware; or add computers to botnets.

In the worst case scenario, a user clicking on a phishing link could lead to complete compromise of the corporate network.

Security professionals can mitigate this risk by using Response Policy Zones (RPZs) to block access to malicious sites by preventing the DNS from resolving to malicious domains and IP addresses. This protects users from visiting newly-registered malware dropper sites and bad IP addresses that pose a significant risk.

Spamhaus Technology Response Policy Zones use domain and IP reputation data from Spamhaus’ real-time threat intelligence data to protect users' computers from connecting to harmful sites as soon as the domains are registered and before they can compromise users’ computers and harm your network.

Developed in collaboration with Deteque and ISC, Spamhaus Technology RPZ helps to prevent data loss by disrupting communications between C&C servers and infected botnet nodes on your network.

Use RPZs for phishing awareness

Rather than simply returning NX Domain, organizations can also use RPZs to improve security awareness by redirecting employees to a page warning of the dangers of visiting particular websites or clicking on links in phishing emails.

This approach can be used to identify users who would benefit from training in how to spot and avoid clicking on phishing links and reinforces your organization’s technological defences with user education.

Spamhaus RPZs updated every few seconds

Spamhaus RPZs are updated up to every sixty seconds and only changes to the lists are broadcast, so that updates can be propagated to all domain name servers worldwide in a matter of seconds. This provides network administrators, security professionals and service providers with the most current threat intelligence to protect their networks from being compromised by people clicking on phishing links, or browsing untrustworthy sites. As soon as the new RPZs are propagated, your network users are unable to connect to listed domains and IP addresses: mitigating the threat from new malicious domains.

Keep ahead of the threat - for free

RPZ is such a powerful tool we want you to experience it for free.

The DROP (Do not Route Or Peer) Zone protects you from the ‘worst of the worst’ - IP ranges known to have been hijacked by professional spammers and cyber criminals, or have been directly allocated to criminal organizations by a regional internet registry. Also included are IP ranges that cyber criminals have leased from ISPs.

We have made this Zone available as a no-cost public service to direct users of the data.

See the positive impact RPZ from Spamhaus can have - protecting you, your networks and your users.

Sign up

When users attempt to access websites, a five step process takes place:

  • The user clicks on a link, or enters the URL of the site they want to reach into their browser
  • The user’s machine queries the local DNS server for an A record
  • The DNS server finds a matching IP address.
  • The DNS server returns the IP address to the user’s machine
  • The user's web browser now contacts the website using its IP address.

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch

Latest News

Brian Krebs | Bitcanal - "Hijack Factory" Shunned from Web

Brian Krebs covers the Bitcanal "Hijack Factory" story which hit the news this week. In the article Krebs highlights that virtually all of Bitcanal's IP address ranges had been listed by Spamhaus.

Read more

Doug Madory | Shutting down the BGP Hijack Factory - Bitcanal

This week sees Spamhaus featuring in the news again. Bitcanal, a notorious bad actor, who has continually hijacked Border Gateway Protocol (BGP) routes, has effectively been kicked off the internet. Doug Madory, Director of Internet Analysis at Oracle Dyn, takes an in-depth look at the story: Shutting down the BGP Hijack Factory.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.