Each section below is a simple overview of how each SORBS database is administered and how you can get out if listed.

Detailed listing and de-listing information for each database may be reviewed under the SORBS menu, in the 'Listing and De-listing' section. Please read these carefully before mailing the SORBS support system about an entry.

Note: Use of this service is currently free of charge. There is no charge for removal from the proxy, vulnerability, relay, zombie, spam or DUHL databases.

Spam Database
Listing is manual and is performed when any spam is received at a SORBS spamtrap. SORBS spamtraps include, but are not limited to, the private email addresses of the SORBS administrators. On occasion, when a particular network is seen to be spamming and the listing of a single IP address seems to have no effect, increasingly larger sections of the Netblock will be listed. If spamming continues, the size of the listing will be slowly expanded (depending on the number of spams received) until something is done about the spammer.

De-listing. If the size of the listing is anything more than a single IP address, de-listing can only take place when the spammer is no longer using the address space, in which case the size of the listing will be reduced down to the originally spamming IP addresses free of charge. A time-based penalty approach is adopted, however, details of which can be found here:

Dynamic User/Host List Database (DUHL)
Listing is performed manually after contact from netizens or ISPs indicating dynamically assigned space, or whenever SORBS administrators notice the same, for example by receiving spam from such an address range.

De-listing is a manual process and will only be performed when the owner of the IP address block contacts the SORBS support system to indicate the addresses listed are statically assigned. There is also a self-help mechanism for the automated exclusion of single IP addresses from the DUHL; see the DUHL FAQ for details.

ISP's are encouraged to submit lists of both their dynamically and statically assigned address ranges through the SORBS support system. We strive to ensure that there are no incorrect listings. This can be done at any time as the database changes from day to day whenever updates are required.

Note: This list should not list static address space, not even dial-ups. This is for any dynamically assigned space regardless of the method of connecting them to the Internet.

Proxy Databases (HTTP/SOCKS & Misc)
Listing is automatic when you have a proxy identified by a SORBS testing machine or by one of the other known proxy lists or DNS based block lists.

De-listing is a semi-automated process and is described in detail in the Retest FAQ.

Open Relay (SMTP) Database
Listing is semi-automatic and manual. This is due to the fact that correctly identifying an open relay is not always possible with automatic methods.

De-listing is a semi-automated process and is described in detail in the Retest FAQ.

Vulnerabilities Database
Listing is a manual and automatic process and is performed whenever a host is suspected of being hacked or abused. The automated part is when an infected host contacts a SORBS test server and attempts to exploit known worm code.

De-listing is manual and will be performed when you mail the SORBS support system indicating the problem is fixed and the host is patched against further attack. If a particular host is re-listed more than four times, the listing will be set for a period of one year minimum.

Zombie Database
Listing is performed manually after exhaustive research.

De-listing is performed manually whenever an IP address block is returned to its rightful owner.

Administrator block requests
Listing is by request of the net block owner.

De-listing is free of charge and at the request of the net block owner.

Copyright © 2002-2023 by SORBS | Terms & Conditions | Privacy Policy