Getting Started

Create an Account

Register at /account/login. Enter your email address, a public display name, and a password. A verification email will be sent automatically — click the link inside to activate your account.

Email verification is required before you can submit reports or cast votes. Accounts without a verified email are read-only.

Submit Your First Report

Go to /submit and choose an IOC type:

• URLFull phishing or malware URL (e.g. https://login-paypa1.com/secure)
• DomainMalicious apex domain (e.g. phishing-bank.net)
• IPExact spam source or C2 host (e.g. 185.234.72.19)
• NetworkCIDR range for broader infrastructure context (e.g. 2001:db8:abcd::/48)
• ASNAutonomous system reputation context (e.g. AS13335)
• EmailSender address used in phishing campaigns

Include evidence in the description — e.g. email headers, a brief explanation of the threat, or a reference to a related campaign. Reports with clear evidence are easier to enrich, score, and review accurately. URL submissions are normalized into canonical domains for long-term phishing intelligence. For shared platforms, submit the tenant host or full URL rather than the platform parent.

Get Your API Key

Go to /account and open the API Keys tab. Create a key with read scope for lookups or write scope to submit reports programmatically. The raw key is shown exactly once — save it securely.

# Query reports via API
curl -s "https://api.vspam.org/api/v1/public/reports?q=paypal" \
  -H "Authorization: Bearer YOUR_API_KEY"

# Operator lookup for a phishing domain
curl -s "https://api.vspam.org/api/v1/public/operator-lookup?type=domain&value=login-paypa1.com"

# Operator lookup for ASN context
curl -s "https://api.vspam.org/api/v1/public/operator-lookup?type=asn&value=AS13335"

# Check exact IP or IPv6 host reputation
curl -s "https://api.vspam.org/api/v1/rbl/check?ip=185.234.72.19"

Integrate with Your Infrastructure

Choose the integration method that fits your setup:

• DNSBLAdd the RPZ zone to your DNS resolver — blocks threats at the DNS layer with zero API calls.
• Operator LookupUse /api/v1/public/operator-lookup for canonical domain and ASN checks without client-side hashing or normalization.
• IP RBLUse /api/v1/rbl/check for exact IPv4 and IPv6 host checks — returns listing details and direct infrastructure context.
• FeedsPull operator-focused domain, IPv6 exact-host, IPv6 prefix watch, or ASN reputation feeds in CSV, JSON, or STIX where available.
• FirewallsImport IP blocklists into pfSense, OPNsense, iptables, or cloud WAFs.

See integration guides for Postfix, rspamd, SpamAssassin, and Fail2Ban, or firewall feeds for network-level blocking, or API docs for the full endpoint reference. For product-specific guidance, start with domain reputation, IPv6 intelligence, and ASN reputation.

Deploy the Mail Agent

The vspam-agent is a lightweight Go sidecar that checks IOCs during SMTP policy evaluation with local BoltDB caching. Fail-open design — mail is never blocked by agent errors.

# Debian/Ubuntu (via repo)
sudo apt update && sudo apt install vspam-agent

# Configure
sudo vim /etc/vspam/agent.yml   # set api_key

# Start & add to Postfix
sudo systemctl enable --now vspam-agent
# Add to /etc/postfix/main.cf:
#   check_policy_service inet:127.0.0.1:10045

Packages for Debian/Ubuntu, RHEL/CentOS, and manual tarballs at /download.

Vote & Build Your Reputation

Every account has a trust tier that affects how much weight your votes carry. Build reputation by submitting accurate reports and voting on others:

• Tier 0New account — can submit reports, limited voting weight
• Tier 1Verified — email confirmed, standard voting power
• Tier 2Contributor — consistent quality reports
• Tier 3Trusted — high accuracy, votes fast-track confirmations
• Tier 4–5Expert / Admin — community leadership, abuse queue access

Browse pending reports to vote on, or check the leaderboard to see top contributors.