SORBS Spam Blacklist: What Is It?
If you've ever faced email deliverability issues, you're most likely familiar with Internet anti-spam protocols. Most protocols and measures help verify all email addresses before attempting outreach. One key safeguard is the Spam and Open Relay Blocking System (SORBS).
The system ensures that people receive fewer spam emails in their inboxes. Learn what SORBS is, how it works, and how to move forward if your IP was placed on the blacklist.
What is SORBS?
SORBS (Spam and Open Relay Blocking System) is a DNS-based blacklist service used to list email IP addresses from known sources of spam and open relays. The SORBS database blocks emails from suspected senders.
The SORBS list consists of IP addresses. SORBS adds these IPs to their spam list due to suspicion of sending spam, phishing, or malware. SORBS’s goal is to combat any form of malicious email.
SORBS blacklists email servers as well when it detects that they are attempting to either facilitate, transmit or forward spam messages. When an email comes from a listed source, mail servers using SORBS can reject or flag the email as spam.
Domains that allow unauthorized users to relay emails through their servers also end up on the SORBS spam list. Even domains associated with distributing malware aren’t spared.
According to the latest report, SORBS has listed over 12 million host servers globally. A listing on a DNS-based blacklist significantly impacts email deliverability. This doesn't automatically guarantee that your emails will land in the spam folder. However, it significantly increases the likelihood that email providers and spam filters that use SORBS as a reference will block your emails.
A SORBS listing can disrupt email transmission from dynamically allocated IP addresses. Spammers often use these types of IP addresses to deceive people into revealing their personal information. This can also be the case if you send emails using private email servers or smaller Internet service providers (ISPs).
How the SORBS works
SORBS works as a real-time blacklist to identify and stop emails from IP addresses known for facilitating malicious activities. The system leverages the domain name system (DNS) to filter incoming emails.
SORBS lists an IP address if someone reports it as a source of spam or if a user configured it as an open relay or proxy.
When an email arrives from a particular IP address, SORBS verifies the reports for patterns indicative of spam. Once verified, the SORBS database adds the IP address to the appropriate blacklist category.
Next, the email servers query the Spam and Open Relay Blocking System during the email-receiving process to check if the sender's IP address is listed. The system responds whether the IP address is blacklisted or not.
If the IP address is in the database list, the mail server may block the email outright. Alternatively, the email may be flagged as suspicious to allow further scrutiny by administrators.
Key features of SORBS
The Spam and Open Relay Blocking System has several key features that contribute to its role in combating spam. First, it operates as a DNS-based blacklist, or DNSBL, where mail servers query the list to determine whether or not to block an incoming email based on the sender's IP address.
SORBS doesn't simply lump all problematic sources together. It categorizes listings based on the type of activity or suspicion, allowing for tailored filtering. Categories include open relays, spam sources, dynamic IP ranges, and more.
SORBS also maintains several different zones, each targeting specific types of unwanted email sources. The blacklist is updated in real time to reflect new threats, thus removing IP addresses that no longer pose a risk.
SORBS also provides mechanisms for requesting a delisting if an IP or domain entered the list by mistake. However, the process can be complex and time-consuming. It also allows for granular control over filtering. It can whitelist specific IP addresses or domains to prevent them from a block even if listed.
Why does SORBS blacklist your IP address?
SORBS blacklists your IP address if it finds your email infected in some way.
Unfortunately, you can go on the list even when using email services like Gmail or Outlook. These platforms use a large pool of IP addresses to send out emails.
Finding your sending IP listed on SORBs is often not directly because of your actions. Many users share these IPs. However, the fact that your IP address is listed on SORBS doesn't affect the email client’s excellent track record for delivering emails to inboxes. Here are the main reasons why an IP goes on a blacklist.
Reccurent spam messages
Given that your IP address has been sending unsolicited bulk emails, the chances of it being flagged by SORBS as a spam source are high. Even legitimate mail servers aren’t immune to the DNS-based blacklist.
Spamming happens when a large volume of emails arrive from your address in a short period. The recipients may also report these emails as spam.
Open relay blocking system
An open relay is a mail server that allows anyone on the Internet to send email through it. Spammers love open relays because they can send massive amounts of spam without exposing their own IP addresses.
