Man monitoring servers

Threat intelligence updated every 60 seconds

Spamhaus Technology Response Policy Zones (RPZ) use domain and IP reputation data from Spamhaus’ real-time threat intelligence.

Spamhaus RPZ feeds are regular zone files that use live threat intelligence data and behavioral analytics to block the IP addresses of malicious name servers in real-time. If the RPZ suppoerted DNS resolver or appliance finds an IP address listed within our RPZ feeds, the user's browser will not be able to connect to the listed site and returns an NX Domain, or can be pointed at an internal site, honey pot or sandbox.

If you are managing your own DNS infrastructure you can use RPZ feeds to determine exactly which RPZs need to be implemented to protect your networks.

New trial subscribers to the Spamhaus Technology RPZ feed service have access to 13 zone feeds by default that are included in four categories: Standard, Malware, Abused and Diverse.

  • The domain-based dbl.spamhaus.org, which lists domains used by malware dropper sites; redirectors; botnet C&Cs; sites sending spam and phishing emails; and domains associated with fake goods; fraud; identity theft; viruses; Trojans; ransomware and malware.
  • The IP-based drop.rpz.smamhaus.org, based on Spamhaus’ Do Not Route Or Peer (DROP) list, which is an advisory, “drop all traffic” list, consisting of blocks of IP addresses that are known to be controlled by hijackers, spammers and cybercriminals.

These default zones can be complemented with additional Spamhaus zones, including botnet C&C; malware; and zero reputation domain (ZRD) zones.

RPZ supported DNS server and appliance administrators can also create their own whitelists, to use in combination with Spamhaus zones. For example, you can add your organization’s own domains to your on premises DNS infrastructure server, to prevent your own users being blocked.

Managing Zone Transfers on premises allows for a high degree of flexibility and customization and can also be used to reinforce security awareness training for your users.

For example, rather than simply returning an NX Domain, you can also use RPZs to redirect employees to an internal webpage that warns them of the dangers of visiting particular websites or clicking on links in phishing emails. This adds an additional layer to your security defenses by combining technological controls with user training.

Threat intelligence updated every 60 seconds

Spamhaus RPZs are updated up to every sixty seconds and only changes to the lists are broadcast, so that updates can be propagated to all domain name servers worldwide in a matter of seconds. This provides your organization with the most current threat intelligence to protect your networks from being compromised by people clicking on phishing links, or browsing untrustworthy sites. As soon as the new RPZs are propagated, your network users are unable to connect to listed domains and IP addresses mitigating the threat from new malicious domains.

Click for further information on Spamhaus Technology RPZ Managed Service

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch


Latest News

PIPELINE Security partnership delivers advanced threat intelligence to Asia Pacific.

New partnership between Tokyo-based PIPELINE Security and Spamhaus Technology will bring faster, easier access to global cyber threat intelligence.

Read more

Virus Bulletin reviews the latest Spamhaus Botnet Threat Report

Independent researchers review the latest annual Spamhaus Botnet Threat Report.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.