IP Data - Zen

"Zen" IP Blocklist


Spamhaus "Zen" IP Blocklist 

The World's #1-Rated Anti-Spam Blocklist

Spamhaus Zen is a combination of all Spamhaus IP-based blocklists (DNSBLs), each of which provides protection against different types of spam and abuse. Zen is therefore capable of providing broad protection against most types of spam. It is the single mostly widely used anti-spam blocklist in the world.


Features

Spamhaus Zen contains four Spamhaus blocklists. These lists are:

·       The Spamhaus Block List (SBL). Contains IP addresses that send spam, host spam-advertised websites, provide DNS service to spammer-owned domains, or provide other services to spam enterprises.  Many are owned or controlled by known spammers. The SBL is manually created and manually maintained.  It provides protection against a larger variety of types of spam than any of the other Spamhaus blocklists.

·       The Consolidated Snowshoe Block List (CSS). Contains static IP addresses that send direct spam, mostly snowshoe spam. Spamhaus uses the term to refer to spam methods that rely on avoiding detection, especially automated detection. The CSS is automatically generated from observation of spam sent to large collections of spamtraps. It is designed to react quickly to spam that exhibits known patterns of behavior, without requiring manual intervention.

·       The eXploits Block List (XBL). Contains IP addresses of computers that are infected by spam-sending malware and have been observed sending spam or engaging in other malware-generated spam activity. Most spam by volume is of this type. The XBL reacts quickly to block this spam before it can overwhelm your network and your servers.

·       The Policy Block List (PBL). Contains IP addresses that should not send unauthenticated SMTP email directly to other mailservers. Most IP addresses in the PBL are consumer-grade dynamically assigned IP addresses, such as those owned by large ISPs and assigned to home users. Users on such Internet connections are expected to use their ISP's mailservers, or to use SMTP AUTH. Email that is sent directly from this type of IP address is almost always spam.

Each of these lists provides protection against different types of spam. Two of these lists (the PBL and XBL) focus primarily on stopping the massive volumes of phish, bogus pharmaceuticals, counterfeit luxury goods, 419 advance fee fraud, and other types of criminal spam that we all see in our inboxes from time to time. One (the CSS) focuses on stopping the less criminal but equally annoying spam from affiliate marketers who send their email from large numbers of static IP addresses, usually on cheap virtual web hosting servers, and throwaway domains in hopes of defeating spam filters. The final list (the SBL) covers a wide variety of spam that does not fit into one of the other categories.

Spamhaus updates its lists frequently, often within minutes of detecting spam. The Spamhaus Datafeed Service provides access to these updates in near-real-time, allowing you to stop most spam before it can reach your users.


Use Cases

Zen data feed customers usually load the Zen data onto an internal DNS server that is configured to act as a DNSBL for your network. They then configure their mailservers to query this internal DNSBL.

Spamhaus Zen is designed to be used in a number of scenarios:

·       Include Zen in your mailserver configuration to reject inbound email from listed IP addresses.

·       Include Zen in your spam filters to score and tag inbound email that contains listed IP addresses in Received headers other than the first Received header (the Received header that contains the IP address that sent the email to your server), or that contains URLs with hosts that resolve to listed IP addresses.

NOTE: You should check only the SBL, not all Zen blocklists, when filtering email for listed URI host IP addresses, or when filtering email for listed IP addresses in Received headers other than the first Received header.

·       Use Zen to filter email sent by your smarthosts or SMTP AUTH outbound mailservers, and block or hold email that contains URLs with hosts that resolve to listed IP addresses.