Man monitoring servers

Threat intelligence updated every 60 seconds

Spamhaus Technology Response Policy Zones (RPZ) use domain and IP reputation data from Spamhaus’ real-time threat intelligence.

Spamhaus RPZ feeds are regular zone files that use live threat intelligence data and behavioral analytics to block the IP addresses of malicious name servers in real-time. If the RPZ supported DNS resolver or appliance finds an IP address listed within our RPZ feeds, the user's browser will not be able to connect to the listed site and returns an NXDomain, or can be pointed at an internal site, honey pot or sandbox.

If you are managing your own DNS infrastructure you can use RPZ feeds to determine exactly which RPZs need to be implemented to protect your networks.

New trial subscribers to the Spamhaus Technology RPZ feed service have access to 13 zone feeds by default that are included in four categories: Standard, Malware, Abused and Diverse.

  • The domain-based dbl.spamhaus.org, which lists domains used by malware dropper sites; redirectors; botnet C&Cs; sites sending spam and phishing emails; and domains associated with fake goods; fraud; identity theft; viruses; Trojans; ransomware and malware.
  • The IP-based drop.rpz.spamhaus.org, based on Spamhaus’ Do Not Route Or Peer (DROP) list, which is an advisory, “drop all traffic” list, consisting of blocks of IP addresses that are known to be controlled by hijackers, spammers and cybercriminals.

These default zones can be complemented with additional Spamhaus zones, including botnet C&C; malware; and zero reputation domain (ZRD) zones.

RPZ supported DNS server and appliance administrators can also create their own whitelists, to use in combination with Spamhaus zones. For example, you can add your organization’s own domains to your on premises DNS infrastructure server, to prevent your own users being blocked.

Managing Zone Transfers on premises allows for a high degree of flexibility and customization and can also be used to reinforce security awareness training for your users.

For example, rather than simply returning an NXDomain, you can also use RPZs to redirect employees to an internal webpage that warns them of the dangers of visiting particular websites or clicking on links in phishing emails. This adds an additional layer to your security defenses by combining technological controls with user training.

Threat intelligence updated every 60 seconds

Spamhaus RPZs are updated up to every sixty seconds and only changes to the lists are broadcast, so that updates can be propagated to all domain name servers worldwide in a matter of seconds. This provides your organization with the most current threat intelligence to protect your networks from being compromised by people clicking on phishing links, or browsing untrustworthy sites. As soon as the new RPZs are propagated, your network users are unable to connect to listed domains and IP addresses mitigating the threat from new malicious domains.

Click for further information on Spamhaus Technology RPZ Managed Service

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch


Latest News

Brian Krebs | Bitcanal - "Hijack Factory" Shunned from Web

Brian Krebs covers the Bitcanal "Hijack Factory" story which hit the news this week. In the article Krebs highlights that virtually all of Bitcanal's IP address ranges had been listed by Spamhaus.

Read more

Doug Madory | Shutting down the BGP Hijack Factory - Bitcanal

This week sees Spamhaus featuring in the news again. Bitcanal, a notorious bad actor, who has continually hijacked Border Gateway Protocol (BGP) routes, has effectively been kicked off the internet. Doug Madory, Director of Internet Analysis at Oracle Dyn, takes an in-depth look at the story: Shutting down the BGP Hijack Factory.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.