The Spamhaus Project is one of the well-known names when it comes to blacklist, spam tracking, spam blocking services, malware, and botnet detection. It is a non-government service that provides a domain blacklist to a large number of email services and provides assistance to the corporates in the online and security domain. Spamhaus is responsible for servicing millions of users every day with billions of spams per day.
They provide a real-time domain reputation blacklist that is responsible for protecting over 3 billion users over the internet.
To meet the demand for its DNSBLs over millions of users on the internet, Spamhaus has one of the largest DNS infrastructures in the world. They have a network of over 80 public DNSBL servers spread across 18 countries, that serves billions of DNSBL queries to the public every day.
The usage of Spamhaus service is free for public usage and is restricted to low email volumes.
Spamhaus provides various blacklists such as SBL, XBL, PBL, DBL let’s see these in detail.
SBL (Spamhaus Block List): The SBL is a realtime list that can be used by mail systems all over the Internet. These services allow mail server administrators to identify, tag, or block incoming connections from IP. The addresses that are listed in this list are ones that Spamhaus considers to be involved in the sending, hosting, or generating of Unsolicited Bulk Email, i.e. "Spam".
The SBL is a database maintained by a dedicated team of Spamhaus specialists located in 10 countries.
XBL (Exploits Block List): The XBL is a realtime database of IP addresses of hijacked PCs that are infected by illegal exploits. This includes open proxies, worms and viruses, and other types of trojan-horse exploits.
PBL (Policy Block List): The Spamhaus PBL is a DNSBL database of the recipient's IP address ranges that should not be sending unauthenticated SMTP email to any mail server, except those that are provided for specifically by an ISP for the particular customer's use.
The PBL helps companies enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.
DBL (Domain Block List): DBL is a list of domains with poor domain reputations. These domain reputations are calculated from multiple factors and maintained in a database which in turn feeds the DBL zone itself.
ZEN (zen.spamhaus.org): ZEN is basically a combination of all Spamhaus IP-based DNSBLs into one single comprehensive blocklist that makes querying faster and simpler. It contains the SBL, SBLCSS, XBL and PBL blocklists.
Note:- It is recommended by Spamhaus to use ZEN as a singular domain monitoring service. Since using it in conjunction with other Spamhaus lists will cause unnecessary DNS queries.
The Spamhaus SBL uses the listed instances to populate their blacklists.
Unsolicited bulk email sources identified by Spamhaus.
Snowshoe spam ranges
Emails senders that show Snowshoe spam methods, and domains with poor or frequently changing identification.
Snowshoe spamming is a method in which spammers try to reduce the penalty of spam filters by distributing their emails through multiple server IPs and domains.
IPs that host spam websites, or spammer resources like malware and more.
The IP address that is seen as a security risk to SBL users, that includes the listed threats and more.
PBL IP address is added and maintained by the networks participating in the PBL. They work in together with the Spamhaus PBL team, to help apply their outbound email policies.
The PBL contains a list of both dynamic and static IPs. It includes IP which by the policy should not be sending an email directly to the MX servers of third parties.
XBL is a list of spam sources that are due to compromised systems. It is mostly composed of CBL data (www.abuseat.org). It also contains a list of compromised systems from other resources.
The DBL's database is maintained by a team of data specialists that use various data from multiple sources. They use this data to tweak their automated processes policies to populate emails.
Most DBL listings occur automatically, although some of them are done by Spamhaus researchers who will add or remove listings manually.
DBL data exchanged with other Spamhaus systems like firewall or security applications can result in further listings in the DBL, or in IP addresses being listed in different Spamhaus zones.
Every SBL listed record has the following information beside it.
This might be due to being a source of spam emails, hosting of spam services, or hosting malware services.
Every SBL record has a record of the spam activity done by it. It might be in the form of a sample form message or a link to the advertised site.
It also contains the DNS tracing of the server records that are fetched from Whois service.
Since the evidence for the spam is provided by third-party services too, special handling is done for showing proof of the spam. For example, the spam evidence will not be revealed if it is a Spam trap that got it listed.
This is done to prevent the effectiveness of the Spam Traps.
Spamhaus sends an automatic notification to the owner of the network service that got listed. Spamhaus maintains it's own set of the contact list.
The emails are sent through their own regional Internet registry (RIR).
There can be exceptions, though. And Spamhaus deals with that by making an additional request to the network for contact details.
If the receiving end wishes not to receive notification from Spamhaus or the emails sent by the Spamhaus network are ignored by the receiver, then Spamhaus may decide not to send the emails to that user.
The manual identification for the listing in SBL can be done at https://www.spamhaus.org/sbl/policy/ manually.
You should get a message “Your-domain is not in the SBL” if you are not listed.
SBL listings are removed, only if the network's Abuse desk or administrator emails the SBL Team, and explain actions taken to fix the issue that caused the listing.
If it has to be from an authoritative resource.
Spamhaus expects the issue that caused the delisting to be resolved and may decline the removal request if sufficient measures were not taken to prevent further abuse.
The SBL Team normally processes the removal request in 24 hours.
SBL Delisting Procedure:
Request the removal of an SBL listing that must be made by the ISP whos IP is listed. The ESP must contact the SBL Team, by email, using the dynamic 'mailto' link visible on the SBL record page.
You must resolve all the issues that were the leading cause of the blacklisting of the domain. In the case of request of delisting is made without addressing the issue, Spamhaus will reject it.
Even if the underlying issue is resolved, if you don't comply with the Smaphaus policy, then your delisting request will be rejected.
I hope this article has helped you understand the Spamhaus blacklists and method to delist your domain from the blacklist. In case you have any queries related to your domain blacklisting, then please feel free to comment below or reach out to the Pepipost Deliverability Expert Team at dx(at)pepipost(dot)com.