What is SORBS DNSBL? The Ultimate Guide to Delisting
No email marketer wants to find out that their IP got blacklisted, but unfortunately this happens. Not all blacklists are made even: while some will have no influence on the email deliverability, others will interfere with the email delivery process by making your emails go to spam or by blocking them entirely. SORBS DNSBL is one of the largest blacklists in the industry although its impact on deliverability is pretty low and it doesn’t block emails from being delivered. In this article, you will find out what is SORBS DNSBL, how it works, and how could you end up on it.
What is SORBS DNSBL?
The SORBS (Spam and Open Relay Blocking System) provides free access to its DNS-based Block List (DNSBL) to effectively block email from more than 12 million host servers known to disseminate spam, phishing attacks, and other forms of malicious email. The list typically includes email servers suspected of sending or relaying spam, servers that have been hacked and hijacked, and those with Trojan infestations. In an attempt to provide preemptive protection, SORBS also lists servers with dynamically allocated IP addresses.
What are SORBS DNSBL Zones?
SORBS has 17 distinct DNSBL zones that differ according to the listing criteria, be it sending spam from compromised accounts, having Trojan, or simply having a dynamic IP address.
Aggregate zone (contains all the following DNS zones except spam.dnsbl.sorbs.net)
If you are listed in the ‘spammers’ database, it is because you, your machine, or a previous user of the address sent an unsolicited bulk, commercial, religious, or political email to one of the administrators of SORBS or any of the spam traps SORBS operates. If your IP address is listed in SORBS Spamhost (last year) and/or in SORBS Spamhost (last 28 days), it will also be listed in the SORBS Aggregate Zone (Problems).
dnsbl.sorbs.net is the SORBS primary zone and contains all other zones. Due to the aggressive nature of some of the zones, it may not be wise to use dnsbl.sorbs.net until you are completely familiar with each of the sub-zones contained within.
This zone lists servers in which a proxy has been detected that allows anonymous access.
It is a list of Open SOCKS Proxy Servers. In general, a proxy server is primarily used for proxying HTTP traffic, whereas a SOCKS proxy can middleman any type of traffic it is configured for. These are the most dangerous kinds of open proxies as they can be used to anonymously and blindly proxy SMTP email traffic. Having an open SOCKS proxy will add your IP address to the socks.dnsbl.sorbs.net blacklist.
This list contains all other proxies that could not be classified as an HTTP proxy or a SOCKS proxy.
List of Open SMTP relay servers. Any server that allows unauthenticated email to be sent through its systems will be listed in the smtp.dnsbl.sorbs.net blacklist. This usually happens by someone reporting the server as an open relay, or when the SORBS scanners and systems notice that the system allows the sending of email without authentication.
Nefarious users have learned how to locate old email scripts, and secretly pass data to them, using them as a form of gateway to interface with the local mailer on the webserver. When an exploited machine is detected, it will be listed in web.dnsbl.sorbs.net.
List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last 48 hours. It also includes spam sent to the spam traps and honeypots.
recent.spam.dnsbl.sorbs.net lists hosts that have been sending spam for the last 28 days and it also includes all the hosts from new.spam.dnsbl.sorbs.net.
The zone includes hosts that have been sending spam for the last year, it also includes all the information from recent.spam.dnsbl.sorbs.net and new.spam.dnsbl.sorbs.net. If the host has been on this blacklist for a year, there is a high probability he is going to stay on this blacklist permanently.
This zone contains all data from old.dnsbl.sorbs.net, which in turn contains all the data in recent.dnsbl.sorbs.net and new.dnsbl.sorbs.net. This zone lists offenders that have no intention of stopping spam. These hosts have further not made any effort to ask for delisting of any kind from SORBS.
This list contains entire netblocks of ISP’s that are tolerant of spammers. This means that escalations.dnsbl.sorbs.net could potentially have some of the large shared hosting providers listed, such as DreamHost, RackSpace, BlueHost, and GoDaddy. This often can mean that hundreds of thousands of IP addresses will be contained within this blacklist.
The IP that is not to be scanned, is placed into the block.dnsbl.sorbs.net blacklist. This list can then be used by others as a way of classifying hosts as not wanting to be scanned. Interpretation of what that means is up to the administrator that chooses to use the block.dnsbl.sorbs.net blacklist.
A zombie machine is a computer or server that is no longer fully controlled by its original owner. And usually, there is a compromised system of malicious software. zombie.dnsbl.sorbs.net contains all known cases of machines that have been compromised in some way.
This list has dynamic IP Address ranges. Although a dynamic IP address is a common thing, it is not recommended to run an email server from it, so this could be the reason for a listing. If it is, the way out would be to obtain a static IP address for your email server.
IP addresses and Netblocks of where system administrators and ISPs owning the network have indicated that servers should not be present.
The aggregate zone contains all RHS zones, where RHS stands for ‘Right Hand Side’ referring to where the answer to the query is located.
List of domain names where the A or MX records point to bad address space. Bad address space could be a test network, an internal network, or something else that is not supposed to send an email.
List of domain names where the owners have indicated no email should ever originate from these domains. Listing an IP range on this list will prevent spoofing since every email would be simply blocked.
How Do I Know that My IP is Blacklisted?
SORBS returns 127.0.0.x codes to indicate your IP is blacklisted, and the last number (x) corresponds with a specific zone. To find this code you would have to look through your bounced emails. Here is the list of zones and corresponding return codes.
The simplest way to find out if you are blacklisted on SORBS DNSBL is to use the lookup on their website.
If you want to monitor your IP addresses proactively, you can use IP blacklist uptime monitoring. It will check your IPs on a regular basis automatically, and you will find out about any blacklisting issue right away. This will give you time to start the delisting process before you encounter real troubles with spam placement or email blocking.
How does Blacklisting at SORBS Impact My Email Deliverability?
The impact that a blacklist has on the email-sending ability differs. While some blacklists can block your messages entirely, others have very little effect. The good news is that SORBS DNSBL does not block your emails or websites, moreover, it is not capable of doing so. If you have a blocking problem, this blacklist is not the issue.
How did I Get Blacklisted in the First Place?
It is hard to give a simple answer to this question since SORBS has 17 DNSBL zones that differ according to the listing criteria. Some of the common reasons for blacklisting are:
- Not following email-sending best practices;
- Using open relays;
- Having servers infected by viruses;
- Using dynamic IP for email server;
- The server has been hacked or hijacked.
If you know your return code, you can easily find out what zone are you in, and see all the listing criteria and details for the delisting.
How to De-list from SORBS DNSBL?
Usually, the de-listing happens automatically after the reason for blacklisting is removed. There are zones that require manual delisting, such as dul.dnsbl.sorbs.net, zombie.dnsbl.sorbs.net and some are semi-automatic: http.dnsbl.sorbs.net, socks.dnsbl.sorbs.net, smtp.dnsbl.sorbs.net. For manual delisting, you have to create an account with SORBS, find your IPs and then you would be able to address support to apply for the de-listing.
Finally, to stay off the SORBS DNSBL, you should keep your IPs secure, make sure your servers don’t have open relays, sign up for feedback loops and run an IP blacklist check regularly.