Man monitoring servers

Domain-based protection updated every 60 seconds

According to the latest Verizon Data Breach Investigation Report, which analysed 100,000 incidents, almost 10% of phishing attacks resulted in a data security breach.1

On average, the first phishing email link was clicked within 3 minutes and 45 seconds. Almost a third of phishing emails were opened and, of that proportion, 12% of people took the bait by opening attachments and clicking on links. Using this technique, 80% of cybercriminals compromise systems within minutes and start exfiltrating data within days.2

To help mitigate the risks created by users visiting bad domains and clicking on links in phishing emails, Spamhaus developed its Domain Block List (DBL) to provide near real-time protection for your network assets.

Criminals register thousands of domains and only use them for short periods, to try to evade detection. The Spamhaus security researchers use automated systems to constantly monitor newly-registered domains and identify links to cybercriminal activity, allowing us to rapidly list suspect domains.3

Spamhaus Technology DBL is provided as a Response Policy Zone that can be added to your BIND server to selectively block DNS resolution to malicious domains, before users can click on links and do any harm to your network.4

Parts of the DBL are managed as zero false positive listings and use senders’ domains, contained within SMTP headers, to safely reject harmful emails at SMTP connection time.

The whole Spamhaus DBL protects mailservers and networks by performing message body URI checks to enable administrators to block email containing links to listed domains. As an administrator, you can use the DBL return code to simply block emails, or use it as part of a spam scoring system, according to your organisation’s policies, risk profile and tolerance for false positives.

Spamhaus Technology DBL contains tens of thousands of bad domains and is updated every sixty seconds. Domains are removed from the list once they cease to pose a risk. Therefore, the DBL is maintained as a relatively small list, with only changes to the list being shared. This facilitates frequent updates: offering near real-time protection against the latest domain-based threats to your network.

A much larger version of the DBL dataset, which retains domains for a longer period, is also available from Spamhaus Technology.

1 Spamhaus Domain Blocklist http://www.spamhaus.org/dbl

2 Source: Verizon Data Breach Investigation Report 2016 http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

3 Source: Financial Times “10% of phishing scams lead to data breach,” 26th April 2016 http://www.ft.com/cms/s/0/9ef7aebc-0b1a-11e6-9456-444ab5211a2f.html

4 eDBL DNS Response Policy Zones https://dnsrpz.info/

Click for your free 30 day trial

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch


Latest News

Join us at SANS, Las Vegas

Spamhaus Technology and partner SecurityZones will be showing how to beat botnets at SANS, Las Vegas Sept 12/13th.

Read more

New industry report reveals top threats to healthcare

Criminals focused on getting a financial return have identified a particularly attractive target - the healthcare industry.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.