SORBS Blacklist: Listing Reasons & 4 Steps To Remove your IP

SORBS Blacklist: Listing Reasons & 4 Steps To Remove your IP

Author
Max Olkhovskyi
Published
Jul 28, 2023
Reading duration
11 min

Email engagement, no matter how productive it might be, is readily limited when your company's IP or domain gets blacklisted. While some blacklists are less destructive than others, the SORBS blacklist is one of the key blacklists that provides significant protection to internet users and actually affects your email deliverability.

To emphasize the unparalleled importance of this blacklist, we can tell you that approximately, 200K organizations ❗ worldwide use SORBS blacklist. The Australian Communication and Media Authority, the Australian Federal Police, and the United States Federal Trade Commission are among those who adhere to the list. So, considering the number of organizations, the chances of being listed for violating anti-spam policies are fairly high.

We're ready to share all the critical insights you need to stay on track, get your IP delisted, and take preventive measures to avoid being listed in the future. 

Ready for action?

The Article Walkthrough:

What Is the SORBS Blacklist

SORBS is the big DNS-based blocklist (DNSBL), which is known to block spam, phishing attacks, and malicious email from over 12 million host servers ❗️ The list is owned by Proofpoint, Inc., a leading cybersecurity company, and has been on the watch for spamming activity since 2001.  

While the word-for-word abbreviation is usually deciphered as Spam and Open Relay Blocking system, it’s worth mentioning that the list reacts to Open Proxy servers and machines that are caught sending spam, too. 

🤔 What is a DNS-based blacklist?

A DNS-based blacklist is designed to identify, categorize and report IPs and domains associated with spamming and other potentially malicious activity. A DNSBL database contains all IP addresses and domains reported for unsolicited activities so that email servers and spam filters can consult them before determining how to act on an incoming message.

SORBS database enlists most IP addresses and domains claimed to commit email abuse. You can distinguish between the SORBS Spam List (SBL), which comprises suspected IPs, and the SORBS Open Proxy List (SORBS OPL), which detects open relays.

How Does SORBS Blacklist Work?

The listing process of the SORBS blacklist relies on automatic, semi-automatic, and manual listing techniques. However, usually, the work process follows the same pattern:

1 Pict (11)

Step 1: Data collection

While the SORBS spam database is one of the most vital components of the list, the system often refers to other sources of information, such as spam traps and user reports.

🤔 What are SORBS spam traps?

SORBS spam traps consist of various email addresses, including private admin emails. When a suspected network can’t be flagged based on a single IP, larger sections are listed. Spam traps allow internet service providers and block databases like SORBS to “attract” spam emails.

Step 2: Data analysis

Before an IP or email server hits the list, the collected information should be checked so that spamming patterns are revealed. Usually, sending volumes, open relays, Trojan infestations, and other malware will speak in favor of listing.

Step 3: Blacklisting

Once an email seems to correspond with pre-set spamming patterns, it will be added to the database traps. After that, the system determines the message’s origin — its IP — and then lists it.

🤔 Is it bad to be blacklisted by SORBS?

Although not all blacklists are equally harmful to email deliverability, the SORBS blacklist can cause significant issues. If your IP address is blacklisted by SORBS, you will be unable to send email from it, and your sender reputation will suffer as a result.

Reasons Why Your Domain Can Get Listed in SORBS: Test Yourself

Ending up on a blacklist, be it a Spamhaus Blacklist, SORBS blacklist, or any other list, isn’t the most preferred destination for a reputable marketer. Thus, you must be 100% sure as to what may lead you there before it’s too late. Here’re the questions for the quick SORBS blacklist check: 

Is your server suspected of sending spam?

Even trustworthy senders tend to end up on a blacklist at least once in a lifetime. Suppose your server is suspected of being the source of spamming activity. In that case, you should revise your marketing practices, run an email deliverability test, measure the sender rep score, etc., and rule out potential reasons to be listed.

Has your server been hacked and hijacked?

