[Zones Available]
dnsbl.sorbs.net - Aggregate zone (contains all the following DNS zones except spam.dnsbl.sorbs.net)
http.dnsbl.sorbs.net - List of Open HTTP Proxy Servers.
socks.dnsbl.sorbs.net - List of Open SOCKS Proxy Servers.
misc.dnsbl.sorbs.net - List of open Proxy Servers not listed in the SOCKS or HTTP lists.
smtp.dnsbl.sorbs.net - List of Open SMTP relay servers.
web.dnsbl.sorbs.net - List of web (WWW) servers which have spammer abusable vulnerabilities (e.g. FormMail scripts)
Note: This zone now includes non-webserver IP addresses that have abusable vulnerabilities.
new.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last 48 hours.
recent.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last 28 days (includes new.spam.dnsbl.sorbs.net).
old.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last
year. (includes recent.spam.dnsbl.sorbs.net).
spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS at any time, and not subsequently resolving the matter and/or requesting a delisting. (Includes both old.spam.dnsbl.sorbs.net and escalations.dnsbl.sorbs.net).
escalations.dnsbl.sorbs.net - This zone contains netblocks of spam supporting service providers, including those who provide websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be added to the list.
block.dnsbl.sorbs.net - List of hosts demanding that they never be tested by SORBS.
zombie.dnsbl.sorbs.net - List of networks hijacked from their original owners, some of which have already used for spamming.
dul.dnsbl.sorbs.net - Dynamic IP Address ranges (NOT a Dial Up list!)
rhsbl.sorbs.net - Aggregate zone (contains all RHS zones)
badconf.rhsbl.sorbs.net - List of domain names where the A or MX records point to bad address space.
nomail.rhsbl.sorbs.net - List of domain names where the owners have indicated no email should ever originate from these domains.
Note: The web.dnsbl.sorbs.net domain includes infected Nimba and Code Red hosts, as well as hosts that contain FormMail scripts, or other known exploits that allow a remote user to use that host to sent/relay spam. Exploits that include guessing passwords will not be included. Where possible, servers will not be exploited in the process of testing.
[SORBS Return Codes]
SORBS returns 127.0.0.x codes to indicate which database the test result was obtained from. If you use the aggregate zone, the return codes will still reflect the specific database(s) from which the results have been obtained.
e.g. If 4.3.2.1.socks.dnsbl.sorbs.net returns 127.0.0.3
then
4.3.2.1.dnsbl.sorbs.net would also return 127.0.0.3.
If an IP address appears in more than one database and you query using the aggregate zone, all applicable codes are returned.
e.g. If in addition, 4.3.2.1.http.dnsbl.sorbs.net returns 127.0.0.2
then 4.3.2.1.dnsbl.sorbs.net would return both 127.0.0.2 and 127.0.0.3
Return codes are:
http.dnsbl.sorbs.net 127.0.0.2
socks.dnsbl.sorbs.net 127.0.0.3
misc.dnsbl.sorbs.net 127.0.0.4
smtp.dnsbl.sorbs.net 127.0.0.5
new.spam.dnsbl.sorbs.net 127.0.0.6
recent.spam.dnsbl.sorbs.net 127.0.0.6
old.spam.dnsbl.sorbs.net 127.0.0.6
spam.dnsbl.sorbs.net 127.0.0.6
escalations.dnsbl.sorbs.net 127.0.0.6
web.dnsbl.sorbs.net 127.0.0.7
block.dnsbl.sorbs.net 127.0.0.8
zombie.dnsbl.sorbs.net 127.0.0.9
dul.dnsbl.sorbs.net 127.0.0.10
badconf.rhsbl.sorbs.net 127.0.0.11
nomail.rhsbl.sorbs.net 127.0.0.12
[Additional Aggregate Zones]
SORBS also provides other aggregate zones as follows:
Zone Name Zones Included
========= ==============
dnsbl.sorbs.net http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
new.spam.dnsbl.sorbs.net
recent.spam.dnsbl.sorbs.net
escalations.dnsbl.sorbs.net
web.dnsbl.sorbs.net
dul.dnsbl.sorbs.net
block.dnsbl.sorbs.net
zombie.dnsbl.sorbs.net
safe.dnsbl.sorbs.net http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
new.spam.dnsbl.sorbs.net
web.dnsbl.sorbs.net
block.dnsbl.sorbs.net
zombie.dnsbl.sorbs.net
dul.dnsbl.sorbs.net
problems.dnsbl.sorbs.net http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
new.spam.dnsbl.sorbs.net
recent.spam.dnsbl.sorbs.net
old.spam.dnsbl.sorbs.net
escalations.dnsbl.sorbs.net
web.dnsbl.sorbs.net
block.dnsbl.sorbs.net
zombie.dnsbl.sorbs.net
relays.dnsbl.sorbs.net http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
proxies.dnsbl.sorbs.net http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
[Additional Zones such as (A)SPEWS...]
In addition to providing the SORBS zones, SORBS also makes the ASPEWS and SPEWS data available by DNSbl lookup.
As the policy of SORBS (and one of the reasons for creating SORBS) was the publishing of data that is fully under SORBS control, the ASPEWS and SPEWS zones are not included in the SORBS aggregate zone. This is the same reason why SORBS does not present other DNSbls' data.
For those wanting the ASPEWS or SPEWS data by simple DNSbl lookup, SORBS provides the following zones as a courtesy:
l1.spews.dnsbl.sorbs.net - SPEWS Level one listings
l2.spews.dnsbl.sorbs.net - SPEWS Level two listings
aspews.ext.sorbs.net - ASPEWS Listings
Return codes for these zones are 127.0.0.2
Note: The SPEWS Level two zone contains all the level one data - you do not need to query both if you are treating the data the same way.
If you were using APEWS via SORBS, sorry we have discontinued distribution of this list n the SORBS DNS servers.