Whether you are a security professional wanting to uncover patterns of malicious activity from networks across the world, or a brand protection specialist wanting to expose the deceptive use of specific domains, utilising Passive DNS data should be part of your toolset.

Digital globe with connections merged with screen with code and text "Passive DNS - Exclusive beta testing opportunity"

Passive DNS – exclusive beta testing opportunity

Passive DNS provides a wealth of valuable information to digital security professionals, enabling the user to review relationships that have both historically and currently exist between online properties e.g. domain names and internet protocol (IP) addresses, across the globe.  Discover more about Passive DNS here.

We are delighted to offer this the opportunity* to become one of the first  to use and provide feedback on our improved and simplified Passive DNS tool. 

Who can apply?

What do we offer?

  • Access to the web portal and API
  • Start-up documentation and a helping hand
  • Advice regarding how to use the tool for incident investigation and brand spoofing investigation

What do we require from you?

  • Must be available to engage in active testing during August and/or September 2018.
  • Provide feedback via a phone call.

Click here to apply

Please note that numbers are limited so please apply as soon as possible.

Good-luck and thank you!


*Sadly we can only accept those who meet the outlined requirements onto the beta testing program.

Brian Krebs investigates the Bitcanal “Hijack Factory” story which hit the news this week. Through continually hijacking Border Gateway Protocol (BGP) routes, Bitcanal leased swathes of IP addresses to spammers. Since 2014 Bitcanal has appeared in 103 SBL listings researched by Spamhaus. Read Brian’s article here .

This week sees Spamhaus featurning in the news in Doug Madory’s article focusing on Bitcanal; Shutting Down the BGP Hijack Factory.

The piece focuses on Bitcanal, who has been listed on various block lists of Spamhaus’s for over 3 years.  Doug Madory, Director of Internet Analysis at Oracle Dyn, shines the spotlight on Bitcanal, and focuses on the lessons Internet Exchange Points (IXPs) need to learn from this episode.

Spamhaus has published 103 SBL listings related to Bitcanal, going as far back as December 2014.  There have been inclusions on both their IPv6 Drop list, and ASN Droplist.






Enterprise business and technology service providers in the Japanese and Asia Pacific region now have global cyber threat intelligence on their doorstep. Thanks to a new partnership between Tokyo-based PIPELINE Security and Deteque, DNS threat protection, including DNS firewall data feeds, has never been easier to access.

logo of Pipeline Security

pipeline security delivers DNS protection to APAC

PIPELINE Security brings local delivery and support to the Japanese market. Their understanding of cyber security, combined with local knowledge is illustrated in their drive for precision and excellence.

Deteque provides network security intelligence, including DNS firewall data feeds, leveraging expertly researched threat intelligence from The Spamhaus Project.  The Project is a trusted third party currently protecting three billion user mailboxes and blocking the vast majority of spam and malware sent on the Internet.

Spamhaus and PIPELINE are positioned to help Internet Service Providers (ISPs), Email Service Providers (ESPs) and enterprises defend themselves from spam, malware, botnets and other online threats.

Simon Forster, CEO of Spamhaus Technology commented: “The move is designed to strengthen the Asia Pacific region against cyber attacks and broaden Deteque’s presence in Asian markets. With Pipeline Security we have an excellent partner to bring to new customers the threat intelligence that has been protecting our users for the past 20 years.”

Allan Watanabe, Managing Director of PIPELINE Security commented: “Cyber attacks are rapidly evolving and businesses are struggling to stay ahead of the cyber criminals. It is critical for businesses to utilize a threat intelligence strategy to transition from a reactive security to proactive security model. We are looking forward to providing Deteque’s real time threat intelligence to help secure our customers in Asia Pacific and Japan.












Internet Service Providers (ISPs) and their customers may be missing out on access to Spamhaus’s commercial grade block list feeds for email….and not realise. Here’s how ISPs can ensure their email stays protected with Spamhaus’s domain name server block lists (DNSBLs).

If you are using Google’s Public DNS, or similar public recursive server, and Spamahus’s free domain name server block lists (DNSBLs) your emails may not be protected.  Discover how to ensure you keep free access to Spamhaus’s email threat intelligence whilst using public DNS.

