FAQs
If you would like to make multiple submissions, then please use the API, which can be found here once you’ve authenticated.
For any questions or feedback relating to the Threat Intel Community Portal, please complete this contact form.
To register for a Threat Intel Community account, you will need to use one of the following applications for authentication:
- Github
Github is a favorite in the tech community, as you can use your personal email address when registering. Signing up to Github is quick and free: https://github.com/signup.
Even if you don’t plan on using GitHub for anything else, it’s a convenient way to authenticate into the Spamhaus Community Portal.
In addition to our website terms and conditions, the following apply to those making submissions.
Do send us
Domains/FQDNs/URLs/email source data
Submissions need to be:
- Based on personal observations of your own network or resources
- Observed from open sources.
- Data that’s justified, necessary, and proportionate for the purpose (See Data Minimization)
- Made in good faith to make the internet safer in accordance with our Mission Statement (see below)
Any domain, URL, IP etc submitted is not automatically listed in Spamhaus data sets.
Submissions are run through our own heuristics to see if they meet the criteria for listing. This is necessary as we have to stand by our data and make valid remediation for any listing.
By making a submission you confirm that you have the authorization to possess and share that data.
We never reveal the sources of our data in our data sets.
Do not send us
- Data that has been obtained or exfiltrated illegally
- Data containing proprietary information you wish to keep confidential
- Information received from other people which cannot be substantiated or speculation about actors’ activities
- Information that you are not authorized to disclose
- Illegal content – Do not make any submission which might relate to child abuse or sexual exploitation of any sort. Contact law enforcement in your own country to handle the issue.
Sensitive Personal Information – If you are concerned that your submission contains Sensitive Personal Information (SPI) then don’t send it. (See Definitions below)
If we detect that submissions don’t meet Community Standards then we reserve the right to deny access to the platform.
Use of the Community Portal is for contributors acting in good faith to make the internet safer.
If Spamhaus detects malicious or abusive use of the portal in any way, we reserve the right to revoke a contributor’s access to the API and block any other submissions immediately.
Submissions that we believe have been made in bad faith to discredit individuals, organizations or disrupt lawful activities will be blocked and access to the platform will be denied.
Sending data to Spamhaus confers no right to use the Spamhaus name by the submitter as a partner of Spamhaus, authorized by Spamhaus or any other association, unless agreed prior in writing.
There is no monetary reward or equivalent for any submission
Definitions
Mission Statement
The mission of this community portal is to provide a platform for the sharing of threat information for the security and stability of the Internet, based on observation and publicly available information.
OSINT
Open-Source Intelligence (OSINT) is information sourced from ether observed or available to all members of the public, that has been collected, verified, and evaluated for a specific requirement. Such sources include information available to the general public, including by purchase, without requiring special legal status.
Sensitive Personal Information
- Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs
- Trade-union membership
- Genetic data, biometric data processed solely to identify a human being
- Health-related data
- Data concerning a person’s sex life or sexual orientation
- Criminal record information that does not have to be legally disclosed such as ‘spent’ convictions.
Data Minimization
Information should only be collected and processed if it is;
- Justified for an articulable purpose
- Necessary for achieving that purpose
- Proportional to the ability to achieve that purpose
To create an account, click ‘Log in’ at the top right of the homepage or scroll down and select ‘Create an Account’.
To register, sign in using one of the following for authentication:
- Github
Click the ‘confirm email’ button in the verification email to complete your registration.
No, you do not need to create an account to make a submission. You can submit malicious activity as a guest, but you will need to provide an email address for the submission to be successful.
To submit individual submissions without creating an account, please go to:
https://submit.spamhaus.org/submit
Please note, that if you would like to track your submission, you will be need to create an account.
There are a couple of reasons we include an email in addition to the three methods of authentication:
So you can easily change the email address associated with your (Spamhaus) account. But please note that you’ll need to verify the updated email address before making submissions.
Not all of the authentication platforms provide us with confirmation that your email address is verified. Where this is the case, we require you to verify your email address in addition to the authentication method.
Yes, you can. We have included the ability to update/change your email address via the account page. Please note that you will be required to verify a new email address.
In the event that you have not received an email confirmation, please check all email folders, including those that filter less frequent messages, to make sure the email hasn't been redirected.
We understand it's frustrating when unrelated entities purchase lookalike domains i.e. domain squatting. However, it's important to note that Spamhaus can only assign reputations to already existing domains. We cannot analyze or list domains that have not yet been created.
Spamhaus receives data from Brand Protection companies that monitor and report domain abuse. These companies submit specific URLs or domains along with supporting evidence, such as screenshots obtained through urlscan.io.
ICANN offers valuable advice on domain squatting, which you can find here: https://icannwiki.org/Typosquatting.
It is recommended to identify common typographical errors in your domain name and purchase the variations to protect yourself from typosquatting.
For further guidance on making submissions, please refer to our FAQ on how to submit data to the Threat Intel Community Portal.
There are two potential reasons for this issue:
Incorrect Domain Syntax: The domain name may contain invalid characters such as ‘space', #, or +. Please double-check the domain name for errors and try submitting it again.
Unresolvable Domain: Even if the domain format is correct, it might not be resolving to a valid IPv4 or IPv6 address.
Suggested Reading
Please find below a selection of articles and how to guides to help you use this platform and submit intelligence for the good of the internet.
Domain Reputation Update Apr 2024 - Sept 2024
10 DNS best practices to keep your Domain Reputation in check
Poor DNS hygiene can leave your organization vulnerable to threats like subDoMailing, DNS spoofing, domain hijacking and other threats. In addition to putting domain security at risk, these vulnerabilities can have long-term effects on domain reputation. Here are ten DNS best practices businesses can implement to protect their domains and entire business.
Markmonitor webinar | League Table Talk: Ranking ccTLDs on DNS Abuse
In this Markmonitor webinar, Spamhaus' Carel Bitter, joins Georgia Osborn, Senior Research Analyst at the DNS Research Federation, and Chris Niemi, Manager of Strategic Initiatives at Markmonitor, to discuss ccTLDs in the larger context of DNS Abuse.