Introduction
The SORBS DNSBL is just list of numbers, nothing more, nothing less. The significance of these numbers is that they are related to hosts on the Internet whose condition/settings have included the particular vulnerabilities which we seek to eliminate, i.e. open relays, open proxies, etc.

As a prospective user of the SORBS lists the most important question you need to ask yourself is: Do I understand the listing criteria for the list(s) I plan to use?

Then, you have a number of choices/decisions to make:
  1. How aggressive at stopping spam do you want to be?
  2. Do you want to trust the SORBS admins as well as a testing script?
  3. Do you trust the scripts the SORBS admins employ to identify badly configured hosts?
  4. Do you run your own mailserver?
  5. Do you run your server for other people?
  6. Do you want to reject email or just flag it as spam?
In addition to the above you also have to consider how much load you are going to put on the servers, including the SORBS DNS server. For large or busy sites please see the information for large sites.

How do server administrators use SORBS...?
Server administrators may use SORBS by querying the server directly using their mailserver's features.

Configurations for common mailservers are:

Zones Available
	    dnsbl.sorbs.net - Aggregate zone (contains all the following DNS zones
			      except spam.dnsbl.sorbs.net)
       http.dnsbl.sorbs.net - List of Open HTTP Proxy Servers.
      socks.dnsbl.sorbs.net - List of Open SOCKS Proxy Servers.
       misc.dnsbl.sorbs.net - List of open Proxy Servers not listed in
			      the SOCKS or HTTP lists.
       smtp.dnsbl.sorbs.net - List of Open SMTP relay servers.
	web.dnsbl.sorbs.net - List of web (WWW) servers which have spammer
			      abusable vulnerabilities (e.g. FormMail scripts)
			      Note: This zone now includes non-webserver
			      IP addresses that have abusable vulnerabilities.
   new.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending
			      spam/UCE/UBE to the admins of SORBS within the last
			      48 hours.
recent.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending
			      spam/UCE/UBE to the admins of SORBS within the last
			      28 days (includes new.spam.dnsbl.sorbs.net).
   old.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending
			      spam/UCE/UBE to the admins of SORBS within the last
			      year. (includes recent.spam.dnsbl.sorbs.net).
       spam.dnsbl.sorbs.net - List of hosts that have been noted as sending
			      spam/UCE/UBE to the admins of SORBS at any time, 
			      and not subsequently resolving the matter and/or
			      requesting a delisting. (Includes both
			      old.spam.dnsbl.sorbs.net and escalations.dnsbl.sorbs.net).
escalations.dnsbl.sorbs.net - This zone contains netblocks of spam supporting
			      service providers, including those who provide
			      websites, DNS or drop boxes for a spammer.  Spam
			      supporters are added on a 'third strike and you are
			      out' basis, where the third spam will cause the
			      supporter to be added to the list.
      block.dnsbl.sorbs.net - List of hosts demanding that they never be tested
			      by SORBS.
     zombie.dnsbl.sorbs.net - List of networks hijacked from their original
			      owners, some of which have already used for spamming.
	dul.dnsbl.sorbs.net - Dynamic IP Address ranges (NOT a Dial Up list!)
	    rhsbl.sorbs.net - Aggregate zone (contains all RHS zones)
    badconf.rhsbl.sorbs.net - List of domain names where the A or MX
			      records point to bad address space.
     nomail.rhsbl.sorbs.net - List of domain names where the owners have
			      indicated no email should ever originate from these
			      domains.

Note: The web.dnsbl.sorbs.net domain includes infected Nimba and Code Red hosts, as well as hosts that contain FormMail scripts, or other known exploits that allow a remote user to use that host to sent/relay spam. Exploits that include guessing passwords will not be included. Where possible, servers will not be exploited in the process of testing.

SORBS Return Codes
SORBS returns 127.0.0.x codes to indicate which database the test result was obtained from. If you use the aggregate zone, the return codes will still reflect the specific database(s) from which the results have been obtained.

e.g. If 4.3.2.1.socks.dnsbl.sorbs.net returns 127.0.0.3

then

4.3.2.1.dnsbl.sorbs.net would also return 127.0.0.3.

