Domain Validator




Response Attributes

Resize the browser window to see the effect.

The columns will automatically stack on top of each other when the screen is less than 576px wide.

Domain Listing
If the domain is currently listed in a Spamhaus DNSBL. It also provides the timestamp it was listed and the timestamp of when the listing will expire (subject to the listing not being renewed)
If the domain is not listed, this will return "is_listed": false
Domain Contexts
  • context: dkim-header,
    description: The domain has been used in a DKIM header in a mail sample
  • context: dkim_d,
    description: DKIM d= field
  • context: dnsblquery,
    description: The domain has been seen in a dnsbl query
  • context: helo,
    description: The domain has been seen in a SMTP HELO/EHLO command
  • context: mailbody,
    description: The domain has been used in a link in the content of an email
  • context: mailsample,
    description: The domain has been observed in a mail sample
  • context: osint,
    description: The domain has been discovered researching open data
  • context: pdns,
    description: The domain has been seen in a passive-dns query
  • context: redirect,
    description: The domain has been detected following an HTTP redirect
  • context: sandbox,
    description: The domain has been seen in a malware sandbox
  • context: sms,
    description: The domain has been observed inside an SMS
  • context: tlscert,
    description: The domain has been seen in the TLS certificate
  • context: webscraper,
    description: The domain has been detected by a webscraper
  • context: zone,
    description: The domain has been seen in a zone file
  • context: zrd,
    description: The domain has been seen through Zero Reputation Domain (ZRD)
Domain Senders
This Shows information relating to the IP addresses that have been seen sending emails for the domain.

The score is a reputation value, similar to the one associated with the domain, but refers to the reputation of the sender’s IP address. It is important to remember that the IP addresses will cover a broad range of reputation, from very good to exceptionally poor and the sender’s IP reputation may not be strictly related to the domain itself.
Hostnames listed
Spamhaus tries to minimize the impact and reach of a listing, and, where possible, we list hostnames rather than domains

if available, the hostnames that are (or have been) listed for a specific domain in the recent past.
Reputation Dimensions
Spamhaus assesses the reputation of each domain across several dimensions. Each dimension is a container which we associate signals with. For example, if we receive a signal indicating a bot infection, we will modify the malware dimension while if we have signals relating to the emails sent by the domain reaching our spamtraps, we will alter the smtp dimension.

The main supported dimensions are:

  • smtp: Reputation in the SMTP area
  • identity: Reputation of the identity of the domain. (Owner, registrar and more)
  • infra: Reputation of the infrastructure of the domain. (NS, hosts, etc.)
  • malware: Reputation of the domain affected by malware, bots and the distribution of such threats
  • human: The human reputation for a domain, accounting for operations and false positive fallouts. This dimension represents the opinion of Spamhaus researchers about the domain.
  • 3rdparty: Third parties reputation signals are added to this dimension.
dimension
description
3rdparty
Third parties reputation signals are added to this dimension
human
The human reputation for a domain, taking into account operations and false positive fallouts
identity
Reputation of the identity of the domain (Owner, registrar and more)
infra
Reputation of the infrastructure of the domain (NS, hosts, ...)
malware
Reputation of the domain as affected by malware, bots and distribution of such threats
smtp
Reputation in the SMTP area
web
Reputation of the web part of the domain: the sites and their behaviour
Tag list
The full list of tags that can be associated with a domains
tag
description
abused
domain is being abused by third parties
adware
domain is used by adware
botnet
domain is used in botnet spam
botnetcc
domain is used for botnet command and control
cdn
this domain hosts a CDN
compromised
domain has been compromised
corporate
validated domain used for corporate uses only
dga
domain is a DGA
disposable
domain offers disposable services
dyndns
domain is used to provide dyndns services
esp
domain used by an ESP to relay mail. Should not be listed.
freehost
domain offers free hosting services
freemail
domain offers freemail services
hailstorm
domain is involved in hailstorm operations
isp
domain used for provider customer end points
malware
domain is used in malware distribution
neverlist
domain cannot be listed for any reason
phish
domain is used in phishing attacks
redirector
domain is used as a url shortener or redirector
scam
domain is used in fraud
shared
domain offers shared services
shortener
URL shortener service
sinkhole
domain is used to sinkhole botnets
snowshoe
domain is used in snowshoe spam8
spam
domain is used in spam