Types of blocked domains

The DBL is a list that contains many types of domains used in spam and abuse, ranging from malware to phishing to legitimate domains that have been hacked by spammers.

Spammer-owned domains are classified as follows:

  • Spam domains. Domains used to send spam, host websites for the purpose of spam or support spam operations.

  • Phish domains. Domains used to send phishing email, host websites for the purpose of phishing or support phishing operations.

  • Malware domains. Domains used to send malware, host malware websites or support malware distribution operations.

  • Botnet Command and Control (C&C) domains. Domains used to control networks of computers that are infected and send malicious spam.

Legitimate domains that have been hacked or participate in spam activities are classified as follows:

  • Legitimate spam domains. Hacked legitimate domains used to send spam, host websites for the purpose of spam or support spam operations.

  • Legitimate redirector domains. Hacked legitimate domains that redirect to a spam website.

  • Legitimate phishing domains. Hacked legitimate domains used to send phishing email, host websites for the purpose of phishing or support phishing operations.

  • Legitimate malware domains. Hacked domains used to send malware, host malware websites or support malware distribution operations.

  • Legitimate botnet C&C domains. Hacked domains used to control networks of computers that are infected and send malicious spam.

Spamhaus updates the DBL within minutes. In order to cope with the latest spam campaigns the Datafeed Service provides access to these updates in almost real-time.

Use Cases

Spamhaus data feed customers usually load the DBL data onto an internal DNS server that is configured to act as a Datafeed for all their networks. However, based on preferences customers can configure their mailservers to query the internal Datafeed as well.

The DBL is designed to be used in a number of scenarios:

  • Include the DBL in your mailserver configuration to reject inbound email from

  • IPs with rDNS that include a domain listed in the DBL

  • From or Reply-to headers set to a domain listed in the DBL

  • URL in the message body that are listed in the DBL.

  • Include the DBL in your spam filters to score and tag inbound emails’ headers or message bodies that contain a domain listed in the DBL.

  • Use the DBL to filter email sent by SMTP AUTH outbound mailservers and block or hold email that contains URLs that are listed in the DBL-.

For more information APPLY NOW