The Spam and Open Relay Blocking System
| Status: | Active |
|---|---|
| Website: | www.sorbs.net |
| Removal: | www.sorbs.net/overview.shtml |
The SORBS (Spam and Open Relay Blocking System) provides free access to its DNS-based Block List (DNSBL) to effectively block email from more than 12 million host servers known to disseminate spam, phishing attacks and other forms of malicious email. The list typically includes email servers suspected of sending or relaying spam, servers that have been hacked and hijacked, and those with Trojan infestations. In an attempt to provide preemptive protection, SORBS also lists servers with dynamically allocated IP addresses. SORBS maintains 17 distinct DNSBL zones.
Listing Policy
Not all servers online have fully configured SMTP gateways. Some are simple http servers that are designed to serve web sites and databases. Within most of these websites, a user may have the need to connect an html form to an email sending script. For this to happen, the local mailer on the server is used. This mailer generally only accepts connections from itself, making it secure, and unavailable to becoming an open relay.
In order for the web server to be useful, it has to allow scripts to send the form data entered by users. Some of these form scripts are old, and written when web security was not much of a concern. Highly popular form to email scripts have been installed on most all web servers; not all are secure. Nefarious users have learned how to locate these scripts, and secretly pass data to them, using them as a form of gateway to interface with the local mailer on the web server. In some cases, the administrator of the server is not even aware of the exploited script, as it was installed on a pay by the month shared hosting account.
When an exploited machine is detected, it will be listed in web.dnsbl.sorbs.net.