Skip to main content
All CollectionsAdvanced Reporting
Spamhaus Reputation API

Spamhaus Reputation API

This article provides information related to Spamhaus' Reputation API

Matt McFee avatar
Written by Matt McFee
Updated over 2 months ago

Inbox Monster is part of a small group beta-testing Spamhaus’ new Domain Reputation API. Through this API, Spamhaus provides domain reputation Status along with additional Classifications should your domain reputation be poor.

Access Your Spamhaus Reputation

To access your Spamhaus reputation, log into your Inbox Monster account and, on the left menu items, select Reputation > Domains > select your domain. At the top of the next page, you will see 2 new Spamhaus tiles and a Spamhaus Reputation Trend chart.

Statuses

The reputation Spamhaus systems associate with the given domain. Values from Spamhaus and Inbox Monster's translations are as follows:

  • Spamhaus: Malicious = Inbox Monster: Malicious

  • Spamhaus: Bad = Inbox Monster: Bad

  • Spamhaus: Neutral = Inbox Monster: Neutral

  • Spamhaus: Good = Inbox Monster: Medium

  • Spamhaus Great = Inbox Monster: High

Dimensions

Spamhaus also provides reputation for domains across several "dimensions", each relating to a different area of focus for a domain's signals.

Per Spamhaus, the main supported dimensions are:

  • SMTP: Automated scoring based on rules applied to the signal extracted from global email metadata shared by first and third party partners.

  • Identity: Automated scoring based on rules applied to various sources of domain-related data. Examples of what [Spamhaus'] systems and associated rules focus on to establish an identity score are:

    • email authentication;

    • encryption configurations.

  • Infra: Automated scoring applied to various sources of domain-related data. Examples of what [Spamhaus'] systems and associated rules focus on to establish the infrastructure score are:

    • the domain’s associated name servers;

    • domain host. In cases where the hosting network’s IP reputation is deemed so poor that it is listed in the drop datasets, this may also adversely affect the domain’s infra score.

  • Malware: Automated scoring based on intelligence from various first and third-party partner feeds, including abuse.ch data. The scores are derived from associations between the domain and malware content across many different scenarios. Examples of associations include:

    • domains associated with malware files distribution which may be malicious URLs;

    • botnet infrastructure.

  • Human: Scoring based on any manual investigations our research team may have undertaken that are associated with the domain. Human-based interventions are used when automation is not possible, such as understanding adversaries’ tactics, tools, and procedures (TTPs). The research team uses multiple tools and techniques to investigate and score a domain.

Spamhaus Scores are the value of all reputation dimensions combined. Zero is the neutral point, and the higher the positive number; the greater the positive reputation of the domain. Conversely, for "lower" negative numbers, the more negative the reputation.

Classifications

If the domain has been identified as the vector of some threat or behavior, this represents what that is. As such, the field would be missing entirely if no specific behavior or threat is associated with it. Possible values are:

  • Phish

  • Malware

  • Botnetcc

  • Snowshoe

  • Redirector

  • Adware

  • Sinkhole

If you have any questions, please don't hesitate to communicate with us using the Intercom icon in the bottom right of your Inbox Monster account. Thank you!

Additional Resources from Spamhaus

Related Articles
Integrate Google Postmaster Tools and Microsoft SNDS
Inbox Monster Account Settings
Campaign Reports from Inbox Monster
The Monster Guide to Blocklists
Utilizing Monster Labs Discovery
Did this answer your question?