*** Welcome to piglix ***

Spam and Open Relay Blocking System


SORBS ("Spam and Open Relay Blocking System") is a list of e-mail servers suspected of sending or relaying spam (a DNS Blackhole List). It has been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.

The SORBS DNSbl project was created in November 2002. It was maintained as a private list until 6 January 2003 when the DNSbl was officially launched to the public. The list consisted of 78,000 proxy relays and rapidly grew to over 3,000,000 alleged compromised spam relays.

In November 2009 SORBS was acquired by GFI Software, to enhance their mail filtering solutions.

In July 2011 SORBS was re-sold to Proofpoint, Inc.

SORBS adds IP ranges that belong to dialup modem pools, dynamically allocated wireless, and DSL connections as well as DHCP LAN ranges by using reverse DNS PTR records, WHOIS records, and sometimes by submission from the ISPs themselves. This is called the DUHL or Dynamic User and Host List. SORBS does not automatically rescan DUHL listed hosts for updated rDNS so to remove an IP address from the DUHL the user or ISP has to request a delisting or rescan. If other blocks are scanned in the region of listings and the scan includes listed netspace, SORBS automatically removes the netspace marked as static.

Matthew Sullivan of SORBS proposed in an Internet Draft that generic reverse DNS addresses include purposing tokens such as static or dynamic, abbreviations thereof, and more. That naming scheme would have allowed end users to classify IP addresses without the need to rely on third party lists, such as the SORBS DUHL. The Internet Draft has since expired. Generally it is considered more appropriate for ISPs to simply block outgoing traffic to port 25 if they wish to prevent users from sending email directly, rather than specifying it in the reverse DNS record for the IP.

SORBS' dynamic IP list originally came from Dynablock but has been developed independently since Dynablock stopped updating in December 2003.

IP addresses that send spam to SORBS spamtraps are added to their spam database automatically or manually. In order to prevent being blacklisted, major free email services such as Gmail, Yahoo, and Hotmail, as well as major ISPs now implement outgoing anti-spam countermeasures. Gmail, for example, continues to get listed and delisted because they refuse abuse reports. However, smaller networks may still be unwittingly blocked. Because spammers use viruses, malware, and rootkits to force compromised computers to send spam, SORBS lists the IP addresses of servers that the infected system uses to send its spam. Because of this, larger ISPs and corporate networks have started blocking port 25 in order to prevent these compromised computers from being able to send email except through designated email servers.


...
Wikipedia

...