Integrations

Connect vspam.org to your infrastructure using the DNSBL, REST API, or threat feeds. Configuration snippets are provided for the most common mail servers and security tools.

Mail Servers

smtpd_recipient_restrictions =
  ...
  reject_rbl_client dnsbl.vspam.org

deny
  dnslists = dnsbl.vspam.org
  message = Rejected: listed on vspam.org DNSBL

rbls {
  vspam {
    symbol = "RBL_VSPAM";
    rbl = "dnsbl.vspam.org";
    ipv6 = true;
  }
}

header   RCVD_IN_VSPAM eval:check_rbl('vspam', 'dnsbl.vspam.org.')
describe RCVD_IN_VSPAM Listed on vspam.org DNSBL
score    RCVD_IN_VSPAM 3.0

Security Tools

# /etc/fail2ban/action.d/vspam.conf
[Definition]
actionban = curl -s -X POST https://api.vspam.org/api/v1/reports \
  -H "X-API-Key: <YOUR_KEY>" \
  -H "Content-Type: application/json" \
  -d '{"ioc_type":"ip","ioc_value":"<ip>","category":"spam","evidence":"Fail2Ban: <name> jail"}'

# Download and apply blocklist
curl -s -H "X-API-Key: <KEY>" https://api.vspam.org/api/v1/feeds/csv \
  | tail -n +2 | cut -d',' -f2 | grep -E '^[0-9]' \
  | while read ip; do iptables -A INPUT -s "$ip" -j DROP; done

Threat Feeds

Pull confirmed IOCs in structured formats for bulk ingestion into OpenCTI, MISP, or Cortex XSOAR. All feed endpoints require an API key except TAXII.

API Quick Start

Common curl examples — replace <KEY> with your API key from the account page.

# Check an IP
curl https://api.vspam.org/api/v1/rbl/check?ip=192.0.2.1

# Search reports
curl https://api.vspam.org/api/v1/public/reports?q=example.com

# Submit a report (authenticated)
curl -X POST https://api.vspam.org/api/v1/reports \
  -H "X-API-Key: <KEY>" \
  -d '{"ioc_type":"url","ioc_value":"https://phish.example.com","category":"phishing"}'