| Website | https://www.spamhaus.org |
| Threat Intel Community | https://submit.spamhaus.org |
| https://www.linkedin.com/company/the-spamhaus-project | |
| https://twitter.com/spamhaus |
RE: https://infosec.exchange/@spamhaus/116328395667742203
Ok, you got us...April Fools 😜! Can you find and solve the riddle?
Remember that DNSBLs provide A records as the main answer, and TXT are just there for (the lulz) support!
...we're reviving and expanding a project that has contributed greatly to securing the Internet over decades: the CBL 🤩
Now reborn as the "Cosmic Blocklist", it's being expanded to allow the listing of IP addresses even in multiple planetary networks across the solar system, by appending the planet name to the actual internet address, thereby taking into account the inevitable existence of multiple internets in the near future! 🪐 ⤵️
Learn more ➡️ https://www.spamhaus.org/resource-hub/spamhaus/spamhaus-cbl-is-reborn-now-interplanetary/
You can look up the status of an IP on another planet via:
<reverse-IP>.<PLANET>.cbl.spamhaus.org.
Try it with your favorite planet! 🪐
With ongoing discussion around a potential sixth Regional Internet Registry (RIR) for outer space allocations, as outlined in: https://datatracker.ietf.org/doc/draft-li-tiptop-address-space/ …it has become clear that governance of interplanetary IP allocations is no longer hypothetical.
🛰️ Recent incidents involving interference with critical satellite infrastructure demonstrate that space-based threats are no longer theoretical: https://news.satnews.com/2026/02/04/russia-intercepts-europes-key-satellites-placing-nato-satellite-at-risk/
For this reason... ⤵️
LESS THAN 2 WEEKS until access will start to be restricted to those querying our blocklists via Oracle’s network. Stay protected for free with Spamhaus Technology's Data Query Service - changes to config take minutes.
Read more & sign up: 👇
https://www.spamhaus.org/resource-hub/email-security/querying-the-free-dnsbls-via-oracle
This same company markets itself as a Chinese provider of "residential proxies." These ASNs are registered at RIPE (@ripencc) as assigned to ISPs delivering fibre to UK homes.
One explanation is that this makes proxy traffic appear to originate from genuine residential broadband customers. But it may not necessarily be for malicious purposes. It could be targeting SEO and those who want to "cheat the system" by simulating traffic from a large pool of users for marketing. ⤵️
An individual, Zhenyun Sun (https://find-and-update.company-information.service.gov.uk/officers/svz68usL11Hfb5q2_65DDqlFd2Y/appointments), is registering UK "fibre ISPs" at Companies House at an unusual rate. On the surface, they could pass for legitimate broadband providers. But look closer, and the picture soon changes 🕵️ ...
Some of these companies are assigned an ASN, sharing the same abuse contact: onesproxy[.]com. ⤵️
TAKE ACTION | If you’re using the free #DNSBLs and querying via Oracle ’s network, you need to change your config, or from April 8th, you may face issues with your email stream.
Read why and the steps you need to take to stay protected for free in this blog:
https://www.spamhaus.org/resource-hub/email-security/querying-the-free-dnsbls-via-oracle
