Man monitoring servers

Updated hourly, the Spamhaus AuthBL is a subset of the Spamhaus Exploits Blocklist (XBL).

AuthBL is specifically designed to block connections from any IP address associated with attacks on SMTP Authentication.

Botnets are often employed by cybercriminals to circumvent SMTP Auth: the security protocol that requires client machines to identify themselves to mailservers prior to being able to send or receive email.

Botnets are often employed by cybercriminals to circumvent SMTP Auth: the security protocol that requires client machines to identify themselves to mailservers prior to being able to send or receive email.

The Cutwail botnet is one example of an SMTP Auth attack. Cutwail used the resources of millions of Pushdo-infected client machines, operated by 30 command and control servers. Six years ago almost half of global spam traffic was attributed to this single botnet.

The Spamhaus AuthBL lists both IP addresses of servers hosting botnet malware that is capable of spoofing MSA connections and also the IP addresses of malware-infected devices, from which attempts have been made to compromise user account passwords on SMTP servers that support SMTP Auth.

Because it is specifically focused on combatting attacks on SMTP Auth, Spamhaus AuthBL provides an effective way of rejecting botnet traffic before it can enter your network, with very little risk of blocking legitimate emails.

Spamhaus Technology AuthBL can be loaded onto SMTP servers that accept email on port 587. It can also be loaded onto SMTP servers that authenticate mail clients using standard SMTP (on port 25) that also accept non-authenticated connections. For companies with 5,000 mail clients or more, Spamhaus Technology provides AuthBL updates via rsync.

Click to arrange your 30 day trial

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
Facebook Logo
 Mail RU Logo
Time Warner Cable Logo
Yahoo Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch


Latest News

Choking the botnets - RPZ protecting a client's users across the USA.

Email security providers are reducing the risks from recently registered Domains thanks to the new 'Zero Reputation Domain' data list from Spamhaus

Read more

Recently registered Domains - how to avoid the risks

Email security providers are reducing the risks from recently registered Domains thanks to the new 'Zero Reputation Domain' data list from Spamhaus

Read more

Spamhaus Technology adds DGA domains to RPZ

Last Thursday Spamhaus Technology added DGA domains to the Spamhaus Technology Botnet Control and Command RPZ (Response Policy Zones). This resulted in the RPZ increasing in size from around 500 entries to 1.2 million.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.