Service Description:

  • The BCL is designed to be installed on the router’s DENY table. After that all communication from and to C&C servers are blocked.
  • When used in combination with intrusion prevention servers (IPS) and intrusion detection servers (IDS), BCL identifies IP addresses of infected devices that are trying to contact botnet C&Cs and block traffic to and from these devices.
  • When installed on a DNS server, Spamhaus BCL acts as a response policy zone (RPZ), also known as a DNS firewall, and supports special handling of hosts that resolve to IP addresses listed in BCL.


  • Prevent infected computers within your network from receiving instructions and malware updates.
  • Prevent sensitive data from being sent from botnet nodes to C&C servers.
  • Disrupt communication with the C&C servers and neutralize botnet nodes within your network.

Deployment options:

  • Spamhaus Technology Border Gateway Protocol feed (BGPf) contains BCL as well as the Do Not Route or Peer (DROP) and extended DROP (eDROP) lists.
  • Spamhaus Technology provides BCL as an RPZ/DNS firewall for download to DNS servers.
  • The BCL ruleset can be installed on your IDS/IPS. Spamhaus Technology supplies the ruleset for Snort, Suricata and other IDS/IPS using Snort format.

Spamhaus BCL feeds are of the highest quality in the market and all are available for trial. We can assist with technical setup and implementation questions.
Feel free to contact us to learn more about the BCL service.