Increase your data coverage and insight with a 6-month Developer Licence for the Intelligence API, giving you access to context-rich metadata on IP and domain reputation. This expansive signal supports security teams with risk detection, incident response, and proactive threat research.
Adapt the data to suit your needs and assess its value with no commitment or expectation – experiment freely in your test environments and start solving real problems!
Quickly understand the “what” and "why" behind threats, to pinpoint areas of interest and rapidly respond.
Query only what’s relevant to your use case, without the need to download large files.
Easily access and integrate the REST API (using JSON format) across multiple applications.
Access to the Developer License is provided by Spamhaus Intelligence API (SIA). It provides a wide range of metadata signals, that contribute to the reputation of IPs and domains.
Derived from continuous, 24/7 analysis of billions of data points, this comprehensive data is available from a single source, and supports a variety of applications.
Integrate the API into your existing infrastructure and experiment with the data to tackle your security challenges.
Why are there two different names for the data?
Our datasets have been supporting users for a very long time. With new users requesting our support, the dataset names are being updated for clearer understanding. We’re documenting two names, for now, to best support all users.
Gain a clearer understanding of the context and any associated risk associated with individual IPs, and domains with Spamhaus’ context-rich metadata — enrich existing data sources or query the data directly.
Seamlessly pivot through context-rich metadata including active botnet C2 IPs, to exploited and exploiting IPs, malicious and suspicious email traffic, and all domains observed by Spamhaus.
Access metadata including senders data, nameserver reputation, A Record reputation, correlated related domains, listed Hostnames, and malware.
Dataset contains approximately 800 – 1,500 entries, with live updates every minute and up to 50 new detections every 24 hours.
Easily enrich your threat intelligence with reputational data on various internet identifiers, including active botnet C2s.
Suitable for organizations with mature security operations, the API (with download capability) integrates with SIEMs, SOCs, and other security or reporting applications.
Define and configure data ingestion to meet your specific requirements, and enhance your threat detection and response.
Access context-rich metadata from active botnet C2 IPs, to exploited and exploiting IPs, malicious and suspicious email traffic, and all domains observed by Spamhaus.
Quickly identify reputation issues and detect signs of malicious activity by monitoring IP and domain reputation with rich contextual data for validation and diagnosis.
The real-time signal provides early warning of potential problems, helping teams stay compliant, resolve issues before they impact deliverability and protect the overall integrity of your email infrastructure.
Build a comprehensive picture of potential customers with real-time and historical context on their IPs and domains.
Monitor access to mailboxes and control panels to detect threats early, allowing for proactive mitigation.
Review key elements of campaigns - such as sender reputation and domain history - before sending to ensure better deliverability.
To get started, simply sign up for an account and create an API user profile. This will give you 6-months free access for up to 5,000 queries per month.
What happens next?
After your API user profile is set up, you can generate a token through the authentication API.
Need help?
If you have any questions, please add them to the comments box on the form.
Get immediate access for 6 months to the Spamhaus API – Explore. Build. Test. Solve. No credit card details required.
The data comes from intelligence gathered through a global network of probes, honeypots, and spam traps, as well as trusted data shared by hosting providers, ISPs, internet governing bodies, and other industry partners.
Using a combination of machine learning, heuristics, and manual investigations, Spamhaus’ dedicated team of researchers analyze this data, to identify malicious behavior to deliver high-confidence signal through the API.
This data is deduped and false positives are removed before assembling production data.
Data Access
High-impact data, dedicated to malware indicators, from a globally diverse, knowledge-rich community. Access enterprise-grade intelligence, with reliability and scale, to enrich, hunt and track with clarity and confidence.
Data Access
A simple API supporting a variety of query types to discover historical, and up-to-the-moment, DNS infrastructure connections from Spamhaus’ Passive DNS database with up to one year of historical data.
Data Access
Incremental synchronization of binary and contextual datasets to local servers, including access to our entire binary DNS blocklist data. Efficiently transfer data by only copying changes between the source and destination.