Present-day hackers are getting more and more creative with ways of infiltrating legitimate networks and hijacking servers. Thus, if you're sure that you’re not the original source of harmful and unsolicited emails, a security breach may be something to investigate. Once the threat is found and terminated, you should multiply your defenses.

Could your server suffer from Trojan infestations?

Some people falsely assume that Trojans are limited to emails and files. However, these nasty pieces of work can infect entire sites, servers, and domains. Every user that comes into contact with those is potentially at risk.

Is your server linked to dynamically allocated IP addresses?

In case you don’t know, IPs can be static or dynamic. Since dynamic IPs are cheaper and easier to maintain, they are more widely spread and more prone to blacklisting. It does not mean that you shouldn’t use a dynamic IP. It’s just that the ever-changing algorithms of the address usually attract blacklists.

Most spam-blocking algorithms think that dynamically allocated addresses spread phishing attacks more often than static ones. Whenever a false positive blocking occurs, all it takes is to prove that you’re not a spammer, and you’ll be delisted.

Is your email database not verified?

A verified email list is one of the primary pillars of effective email marketing, not because you preach to the right audience but because those not interested in your offers won’t report you. If you rely on an unconfirmed database, you can expect the level of complaints to spiral, which is a direct route to the SORBS blacklist (check special email scrubbing software).

Is your IP or server poorly configured?

Once the SORBS blacklist detects inadequate security measures, missing configurations, or other potential vulnerabilities, it will add the address since it is a perfect chance for spammers to use it.

Do you use a compromised IP?

You may have inherited the address already used for spam and triggered one of the SORBS spamtraps, or it may have been manually listed by a list admin. Sometimes, a spamtrap can be infiltrated into the mailing list in use, or it is a shared server, and other users send spam directly.

Do you provide services for spam domains?

Sometimes ISPs or credit card operators provide supplementary Internet services to a domain marked as a spam source and end up on the list.

Do you belong to a group of blocked IPs?

Some ISPs treat spam reports lightly, and the pool of IPs they support gets blocked because a few users send spam directly, but the provider does not act upon client complaints and keeps them active instead of deleting them from the pool. 

The reasons are numerous and quite versatile. If you are 100% sure you can’t associate yourself with any of the points mentioned, you should act accordingly. 

Let’s proceed with a step-by-step SORBS spam removal process, shall we?

How To Delist Your IP from SORBS?

🤔 Do I have the right to delist my IP?

Sometimes you can’t succeed on your own. Those who share  equipment, such as an ISP’s outgoing mail servers, co-located servers, free web mail, etc., will require a true owner’s request to delist the IP. According to the SORBS policies, the only party that can address the issue and request delisting is the real owner of the equipment and IP address(es) on the blacklist.

Step 1: Register an account at SORBS

Unlike Spamhaus blacklist, the SORBS blacklist allows only registered users in. That’s why, to proceed with delisting, you must first create an account with the service. BTW, the registration process is simple and free of charge.

You will find a dedicated Register button in the top right corner of the page. Once you press it, a concise, filled-out form will come up. After you provide all the requested information, you must confirm your account via an opt-in email.

Image2

Step 2: Look up your IP

How do you know if you were actually blacklisted? SORBS is only one of other major blacklists. So, the first logical step would be to double confirm that you are still listed on the SORBS.

The system will redirect you to the SORBS’s delisting page when you confirm your email. You have to provide your IP to check whether it is actually listed. Proceed to the next step if it is.

Image1

Step 3: As a system administrator, answer the questions from the SORBS Support System

Some sources claim that answering questions in return for delisting is strange, to say the least. However, if you think about where these questions come from, you will realize they are aimed at your own good.

While these seem like two unrelated matters, if you answer both positively, the chances are that you will remain with the database for a while. But, you must be honest when answering, since cheating will lead to the same outcome.

Those who answer negatively will face the same result — sticking with the list for a while. Wonder why? All because people will continue flagging you, as they haven’t permitted you to share your send-outs with them.

