Getting Started
vspam.org is a community-driven phishing intelligence platform. This guide walks you through the four steps to go from zero to a fully integrated threat feed.
Create an Account
Register at /account/login?tab=register. Enter your email address, a public display name, and a password. A verification email will be sent automatically — click the link inside to activate your account.
Email verification is required before you can submit reports or cast votes. Accounts without a verified email are read-only.
Submit Your First Report
Go to /submit and choose an IOC type:
- URLFull phishing or malware URL (e.g. https://login-paypa1.com/secure)
- DomainMalicious apex domain (e.g. phishing-bank.net)
- IPSpam source or C2 IP address (e.g. 185.234.72.19)
- EmailSender address used in phishing campaigns
Include evidence in the description — e.g. email headers, a brief explanation of the threat, or a reference to a related campaign. Reports with clear evidence are confirmed faster by the community.
Get Your API Key
Go to /account and open the API Keys tab. Create a key with read scope for lookups or write scope to submit reports programmatically. The raw key is shown exactly once — save it securely.
Integrate with Your Mail Server
vspam.org provides three integration methods for mail servers and security tools:
- DNSBLAdd our RPZ zone to your DNS resolver to block confirmed threats at the DNS layer. No API calls required.
- REST APIUse the /api/v1/public/lookup/:hash endpoint for real-time IOC checks in your mail policy daemon or SIEM.
- IP RBLCheck IP reputation via GET /api/v1/rbl/check?ip=<address> — returns confidence score and listing details for IPv4 and IPv6 addresses.
- STIX FeedsPull confirmed IOCs in STIX 2.1, CSV, or JSON format for bulk ingestion into OpenCTI, MISP, or Cortex XSOAR.
See /api-docs for full endpoint reference, authentication details, and code examples in Python, Go, and curl.
What's Next?
Once you're set up, explore the rest of the platform: