querying URLs via HBL (new service by Spamhaus)

[mbunkus]

Today I received an email from Spamhaus about them extending their HBL to contain hashes of URLs. Quote:

As part of our continuous efforts to improve email protection, we have further enhanced one of our Content Blocklists - the Hash Blocklist (HBL).

Whether you’re using the Data Query Service or Rsync Service, find out more about this blocklist enhancement below.

Updates to the Hash BlocklistA new subset of the Hash Blocklist is now available to query – URLs. This is in addition to the existing subsets: compromised email addresses, cryptowallets, and malware files.

This enhancement will increase catch rates further, with the ability to filter emails containing URLs observed as malicious or suspicious. This includes online file storage providers, URL shorteners, and URL redirectors.

Getting the most from the Hash Blocklist To ensure you’re taking advantage of this update, configuration changes are required to the normalization scheme.

You can find technical documentation for the Hash Blocklist, including the latest update, here:

https://docs.spamhaus.com/datasets/docs/source/10-data-type-documentation/datasets/030-datasets.html

In the meantime, you can query the Hash Blocklist without making any configuration changes. However, you will not receive the additional protection until the updates have been made.

Changes to the rspamd-dql stuff are required in order to take advantage of this extended service, if I understand things correctly.

[ricalfieri]

Hi,

rspamd plugin updates that will leverage the URLHASH component will be published in the next weeks. I don't have a timeline yet so just subscribe to this repo and watch for updates

[mbunkus]

Thank you very much! Will do.