High-speed and high-volume: Hailstorm spam is one method cyber criminals are using to overwhelm target organizations’ defenses, but Spamhaus is leading the fight back with threat intelligence delivered at high-speed.

Dynamic Updates from Spamhaus protect by alerting you to hailstorm  attacks within seconds of them starting, giving you the unique capability to block this type of spam.

Powerful intelligence delivered at high speed

Hailstorm attacks can be over in a matter of minutes and every second counts.

At the first indication of a hailstorm attack, automatic incremental updates are made available. Instead of downloading a full set of IP and Domain-based threat intelligence periodically, Dynamic Updates allow you to receive data as soon as it is available.

Hailstorm spam attack timeline

  • Before 0 sec: No info
  • 0 sec: Hailstorm attackstarts, traffic spikes to more than 800 emails sent every 10 seconds.
  • 16 sec: Domain used identified,published to Zero ReputationDomain list. Dynamic Updates subscribers can start blocking malicious domain.
  • 28 sec: Domain published to Spamhaus Zen and DomainBlocklist. Spam rate still running at over 800 emails every 10 seconds.
  • 90 sec: Domain generally accessible for rsync subscribers based on a standard
  • 60 second rsync period. Spam rate starts to drop off.
  • 120 sec: Spam rate drops to negligible.

In three minutes, more than 15,000 spam messages sent –85% blocked by DynamicUpdates service at start of attack. Indicative real case example– individual attack profiles will vary.


Table showing the differences between Rsync service and dynamic updates which protects from hailstorm spam.

The Dynamic Updates advantage

Table showing how dynamic updates compares to DQSIncluded is Spamhaus’ Zero Reputation Domain (ZRD) service, designed to stop cyber criminals who use newly registered domains. This is a favoured method to send hailstorm spam; driving traffic to websites in the hope that users will fall victim before a domain has been analyzed for its reputation.

Legitimate organizations will rarely activate a domain and start using it immediately after registration so the ZRD automatically adds newly-registered and previously dormant domains to a block list for 24 hours.

How dynamic updates work to protect against hailstorm spam
How dynamic updates protect against hailstorm spam attacks.


Deploy Dynamics Updates in minutes following these easy steps:

  1. Generate your own authentication certificate (including self-signed)
  2. Submit certificate to Spamhaus via our user portal
  3. Connect! You will be informed via our portal

If you are already consuming Spamhaus Rsync please contact us here to find out more about our Dynamic Updates.

Related Products

Data Query Service (DQS)

Spamhaus’ Data Query Service (DQS) is an affordable and effective solution to protect your email infrastructure and users.

Using your existing email protection solution, you will be able to block spam and other related threats including malware, ransomware, and phishing emails.

The service has never failed and utilizes the longest established DNSBLs in the industry.


  • Proactive & preventative
  • Save on email infrastructure & management costs
  • Actionable


Botnet Threat Update Q1 2020

15 April 2020


The number of botnet Command & Controllers (C&Cs) associated with fraudulent sign-ups, reduced by 57% in Q1 2020, however it isn't all good news. Find out the full details on botnet C&C activity here.

The Value of Threat Intelligence – The White Paper (2019)

29 October 2019


In this Osterman Report, over 200 companies were interviewed to find out how they were utilizing threat intelligence data. Compare yourself to the market place, and find out how others are protecting themselves.

Spamhaus & SpamAssassin provide a simple alternative to expensive email filters

25 March 2019


Spamhaus’ blocklists, used with specially configured SpamAssassin, stop over 99% of spam email. It's an effective combination that won't break the bank.