Getting Started

Create an Account

Register at /account/login. Enter your email address, a public display name, and a password. A verification email will be sent automatically — click the link inside to activate your account.

Email verification is required before you can submit reports or cast votes. Accounts without a verified email are read-only.

Submit Your First Report

Go to /submit and choose an IOC type:

• URLFull phishing or malware URL (e.g. https://login-paypa1.com/secure)
• DomainMalicious apex domain (e.g. phishing-bank.net)
• IPSpam source or C2 IP address (e.g. 185.234.72.19)
• EmailSender address used in phishing campaigns

Include evidence in the description — e.g. email headers, a brief explanation of the threat, or a reference to a related campaign. Reports with clear evidence are confirmed faster by the community.

Get Your API Key

Go to /account and open the API Keys tab. Create a key with read scope for lookups or write scope to submit reports programmatically. The raw key is shown exactly once — save it securely.

# Query reports via API
curl -s "https://api.vspam.org/api/v1/public/reports?q=paypal" \
  -H "Authorization: Bearer YOUR_API_KEY"

# Look up an IOC by SHA-256 hash
curl -s "https://api.vspam.org/api/v1/lookup/<sha256>"

# Check IP reputation
curl -s "https://api.vspam.org/api/v1/rbl/check?ip=185.234.72.19"

Integrate with Your Infrastructure

Choose the integration method that fits your setup:

• DNSBLAdd the RPZ zone to your DNS resolver — blocks threats at the DNS layer with zero API calls.
• REST APIReal-time IOC checks via /api/v1/lookup/:hash for mail policy daemons or SIEMs.
• IP RBLCheck IP reputation via /api/v1/rbl/check — returns confidence score and listing details.
• STIX FeedsPull confirmed IOCs in STIX 2.1, CSV, or JSON for bulk ingestion into OpenCTI, MISP, or Cortex XSOAR.
• FirewallsImport IP blocklists into pfSense, OPNsense, iptables, or cloud WAFs.

See integration guides for Postfix, rspamd, SpamAssassin, and Fail2Ban, or firewall feeds for network-level blocking, or API docs for the full endpoint reference.

Deploy the Mail Agent

The vspam-agent is a lightweight Go sidecar that checks IOCs during SMTP policy evaluation with local BoltDB caching. Fail-open design — mail is never blocked by agent errors.

# Debian/Ubuntu (via repo)
sudo apt update && sudo apt install vspam-agent

# Configure
sudo vim /etc/vspam/agent.yml   # set api_key

# Start & add to Postfix
sudo systemctl enable --now vspam-agent
# Add to /etc/postfix/main.cf:
#   check_policy_service inet:127.0.0.1:10045

Packages for Debian/Ubuntu, RHEL/CentOS, and manual tarballs at /download.

Vote & Build Your Reputation

Every account has a trust tier that affects how much weight your votes carry. Build reputation by submitting accurate reports and voting on others:

• Tier 0New account — can submit reports, limited voting weight
• Tier 1Verified — email confirmed, standard voting power
• Tier 2Contributor — consistent quality reports
• Tier 3Trusted — high accuracy, votes fast-track confirmations
• Tier 4–5Expert / Admin — community leadership, abuse queue access

Browse pending reports to vote on, or check the leaderboard to see top contributors.