vspam.org vs PhishTank
PhishTank is a long-running community phishing database centered on URL submissions and verification. vspam.org is built for mail operators and abuse teams, with domain-first phishing intelligence, IPv6-first infrastructure handling, score-aware feeds, and operator workflows. Both benefit from community input, but they model artifacts and publishing decisions very differently.
What vspam is optimized for
Domain-first phishing
Phishing URLs are normalized into canonical domains for long-term scoring and feed publication.
IPv6-first infrastructure
Exact hosts and prefix-watch signals are kept separate so large allocations are not over-blocked.
ASN-aware context
Provider reputation supports analyst and scoring decisions without overwhelming direct artifact evidence.
Operator-grade publication policy
Feeds expose thresholds and recommended actions so operators can distinguish direct blocklists from watch and context outputs.
Feature Comparison
| Feature | vspam.org | PhishTank |
|---|---|---|
| Primary phishing artifact | Domain-first (URLs normalized to domains) | URL-first |
| Infrastructure scope | Domains, IPv4, IPv6, ASNs, emails | Phishing URLs |
| IPv6 exact-host and prefix context | Yes | Not a primary public workflow |
| DNSBL integration | Native DNSBL and mail-agent workflows | Not available |
| Feed policy transparency | Explicit thresholds and recommended actions | Community verification, no operator feed taxonomy |
| STIX/TAXII | Yes | No |
| Community review model | Trust-weighted review plus deterministic scoring | Community verification |
| Operator tooling | Lookup, feeds, firewall surfaces, mail agent | URL checks and feed/API access |
| Open source platform | AGPL-3.0 | No |
vspam.org strengths
- Domain-first phishing model that keeps long-term data compact and operator-friendly
- IPv6 exact-host and prefix-watch handling for modern mail and abuse operations
- Score-aware feed publication with explicit block, watch, and context guidance
- Mail operator workflow support through DNSBL, firewall exports, API, and mail agent
- Open-source platform with auditable scoring and self-hosting potential
PhishTank strengths
- Long-running public reputation and broad recognition in the anti-phishing community
- Strong URL-centric historical coverage
- Simple URL-focused workflow that many analysts already know
- Community verification model that is easy to understand
When to Use Each
Choose vspam.org
Choose vspam.org when you need operator-grade phishing handling beyond raw URLs: domain-first intelligence, IPv6-aware infrastructure context, score-aware feeds, and direct mail or firewall integration.
Choose PhishTank
Choose PhishTank when your workflow is primarily URL-centric and you want a long-established community source for phishing URL lookups.
Verdict
PhishTank is still useful for URL-centric phishing checks, but vspam.org is the better fit when your real operational question is whether to block, watch, or investigate a domain or related infrastructure. The two can coexist, but they are optimized for different decisions.