Protect your network from phishing, spam, and email-borne malware using SATIS real-time threat intelligence. Integrate with your existing DNS resolver or mail server in minutes.
Real-time database of malicious email addresses and domains. Crowd-sourced reports combined with automated threat feeds.
Response Policy Zone files for BIND, Unbound, and PowerDNS. Block malicious sender domains at the DNS layer.
SHA-256 hash database of known phishing and spam messages. Detect campaign variants with normalized body hashing.
| Format | Use Case | Endpoint |
|---|---|---|
hosts | /etc/hosts format (universal) | /api/v1/consumer/blocklist?format=hosts |
dnsmasq | dnsmasq address= directives | /api/v1/consumer/blocklist?format=dnsmasq |
unbound | Unbound local-zone/local-data | /api/v1/consumer/blocklist?format=unbound |
pihole | Pi-hole compatible list | /api/v1/consumer/blocklist?format=pihole |
rpz | DNS RPZ zone (BIND/PowerDNS) | /api/v1/email/rpz |
postfix | Postfix access map | via /api/v1/email/threats |
# Check if an address or domain is blacklisted GET /api/v1/email/[email protected] # Download DNS RPZ zone file for mail server integration GET /api/v1/email/rpz # List active email threats (filterable by severity, category, domain) GET /api/v1/email/threats?severity=high&category=phishing # Download DNS blocklist in your preferred format GET /api/v1/consumer/blocklist?format=pihole
Pull the SATIS blocklist into Pi-hole on a schedule. Blocks malicious domains at the DNS level for your entire network.
# Add to crontab (runs every 30 minutes) */30 * * * * curl -sH "Authorization: Bearer tck_YOUR_KEY" \ "https://setecastronomyinc.com/api/v1/consumer/blocklist?format=pihole" \ -o /etc/pihole/satis-blocklist.list && pihole restartdns reload-lists # Or add as a blocklist URL in Pi-hole Admin > Adlists: # https://setecastronomyinc.com/api/v1/consumer/blocklist?format=pihole # (requires API key in request header)
Drop SATIS blocklist into dnsmasq's config directory. Works with OpenWrt, DD-WRT, and standalone dnsmasq.
# Cron job to refresh every 30 minutes */30 * * * * curl -sH "Authorization: Bearer tck_YOUR_KEY" \ "https://setecastronomyinc.com/api/v1/consumer/blocklist?format=dnsmasq" \ -o /etc/dnsmasq.d/satis-blocklist.conf && systemctl reload dnsmasq
Use Unbound's local-zone feature to sinkhole malicious domains.
# /etc/unbound/unbound.conf.d/satis.conf
server:
include: /etc/unbound/satis-blocklist.conf
# Cron job to refresh
*/30 * * * * curl -sH "Authorization: Bearer tck_YOUR_KEY" \
"https://setecastronomyinc.com/api/v1/consumer/blocklist?format=unbound" \
-o /etc/unbound/satis-blocklist.conf && unbound-control reload
Block known-malicious sender domains at the MTA level using Postfix access maps.
#!/bin/bash
# /opt/satis/update-postfix-blocklist.sh
# Fetch email threats and build a Postfix sender_access map
curl -sH "Authorization: Bearer tck_YOUR_KEY" \
"https://setecastronomyinc.com/api/v1/email/threats?count=10000" \
| jq -r '.[] | .domain' | sort -u \
| awk '{print $1, "REJECT SATIS: malicious sender domain"}' \
> /etc/postfix/satis_sender_access
postmap /etc/postfix/satis_sender_access
postfix reload
# In /etc/postfix/main.cf:
# smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/satis_sender_access
Check if an email address or domain is in the SATIS blacklist:
# Check a specific address curl -sH "Authorization: Bearer tck_YOUR_KEY" \ "https://setecastronomyinc.com/api/v1/email/[email protected]" # Response (listed): # {"listed": true, "threat": {"threat_id": "EM-...", "severity": "high", ...}} # Response (clean): # {"listed": false, "address": "[email protected]"}
Email threat intelligence is included with all paid SATIS plans. Start blocking malicious senders in minutes.
Get Started Compare Plans