Man monitoring servers

Threat intelligence updated every 60 seconds

Spamhaus Technology Response Policy Zones (RPZ) use domain and IP reputation data from Spamhaus’ real-time threat intelligence.

Spamhaus RPZs are regular BIND files that use live threat intelligence data and behavioural analytics to block the IP addresses of malicious name servers in real-time. If the DNS resolver finds an IP address listed within your RPZ-aware DNS server, the user's browser will not be able to connect to the listed site and returns an NX Domain, or can be pointed at an internal honey pot.

If you are managing your own BIND servers you can use RPZ Zone Transfer to determine exactly which RPZs are implemented to protect your networks.

New subscribers to the Spamhaus Technology RPZ Zone Transfer service have two RPZs enabled by default:

  • The domain-based, which lists domains used by malware dropper sites; redirectors; botnet C&Cs; sites sending spam and phishing emails; and domains associated with fake goods; fraud; identity theft; viruses; Trojans; ransomware and malware.
  • The IP-based, based on Spamhaus’ Do Not Route Or Peer (DROP) list, which is an advisory, “drop all traffic” list, consisting of blocks of IP addresses that are known to be controlled by hijackers, spammers and cybercriminals.

These default zones can be complemented with additional Spamhaus zones, including botnet C&C; malware; and zero reputation domain (ZRD) zones.

BIND server administrators can also create their own whitelists, to use in combination with Spamhaus zones. For example, you can add your organization’s own domains to your on premise BIND server, to prevent your own users being blocked.

Managing Zone Transfers on premise allows for a high degree of flexibility and customization and can also be used to reinforce security awareness training for your users.

For example, rather than simply returning an NX Domain, you can also use RPZs to redirect employees to an internal webpage that warns them of the dangers of visiting particular websites or clicking on links in phishing emails. This adds an additional layer to your security defences by combining technological controls with user training.

Threat intelligence updated every 60 seconds

Spamhaus RPZs are updated up to every sixty seconds and only changes to the lists are broadcast, so that updates can be propagated to all domain name servers worldwide in a matter of seconds. This provides your organization with the most current threat intelligence to protect your networks from being compromised by people clicking on phishing links, or browsing untrustworthy sites. As soon as the new RPZs are propagated, your network users are unable to connect to listed domains and IP addresses mitigating the threat from new malicious domains.

Click for further information on Spamhaus Technology RPZ Managed Service

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch

Latest News

PIPELINE Security partnership delivers advanced threat intelligence to Asia Pacific.

New partnership between Tokyo-based PIPELINE Security and Spamhaus Technology will bring faster, easier access to global cyber threat intelligence.

Read more

Virus Bulletin reviews the latest Spamhaus Botnet Threat Report

Independent researchers review the latest annual Spamhaus Botnet Threat Report.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.