Finally:

  • Is my IP address in the neighborhood of a spammer?
  • Is my IP address in a huge listed block?

Once you say "yes" to those, you’ve got yourself into quite a pickle or “Escalated” listing. Remember what we said about shared equipment? This is the case when you must ask your provider to fix the issue. There’s no other way, especially if you are sure that your own actions haven’t caused the blocking.

Those who’ve gotten this far can breathe. The delisting process, at its core, is pretty straightforward. The Delist Me button will appear if your case coincides with all the limits and thresholds.

IMPORTANT ❗️
"Escalated" listings can’t be Self-Delisted. You must use the listed IP to be authorized to do so.

Step 4: Wait to be delisted

After you complete the SORBS spam delist quest, you may count on on-the-spot delisting, but the formula is more complicated and time-based. While the algorithm picks the minimal time for delisting, it is applied to the IP in question based on the last spam request received.

🤔 How long should I wait to be delisted? 

The final waiting period formula will differ from case to case, depending on the amount of spam you’ve sent.

  • First-timers with fewer than 10 spam reports must wait 48 hours before final delisting.
  • Second-timers with fewer than 50 reports will have to wait seven days.
  • Third-time listees with fewer than 100 reports recorded will have to wait 30 days.
  • Fourth-time listees with under 200 reports will have to wait six months.
  • Fifth-time listees with fewer than 300 reports will have to wait a year before being delisted.

If you wonder how do you know if you were blacklisted, you can always check it on the lookup page, using your SORBS registration details. Just make sure to wait the approximate period of delisting mentioned above.

Steps to Reduce the Risks of Being Listed in the SORBS Blacklist

If you can prevent it, why not try it? With possible reasons for blocking, the range of solutions becomes much clearer.

Use a static IP, if possible

We’ve already figured out that dynamic IPs are more susceptible to SORBS blocking. Thus, if you can afford to get and configure a static IP, you should go for it.

Keep in touch with network admins

At times, there’s little you can do about getting on the SORBS list since you use shared equipment. However, you can contact the network admins every once in a while to carry out a routine check in case the server has been hacked. Surely, it seems like a hassle, but it will pay off in the future.

Trojan scans

Trojan and other malware infestations will risk your IP and your mailing list. Carry out routine scans to detect and eliminate potential threats as often as you can. 

Prevent open relays and proxies

Both open relays and proxies can compromise your server since anyone can be granted a free pass. A host list will help you deal with the matter effectively. As long as you are sure as to who can access and use your domain, you can steer clear of SORBS’s database.

Bottom Line: No Blacklisting with a Comprehensive Approach to Email Deliverability

Being alone in a world where cyber threats and blacklisting lurk around every corner is difficult. The Folderly team, on the other hand, can guide you through the darkest paths to your destination without being listed. As you improve email deliverability, you will be able to avoid blacklists like SORBS.

Furthermore, Folderly email deliverability experts can assist you in integrating and cooperating with the strictest  policies so that your sender score rises rather than falls. Remember that your mailbox health is important, and Folderly algorithms can scan it in an instant so that you can fix any potential issues before they cause you harm.

Finally, with Folderly 2.0, you can collaborate with your team and manage all tasks and roles from a single virtual space.

Do you still have any questions? Contact our email deliverability experts as soon as possible to schedule a call and get answers to all of your questions and concerns.

Let’s make your email deliverability rock.

Max Olkhovskyi
Author:
Max Olkhovskyi
Lead of Email Deliverability Specialists
As the adept Team Lead of Email Deliverability Specialists at Folderly, Maksym masters the art of perfecting email deliverability, going beyond mere domain setups. His profound knowledge enables him to provide expert solutions and advice that ensure 100% email deliverability and 70-90% open rate during campaigns. Contact at maksym.olkhovskyi@folderly.com

Also you may like

Keep an eye on your IP and domain reputation in real-time to catch any issues like blacklisting before they harm your sender reputation.