How Spamhaus addresses DNS Abuse

In this latest segment of our video blog series, we have a discussion with Carel Bitter, the Head of Data at Spamhaus.

Spamhaus is one of the abuse sources that we have curated into our iQ Abuse Manager, and it’s among several other feeds that are available to all of our customers and trial users.

Pinky Brand, our SVP of Business Development and Marketing, recently conducted a wide-ranging conversation with Carel, who is part of the very fabric of The Spamhaus Project, having been with the organization for over a decade.

UPDATE April 30, 2021: Podcast version added

Topics include:

  • How is the Spamhaus Domain Block List (DBL) used?
  • How is the list compiled? How do you calculate it?
  • Comments on real data vs. fake data use trends.
  • Comments on measuring the effect of price vs. measuring # of abuse reports in new gTLDs vs. ccTLDs and legacy TLDs.
  • How can a TLD or registrar get off the "bad list"?
  • How can a registry, registrar, or registrant remove a specific name or bulk list of names from the DBL?
  • What about domains in the DBL where no evidence of spam is actually detected?
  • Any systematic way to provide a real-time feedback loop on takedowns/serverHolds?
  • Why do some TLD or registrars suddenly appear and then disappear from the bad lists?
  • What about providing evidence? Is it possible to get email headers or other evidence with your reports?
  • What are some new attack vectors you are observing these days? What's a "phishing rod" threat vs. a "phishing" threat?

We hope you find the interview helpful to your operation. We all must continue to cooperate and share knowledge in the effort to fight DNS abuse.

And hey, we'd be grateful for feedback or topic ideas, so don't hesitate to give us a shout at