The Spamhaus data query service (DQS) is a set of DNSBLs with real time updates operated by by Spamhaus Technology.
| Area | Test name | Description | Default scores |
|---|---|---|---|
| header | RCVD_IN_AUTHBL |
Received via a relay in Spamhaus AuthBL | 4 |
| header | RCVD_IN_ZEN_LASTEXTERNAL |
The last untrusted relay is listed in Spamhaus ZEN | 7 |
| header | RCVD_IN_XBL |
The last untrusted relay is listed in Spamhaus XBL | 3 |
| header | RCVD_IN_PBL |
The last untrusted relay is listed in Spamhaus RBL | 5 |
| header | RCVD_IN_SBL |
The last untrusted relay is listed in Spamhaus SBL | 7 |
| header | RCVD_IN_SBL_CSS |
The last untrusted relay is listed in Spamhaus SBL_CSS | 7 |
| header | RCVD_IN_SBL_DROP |
The last untrusted relay is listed in Spamhaus SBL_DROP | 7 |
| header | URIBL_SBL |
Contains an URL's NS IP listed in the Spamhaus SBL | 4 |
| header | URIBL_SBL_A |
Contains an URL's NS IP listed in the Spamhaus SBL blocklist | 0.1 |
| header | URIBL_DBL_SPAM |
Contains a spam URL listed in the Spamhaus DBL blocklist | 9 |
| header | URIBL_DBL_PHISH |
Contains a Phishing URL listed in the Spamhaus DBL blocklist | 9 |
| header | URIBL_DBL_MALWARE |
Contains a malware URL listed in the Spamhaus DBL blocklist | 9 |
| header | URIBL_DBL_BOTNETCC |
Contains a botned C&C URL listed in the Spamhaus DBL blocklist | 9 |
| header | URIBL_DBL_ABUSE_SPAM |
Contains an abused spamvertized URL listed in the Spamhaus DBL blocklist | 7 |
| header | URIBL_DBL_ABUSE_REDIRL |
Contains an abused redirector URL listed in the Spamhaus DBL blocklist | 0.5 |
| header | URIBL_DBL_ABUSE_PHISH |
Contains an abused phishing URL listed in the Spamhaus DBL blocklist | 7 |
| header | URIBL_DBL_ABUSE_MALW |
Contains an abused malware URL listed in the Spamhaus DBL blocklist | 7 |
| header | URIBL_DBL_ABUSE_BOTCC |
Contains an abused botnet C&C URL listed in the Spamhaus DBL blocklist | 7 |
| header | URIBL_CSS |
Contains an URL's NS IP listed in the Spamhaus CSS | 0.001 |
| header | URIBL_CSS_A |
Contains URL's A record listed in the Spamhaus CSS blocklist | 0.1 |
| header | URIBL_SBL_A |
Contains URL's A record listed in the Spamhaus SBL blocklist | 0.1 |
| header | URIBL_DBL_ERROR |
Error: queried the Spamhaus DBL blocklist for an IP | 0.1 |
| header | URIBL_ZRD |
Contains an URL's NS IP listed in the Spamhaus ZRD | 5 |
| header | SH_BODYURI_REVERSE_SBL |
The corrisponding A record of an URI contained in the body is listed in SBL | 7 |
| header | SH_BODYURI_REVERSE_CSS |
The corrisponding A record of an URI contained in the body is listed in CSS | 5 |
| header | SH_BODYURI_REVERSE_DROP |
The corrisponding A record of an URI contained in the body is listed in DROP | 7 |
| header | SH_BODYURI_REVERSE_XBL |
The corrisponding A record of an URI contained in the body is listed in XBL | 4 |
| header | SH_DBL_BODY |
The domain of an email address found in body is listed in DBL | 7 |
| header | SH_ZRD_BODY |
The domain of an email address found in body is listed in ZRD | 5 |
| header | SH_DBL_HEADERS |
A domain found in headers (mail from, reply-to etc..) is listed in DBL | 7 |
| header | SH_DBL_HEADERS_ABUSED |
A domain found in headers (mail from, reply-to etc..) is listed in DBL as an abused domain | 5 |
| header | SH_ZRD_HEADERS_VERY_FRESH |
A domain found in headers (mail from, reply-to etc..) is listed in ZRD and the domain age is between 0 and 4 hours | 72 |
| header | SH_ZRD_HEADERS_FRESH |
A domain found in headers (mail from, reply-to etc..) is listed in ZRD and the domain age is between 5 and 24 hours | 5 |
| header | SH_REVERSE_ZRD_VERY_FRESH |
The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 0 and 4 hours | 7 |
| header | SH_REVERSE_ZRD_FRESH |
The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 5 and 24 hours | 5 |
| header | SH_REVERSE_DBL |
The RDNS of last untrusted relay's IP is listed in DBL | 7 |
| header | SH_REVERSE_DBL_ABUSED |
The RDNS of last untrusted relay's IP is listed in DBL as an abused domain | 5 |
| header | SH_HELO_ZRD_VERY_FRESH |
The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 0 and 4 hours | 7 |
| header | SH_HELO_ZRD_FRESH |
The RDNS of last untrusted relay's IP is listed in ZRD and the domain age is between 5 and 24 hours | 5 |
| header | SH_HELO_DBL |
The domain used in the HELO string is listed in DBL | 7 |
| header | SH_HELO_DBL_ABUSED |
The domain used in the HELO string is listed in DBL as an abused domain | 5 |