Taking intelligence from Spamhaus’s “The Most Abused Top Level Domains List”, Brian Krebs shines the spotlight on the riskiest top-level domains (TLDs).  Here he investigates the more recently released TLDs, noting their popularity among spammers and scammers.

The 10 Most Abused Top Level Domains

Protection against fraud and phishing is now boosted with Zero Reputation Domains (ZRD) threat intelligence from Deteque, a division of Spamhaus.

We have added a ZRD zone to Deteque’s DNS Firewall Threat Feeds, which can be used as a check in an organization’s DNS management to block malicious and low reputation domains. With the new ZRD data feed, network security managers can block access to newly-registered domains which are often associated with fraud or phishing attempts.

Cyber criminals immediately use newly registered domains for websites, hoping that users will fall victim before a domain has been analyzed for its reputation, as opposed to legitimate organizations who will rarely activate a domain and start using it as soon as it has been registered.

The ZRD zone automatically adds newly-registered and previously dormant domains to a blocklist for 24 hours. Once the domain is older than 24 hours it will be removed from this zone, or if the domain is deemed malicious by other tests it will be added into another zone.

DNS Firewall Threat Feeds from Deteque are currently used by ISPs, corporations and public institutions world-wide. Find out more and start your 30 day free trial today

Existing RPZ subscribers can reach out to their Spamhaus partner to enquire about adding ZRD to their subscription.

The threat from cyber criminals is relentless, so any protection strategy needs to ensure that a security team’s workload is manageable and focused. With the right threat intelligence strategy in place, there are ways to gain extra time and target the most serious threats.

Through national news, businesses of all sizes are repeatedly urged to protect themselves against cyber crime. Recent UK Government statistics (The Cyber Security Breaches Survey 2017) found that nearly half of all UK businesses suffered a cyber breach or attack in the past twelve months.

Is threat intelligence still required, now we have machine learning?

With malware increasingly sophisticated and harder to detect, I’m often asked about the viability of threat intelligence. Is it a thing of the past, particularly given the advances of artificial intelligence and machine learning? I believe it still has to be an essential part of your cyber security strategy, as the first line of defense.

Threat data for Response Policy Zones (RPZ)

Deteque developed threat data for Response Policy Zones (RPZ). This enables selective blocking of DNS resolution to malicious sites, mitigating your security risks in real time. Like threat gateways, secure DNS services are designed to track and block malicious domains, zones and associated IP addresses, allowing you to filter threats that our research team has observed and analyzed. Because we do this first line of threat identification for you, there’s less ‘noise’ on your network. Your team and resources can then be concentrated on using AI and other analytics. With RPZ in place, your other analysis tools will work more effectively and your user and network protection is improved.


At Deteque, a division of Spamhaus, we help organisations protect their network operations and intellectual property. Our prevention-first approach gives you protection from increasingly malicious and complex cyber threats. Our approach is based on the Spamhaus track record of deploying data feed technologies that work with your network, with up to 97% of threats filtered from your email (source: https://www.virusbulletin.com/testing/results/latest/vbspam-email-security).

We see the security challenges from the inside, working alongside our customers to identify and prevent cyber risks. Once you know what your ‘good’ infrastructure and reliable traffic looks like, you’ll find it easier to identify the constantly evolving ‘bad’ traffic. Whilst there’s sadly no such thing as 100% prevention, Deteque’s threat intelligence tools will help you target your valuable resources on analytics tools specific to your network.

The harsh reality of cyber crime 

It’s not meant to be scare mongering, but I’d just like to share a few sobering statistics with you:

  • The average breach is not spotted for 99 days, during which time the integrity of your data is seriously compromised (Gartner)
  • By 2020, businesses will need to cyber-defend 50 times more data than they do today, with cyber attacks forecast to cost businesses an estimated $6 trillion (Cybersecurity Ventures)
  • Cyber security budgets should now account for 25%-30% of total IT spend (IDC)

It’s important to note that threat intelligence technology is not the silver bullet, however it does complement machine learning. Using threat intelligence gives a boost to machine learning algorithms, filtering out a high volume of ‘dross’ in advance. You can then really concentrate your time and resources on a smaller, more sophisticated sub-set of malware.

By Matthew Stith, Product Manager