Therefore, it becomes harder to trace the source of the spam. This practice puts the burden of dealing with spam complaints on the owner of the open relay server.
Open proxy
Open proxies can be used to route malicious traffic, including spam. Any IP address associated with an open proxy ends up on the SORBS list.
Your IP address is blacklisted in 'socks.dnsbl.sorbs.net' in case it is found to have an open SOCKS proxy.
Using dynamic IP addresses
We have two types of addresses: static and dynamic. Many ISPs assign IP addresses dynamically, which means they can change frequently.
Many prefer this dynamic IP range because of its difficulty to track. Spammers use such IPs to differentiate spam from a residential Internet connection or a compromised device.
Compromised email accounts
Unauthorized persons can gain access to a legitimate email account through phishing and use it to send fake emails. Any IP address related to an email account might then enter the blacklisted, even though the owner of the account is the victim.
Malware infected machines
Malware, like viruses, worms, or Trojans, can infect a computer on your network and turn it into a spam-sending bot. Even if you are unaware of the infection, spam originating from your network can result in a block on your IP address.
SORBS DNSBL zones
SORBS maintains a range of distinct DNSBL zones. Some of the core zones include:
- dnsbl.sorbs.net. This is the primary SORBS zone and contains all of the other zones. As the most aggressive of the zones, users must utilize it cautiously.
- new.spam.dnsbl.sorbs.net. This contains IP addresses that sent spam within the last 48 hours.
- recent.dnsbl.sorbs.net. This consists of IP addresses that the list suspects of having sent emails within the last 28 days.
- old.dnsbl.sorbs.net. This zone includes IP addresses used to share compromised e-messages within the last year.
- spam.dnsbl.sorbs.net. This features IP addresses that spammers use to send malicious information on multiple occasions. The list acknowledes them as persistent spam sources with no intention of stopping.
- http.dnsbl.sorbs.net. This flags a web proxy permitting unauthorized access.
- socks.dnsbl.sorbs.net. This identifies SOCKS proxies facilitating anonymous connections.
- smtp.dnsbl.sorbs.net. This tracks SMTP servers accepting unauthenticated emails.
How to delist your IP from SORBS spam blacklist
It’s easy to get your IP address from the SORBs spam blacklist. Begin by completing an online form on the SORBS website. This form requires your contact information, IP address, and email address.
SORBS will then review your request and get back to you with further instructions. Depending on your situation, you may need to provide additional information to demonstrate the legitimacy of your domain.
Once SORBS approves your request, they will typically remove your IP address or domain name from their blacklist within 24 hours.
Best practices for avoiding SORBS block list
To avoid a listing in the blacklist, adhere to good email practices. Here are some steps you can take.
- Monitor your domain's reputation. Regularly check your domain's standing with spam-checking services and major ISPs. Tools like Warmy.io can help you identify blacklist and reputation issues.
- Implement SPF records and DKIM signatures. These email authentication methods help verify that your emails are legitimate. They reduce the likelihood of receiving a flag from anti-spam services.
- Avoid shared IP addresses. When selecting a web hosting provider, opt for a dedicated IP address over a shared one. Shared IP addresses are more vulnerable to contamination with malicious traffic from other users.
- Maintain clean mailing lists. Regularly update your mailing lists by removing invalid or inactive email addresses to ensure accuracy. This prevents bounces, which can negatively impact your reputation with mail servers.
- Keep your sending volume to a minimum. Sending a high volume of emails can indicate a spammy address. Only send necessary emails, and send them to legitimate addresses or domains.
Frequently asked questions
How do I check if my IP is on the SORBS Spam blacklist?
You can use an online service, but the most obvious way is to contact SORBS directly. You’ll receive information on why it was listed and under which category.
How do I get rid of SORBS spam?
Simply visit the SORBS website and request delisting. Remember that SORBS has specific requirements for delisting, so it is essential to follow their instructions carefully.
What does the SORBs spam firewall do?
A SORBS spam firewall is a hardware-based anti-spam appliance designed to protect email servers from spam. It acts as a proxy to your primary SMTP server.
