Upcoming change from Spamhaus will make March 1st a difficult day for some

On February 11th, Spamhaus reminded its users that they would start to block queries sent from public Domain Name System (DNS) resolvers beginning on March 1st; blocked queries will receive a unique error code. Spamhaus will gain valuable insights about query volumes and customer distribution by forcing organizations to make queries from non-public DNS resolvers. Overall, we think this change is welcome and long overdue.

Despite warning its users way back in 2019 about the new public resolver error code, many email systems that query Spamhaus via a public resolver likely remain unable to interpret the error code correctly. Instead of discarding the query result as invalid, misconfigured systems may understand the result as a signal to block a sender, resulting in rejected email messages.

What are the new Spamhaus response codes?

If you are querying Spamhaus from a public DNS resolver, it’s probably time to stop doing that. And while you’re at it, make sure that your email system understands the new return codes that Spamhaus may return in response to queries to their public mirrors:

Is there any way to continue getting Spamhaus data for free?

Spamhaus offers a free Data Query Service (DQS) option for users who want to use Spamhaus data for non-commercial purposes and for small businesses whose query volume is low.  Visit this page for more information about this service. Spamhaus has been busy making plugins for various open-source spam filtering systems, including rspamd and SpamAssassin, which integrate with the DQS service and take away the complexity of interpreting DNS query results.