The SORBS DNSBL is just list of numbers, nothing more, nothing less. The significance of these numbers is that they are related to hosts on the Internet whose condition/settings have included the particular vulnerabilities which we seek to eliminate, i.e. open relays, open proxies, etc.

As a prospective user of the SORBS lists the most important question you need to ask yourself is: Do I understand the listing criteria for the list(s) I plan to use?

Then, you have a number of choices/decisions to make:
  1. How aggressive at stopping spam do you want to be?
  2. Do you want to trust the SORBS admins as well as a testing script?
  3. Do you trust the scripts the SORBS admins employ to identify badly configured hosts?
  4. Do you run your own mailserver?
  5. Do you run your server for other people?
  6. Do you want to reject email or just flag it as spam?
In addition to the above you also have to consider how much load you are going to put on the servers, including the SORBS DNS server. For large or busy sites please see the information for large sites.

How do server administrators use SORBS...?
Server administrators may use SORBS by querying the server directly using their mailserver's features.

Configurations for common mailservers are:

Zones Available - Aggregate zone (contains all the following DNS zones
			      except - List of Open HTTP Proxy Servers. - List of Open SOCKS Proxy Servers. - List of open Proxy Servers not listed in
			      the SOCKS or HTTP lists. - List of Open SMTP relay servers. - List of web (WWW) servers which have spammer
			      abusable vulnerabilities (e.g. FormMail scripts)
			      Note: This zone now includes non-webserver
			      IP addresses that have abusable vulnerabilities. - List of hosts that have been noted as sending
			      spam/UCE/UBE to the admins of SORBS within the last
			      48 hours. - List of hosts that have been noted as sending
			      spam/UCE/UBE to the admins of SORBS within the last
			      28 days (includes - List of hosts that have been noted as sending
			      spam/UCE/UBE to the admins of SORBS within the last
			      year. (includes - List of hosts that have been noted as sending
			      spam/UCE/UBE to the admins of SORBS at any time, 
			      and not subsequently resolving the matter and/or
			      requesting a delisting. (Includes both and - This zone contains netblocks of spam supporting
			      service providers, including those who provide
			      websites, DNS or drop boxes for a spammer.  Spam
			      supporters are added on a 'third strike and you are
			      out' basis, where the third spam will cause the
			      supporter to be added to the list. - List of hosts demanding that they never be tested
			      by SORBS. - List of networks hijacked from their original
			      owners, some of which have already used for spamming. - Dynamic IP Address ranges (NOT a Dial Up list!) - IP addresses and Netblocks of where system administrators
                              and ISPs owning the network have indicated that servers
                              should not be present. - Hosts that have delivered known viruses to the SORBS
                              spamtrap servers in the last 7 days.  The zone has a
                              high overlap with the as viruses
                              that are not instantly recognised initially listed as
                              spam (polymorphic viruses tend to do this.) - Aggregate zone (contains all RHS zones) - List of domain names where the A or MX
			      records point to bad address space. - List of domain names where the owners have
			      indicated no email should ever originate from these

Note: The domain includes infected Nimba and Code Red hosts, as well as hosts that contain FormMail scripts, or other known exploits that allow a remote user to use that host to sent/relay spam. Exploits that include guessing passwords will not be included. Where possible, servers will not be exploited in the process of testing.

SORBS Return Codes
SORBS returns 127.0.0.x codes to indicate which database the test result was obtained from. If you use the aggregate zone, the return codes will still reflect the specific database(s) from which the results have been obtained.

e.g. If returns

then would also return

If an IP address appears in more than one database and you query using the aggregate zone, all applicable codes are returned.

e.g. If in addition, returns

then would return both and

Return codes are:

Additional Aggregate Zones
SORBS also provides other aggregate zones as follows:
	       Zone Name		Zones Included
	       =========		==============

Additional Zones such as (A)SPEWS...
In addition to providing the SORBS zones, SORBS also makes the ASPEWS and SPEWS data available by DNSbl lookup.

As the policy of SORBS (and one of the reasons for creating SORBS) was the publishing of data that is fully under SORBS control, the ASPEWS and SPEWS zones are not included in the SORBS aggregate zone. This is the same reason why SORBS does not present other DNSbls' data.

For those wanting the ASPEWS or SPEWS data by simple DNSbl lookup, SORBS provides the following zones as a courtesy: - SPEWS Level one listings - SPEWS Level two listings   - ASPEWS Listings

Return codes for these additional zones are

Note: The SPEWS Level two zone contains all the level one data - you do not need to query both if you are treating the data the same way.
If you were using APEWS via SORBS, sorry we have discontinued distribution of this list n the SORBS DNS servers.

Information for large sites
Large sites (100k users or more, or more than 5 messages per second sustained), please contact SORBS staff about getting local copies of the database before using SORBS. You may request a local copy of the SORBS data by using the transfer request page, or or by using the Mail/Contact Form at:

Copyright © 2002-2023 by SORBS | Terms & Conditions | Privacy Policy