If an IP address appears in more than one database and you query using the aggregate zone, all applicable codes are returned.

e.g. If in addition, 4.3.2.1.http.dnsbl.sorbs.net returns 127.0.0.2

then 4.3.2.1.dnsbl.sorbs.net would return both 127.0.0.2 and 127.0.0.3

Return codes are:
	  http.dnsbl.sorbs.net    127.0.0.2
	 socks.dnsbl.sorbs.net    127.0.0.3
	  misc.dnsbl.sorbs.net    127.0.0.4
	  smtp.dnsbl.sorbs.net    127.0.0.5
      new.spam.dnsbl.sorbs.net    127.0.0.6
   recent.spam.dnsbl.sorbs.net    127.0.0.6
      old.spam.dnsbl.sorbs.net    127.0.0.6
	  spam.dnsbl.sorbs.net    127.0.0.6
   escalations.dnsbl.sorbs.net    127.0.0.6
	   web.dnsbl.sorbs.net    127.0.0.7
	 block.dnsbl.sorbs.net    127.0.0.8
	zombie.dnsbl.sorbs.net    127.0.0.9
	   dul.dnsbl.sorbs.net    127.0.0.10
       badconf.rhsbl.sorbs.net    127.0.0.11
	nomail.rhsbl.sorbs.net    127.0.0.12

Additional Aggregate Zones
SORBS also provides other aggregate zones as follows:
	       Zone Name		Zones Included
	       =========		==============

	 dnsbl.sorbs.net	  http.dnsbl.sorbs.net
				 socks.dnsbl.sorbs.net
				  misc.dnsbl.sorbs.net
				  smtp.dnsbl.sorbs.net
			      new.spam.dnsbl.sorbs.net
			   recent.spam.dnsbl.sorbs.net
			   escalations.dnsbl.sorbs.net
				   web.dnsbl.sorbs.net
				   dul.dnsbl.sorbs.net
				 block.dnsbl.sorbs.net
				zombie.dnsbl.sorbs.net

    safe.dnsbl.sorbs.net	  http.dnsbl.sorbs.net
				 socks.dnsbl.sorbs.net
				  misc.dnsbl.sorbs.net
				  smtp.dnsbl.sorbs.net
			      new.spam.dnsbl.sorbs.net
				   web.dnsbl.sorbs.net
				 block.dnsbl.sorbs.net
				zombie.dnsbl.sorbs.net
				   dul.dnsbl.sorbs.net

problems.dnsbl.sorbs.net	  http.dnsbl.sorbs.net
				 socks.dnsbl.sorbs.net
				  misc.dnsbl.sorbs.net
				  smtp.dnsbl.sorbs.net
			      new.spam.dnsbl.sorbs.net
			   recent.spam.dnsbl.sorbs.net
			      old.spam.dnsbl.sorbs.net
			   escalations.dnsbl.sorbs.net
				   web.dnsbl.sorbs.net
				 block.dnsbl.sorbs.net
				zombie.dnsbl.sorbs.net

  relays.dnsbl.sorbs.net	  http.dnsbl.sorbs.net
				 socks.dnsbl.sorbs.net
				  misc.dnsbl.sorbs.net
				  smtp.dnsbl.sorbs.net

 proxies.dnsbl.sorbs.net	  http.dnsbl.sorbs.net
				 socks.dnsbl.sorbs.net
				  misc.dnsbl.sorbs.net

Additional Zones such as (A)SPEWS...
In addition to providing the SORBS zones, SORBS also makes the ASPEWS and SPEWS data available by DNSbl lookup.

As the policy of SORBS (and one of the reasons for creating SORBS) was the publishing of data that is fully under SORBS control, the ASPEWS and SPEWS zones are not included in the SORBS aggregate zone. This is the same reason why SORBS does not present other DNSbls' data.

For those wanting the ASPEWS or SPEWS data by simple DNSbl lookup, SORBS provides the following zones as a courtesy:
l1.spews.dnsbl.sorbs.net - SPEWS Level one listings
l2.spews.dnsbl.sorbs.net - SPEWS Level two listings
  aspews.ext.sorbs.net   - ASPEWS Listings

Return codes for these zones are 127.0.0.2

Note: The SPEWS Level two zone contains all the level one data - you do not need to query both if you are treating the data the same way.
If you were using APEWS via SORBS, sorry we have discontinued distribution of this list n the SORBS DNS servers.

Information for large sites
Large sites (100k users or more, or more than 5 messages per second sustained), please contact SORBS staff about getting local copies of the database before using SORBS. You may request a local copy of the SORBS data by using the transfer request page, or or by using the Mail/Contact Form at: http://www.us.sorbs.net/cgi-bin/mail.

 
   
Copyright © 2002-2014 by SORBS | Terms & Conditions | Privacy Policy