Spamhaus BGP feed experiences?

Matthias Leisi matthias at
Wed May 20 20:37:29 UTC 2015

At <> we check our data against the DROP list every once in a while. The overlap of DROP with legitimate sources of SMTP traffic is very, very small: a low single-digit number, and most of them are crappy to start with (so we don’t publish them, but only keep them in our database for reference purposes). 

— Matthias

> Am 19.05.2015 um 20:38 schrieb Max Tulyev <maxtul at>:
> How much false positives (i.e. blackholing traffic users want to reach)?
> On 18.05.15 21:04, Marco d'Itri wrote:
>> On May 17, Mike Lyon <mike.lyon at> wrote:
>>> Any ISPs out there (big or small) ever used the Spamhaus BGP feed to
>>> prevent against botnet, spam, etc? If so, how has your experience been? Is
>>> it worthwhile? Has it helped? On / off list responses are appreciated in
>>> advance.
>> We use Spamhaus DROP (not the BGP version: our software asks a human to 
>> review each change).
>> The benefits are not obvious since we do not have access customers, but 
>> it will blackhole some networks you obviously do not want to talk to,
>> and it has not caused any troubles either.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4109 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list