Popular topics: Spam blocklist Abuse Contact ValidationPolicy blocklistWelcome listCombined blocklistDomain blocklistPotentially compromised accountsExploit blocklistRspamdWhat is XARF?

Exploit blocklist

IP Exploit blocklist (exploit.mail.abusix.zone)

Status: Production
Type: IPv4, IPv6
Cloud DNS namespace: <key>.exploit.mail.abusix.zone.
Rsync File: lists/exploit.zone
Return Codes:
Test Points:,, ::FFFF:7F00:2, ::FFFF:7F00:4
Listing Duration: Approximately 5.2 days from when traffic was last seen


This list is built by observing the behaviour of hosts connecting to our traps and to our partners mail services.

It contains any IP address we observe that behaves in certain ways that a genuine SMTP client never would, so any IPs found on this list will either be compromised, botnet/virus infected, proxies, VPNs, TOR exit nodes or IPs that are NAT'ing for these hosts.

This list can also be safely used to check each "Received" header hop found within a message.

Example query:

$ host<key>.exploit.mail.abusix.zone.<key>.exploit.mail.abusix.zone has address

Was this article helpful?

Can’t find what you’re looking for?

Our award-winning customer care team is here for you.

Contact Support