XTM Hub by FiligranSign In

Spamhaus DROP list

Detection & prevention sources
A picture of Spamhaus DROP list

Overview

Ingest IPs with SBL record ID in description: The Spamhaus DROP list (Don't Route Or Peer) is a list of IP address ranges controlled by threat actors and used exclusively for malicious activity, such as spam, malware distribution, and botnet operati

The Spamhaus DROP list (Don't Route Or Peer) is a list of IP address ranges controlled by threat actors and used exclusively for malicious activity, such as spam, malware distribution, and botnet operations. These ranges are associated with activities such as spam campaigns, malware distribution, phishing, botnet command-and-control (C2), and other forms of network abuse. Unlike typical blacklists that might include single IPs, the DROP list focuses on entire netblocks that are known to be untrustworthy or are allocated to known bad actors. The goal of the list is to prevent any communication with these IP ranges by advising networks and security systems to drop all traffic to and from them, effectively cutting off malicious infrastructure at the routing level. The list is maintained and regularly updated by The Spamhaus Project, based on intelligence gathered from their global sensor network and trusted partners. It is designed to be lightweight and safe to use in automated firewalls, routers, and intrusion prevention systems. Because of its reliability and low false-positive rate, the DROP list is widely used by ISPs, enterprises, and cybersecurity platforms to enhance perimeter defense and reduce exposure to cyber threats.

Basic Information

Filigran
Nicolas Quintin
July 02, 2025
10+
3