SH

The Spamhaus data query service (DQS) is a set of DNSBLs with real time updates operated by by Spamhaus Technology.

  1. Get an API key
  2. Usage Terms
  3. Project Information

Tests

Area Test name Description Default scores
header RCVD_IN_AUTHBL Received via a relay in Spamhaus AuthBL 4
header RCVD_IN_ZEN_LASTEXTERNAL The last untrusted relay is listed in Spamhaus ZEN 7
header RCVD_IN_XBL The last untrusted relay is listed in Spamhaus XBL 3
header RCVD_IN_PBL The last untrusted relay is listed in Spamhaus RBL 5
header RCVD_IN_SBL The last untrusted relay is listed in Spamhaus SBL 7
header RCVD_IN_SBL_CSS The last untrusted relay is listed in Spamhaus SBL_CSS 7
header RCVD_IN_SBL_DROP The last untrusted relay is listed in Spamhaus SBL_DROP 7
header URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL 4
header URIBL_SBL_A Contains an URL's NS IP listed in the Spamhaus SBL blocklist 0.1
header URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL blocklist 9
header URIBL_DBL_PHISH Contains a Phishing URL listed in the Spamhaus DBL blocklist 9
header URIBL_DBL_MALWARE Contains a malware URL listed in the Spamhaus DBL blocklist 9
header URIBL_DBL_BOTNETCC Contains a botned C&C URL listed in the Spamhaus DBL blocklist 9
header URIBL_DBL_ABUSE_SPAM Contains an abused spamvertized URL listed in the Spamhaus DBL blocklist 7
header URIBL_DBL_ABUSE_REDIRL Contains an abused redirector URL listed in the Spamhaus DBL blocklist 0.5
header URIBL_DBL_ABUSE_PHISH Contains an abused phishing URL listed in the Spamhaus DBL blocklist 7
header URIBL_DBL_ABUSE_MALW Contains an abused malware URL listed in the Spamhaus DBL blocklist 7
header URIBL_DBL_ABUSE_BOTCC Contains an abused botnet C&C URL listed in the Spamhaus DBL blocklist 7
header URIBL_CSS Contains an URL's NS IP listed in the Spamhaus CSS 0.001
header URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS blocklist 0.1
header URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL blocklist 0.1
header URIBL_DBL_ERROR Error: queried the Spamhaus DBL blocklist for an IP 0.1
header URIBL_ZRD Contains an URL's NS IP listed in the Spamhaus ZRD 5
header SH_BODYURI_REVERSE_SBL The corrisponding A record of an URI contained in the body is listed in SBL 7
header SH_BODYURI_REVERSE_CSS The corrisponding A record of an URI contained in the body is listed in CSS 5
header SH_BODYURI_REVERSE_DROP The corrisponding A record of an URI contained in the body is listed in DROP 7
header SH_BODYURI_REVERSE_XBL The corrisponding A record of an URI contained in the body is listed in XBL 4
header SH_DBL_BODY The domain of an email address found in body is listed in DBL 7
header SH_ZRD_BODY The domain of an email address found in body is listed in ZRD 5
header SH_DBL_HEADERS A domain found in headers (mail from, reply-to etc..) is listed in DBL 7
header SH_DBL_HEADERS_ABUSED A domain found in headers (mail from, reply-to etc..) is listed in DBL as an abused domain 5
header SH_ZRD_HEADERS_VERY_FRESH A domain found in headers (mail from, reply-to etc..) is listed in ZRD and the domain age is between 0 and 4 hours 72
header SH_ZRD_HEADERS_FRESH A domain found in headers (mail from, reply-to etc..) is listed in ZRD and the domain age is between 5 and 24 hours 5
header SH_REVERSE_ZRD_VERY_FRESH The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 0 and 4 hours 7
header SH_REVERSE_ZRD_FRESH The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 5 and 24 hours 5
header SH_REVERSE_DBL The RDNS of last untrusted relay's IP is listed in DBL 7
header SH_REVERSE_DBL_ABUSED The RDNS of last untrusted relay's IP is listed in DBL as an abused domain 5
header SH_HELO_ZRD_VERY_FRESH The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 0 and 4 hours 7
header SH_HELO_ZRD_FRESH The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 5 and 24 hours 5
header SH_HELO_DBL The domain used in the HELO string is listed in DBL 7
header SH_HELO_DBL_ABUSED The domain used in the HELO string is listed in DBL as an abused domain 5