We've been blacklisted--HELP!

Posted on 2006-07-06
Medium Priority
Last Modified: 2010-05-18
I am trying to figure out how we got blacklisted by SORBS. I found out our email hosts IP was blacklisted, as well as our own IP from our ISP (two different companies). I am really confused. I called our email hosts and they said they were blacklisted, but it was a mistake and has been rectified. It just seesm weird that we were both blacklisted at the same time. I contacted SORBS and they sent me this response:

*** Collection of IP space considered dynamic
(Dynamic rDNS) 69.x.x.x/x

(rDNS with too short TTL) 69.x.x.x/x

The IP address space identified above is listed in SORBS DUHL list. The IP space _not_ depicted above, is _not_ listed in SORBS DUHL or is eligible for delisting.  More information about this list can be found here (Please read this information thoroughly)


IP Addresses with defined rDNS and a TTL longer than 43200 seconds, have been included because they seem to point to a dynamic IP address. According to our policies, we cannot delist said IP address until actions explained below, are completed in your part.

Names that look generic (ie, include the IP address or a part of it, mention the keywords "pool", "ppp", "customer", etc) are considered by us as an indicator of the IP address being dynamically assigned. You'll find more information regarding this topic at the following RFC draft (single URL, no spaces):


(or use this shorter version instead)


Note that SORBS' tools may cache its results for up to 48 hours. Therefore, if you've recently changed your DNS configuration or intend to do so, please wait before asking us to review your case.

*** IP Space with a TTL too short

The TTL for the reverse DNS name (rDNS) of the IP address space identified above, is less than the minimum we accept for delisting, 43200 seconds. According to our policies, we cannot delist an address whose rDNS has a TTL lower than this value. Note that we recommend setting the TTL to 86400 seconds at least.

We are setting this ticket to 'Rejected', as an action is required
in your part before we can update our lists regarding the IP address you wrote us about. After one or more of the three options set forth above has been implemented, please reopen this ticket and we will
re-evaluate your case.

If you choose to modify your current DNS configuration, it is very important that you verify the correctness of your changes with a third party before asking us to review your case. This will help us all to help you faster. A reliable third party is the "Reverse DNS Lookup tool" available at http://www.dnsstuff.com/

Also, the tools used by SORBS can cache DNS lookup results for up to 48 hours. Please make sure to wait at least this time before requesting a review of this case or submitting a related one.

Your options at this time, are as follows:

(1) Send your email through your ISP's mail servers, as suggested in various places at our website.

- or -

(2) Have your DNS data modified so that the listed IP address has a clearly non-dynamic rDNS. We suggest that you include the keyword "static" on this name, to avoid future listings. Also, insure that the TTL is set to no less than 43200 seconds (we recommend 86400).

To comply with RFC1912 you must have a matching A record for every PTR record.

- or -

(3) Ask your ISP to get in touch with SORBS with the list of dynamic and static IP allocations within its network, so that our DUHL list can be updated. Note that many large ISPs do this periodically to reduce the inconvenience to its users. In this case, the communication must come from a RIR contact for the affected IP space.

Also note that if you adjust your DNS configuration properly, you may be able to use the automated delisting facility at


This facility can allow you to quickly delist IP addresses under your control without intervention of SORBS' staff.

Thank you

SORBS Support"

Does anyone have any ideas or suggestions? Our email are bouncing back from some of our major clients!

Question by:kevotron
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 12

Accepted Solution

GinEric earned 2000 total points
ID: 17050902
Sorbs is unreliable, dnsstuff says they should not be used.  Therefore, you need to send a regular mail letter to the admin of your major client and tell them to remove sorbs as a legitimate source for email spam.

You know, if email fails, there is always the U.S. Mail and other postal outfits.  I would also advise your major client to refrain from using the term "blacklist," since it is offensive to a lot of people around the world.  One spam blocker outfit in California was sued for associating a legitimate site, the holocaust victims site and Sam Weisenthal and the institute, with the word "blacklist."

Most have switched to something more reasonable, blocking or blocklisting.

Sorbs, like others, thinks that you should go through hoops to fix their basic slander.  Blocking a whole /8 prefix block is not a legitimate way to identify spam, plus, it may be libelous.

Sorbs probably won't care until some large outfit says "That's enough from you!"

You can try the delisting, but it only encourages outfits like sorbs to continue in their unthinking approach to fighting spam by accusing the innocent.

Tell your clients not to use sorbs, even if you have to send them a real letter.

Expert Comment

ID: 17051308
This is really in your email host's ball court, since they send your mail, they are the ones that need to get de-listed.

You should consider switching to a different host if you are loosing business because of this.

Author Comment

ID: 17051956
cool thanks for the help, I have heard lots of stuff about SORBS now and it all makes sense. Say, when you say "Blacklist" is offensive to people around the world, is it seen as rascist?
LVL 12

Expert Comment

ID: 17064258
When you say "blacklist" it is pretty much seen as anti-semitic by at least the Sam Weisenthal Institute.  Sam said their use of the word "blacklist" was defaming to his nazi hunter site, so, yes, I would say that the use of the word "blacklist" is, indeed, racist.  Whether it's a blackball [old London practice designed to weed out unboysclub mariners] or blacklist [a McCarthyism used by the U.S. government, especially the Pentagon after World War Two to put competitors out of business, or just those who disagreed with some pensioners there], it's both offensive and racist.

Both practices, blackballing and blacklisting, are illegal.  Both are un-Constitutional.

A corporation can't be found to be using the terms, so even if they only defend that use by saying they were trying to prevent spam is not going to get them out of hot water and the attention of the Press.  Better off not to use them from the start and to tell the administrator not to use such terms.  It's the bottom line you see, based on the public's perception of their response to legitimate concerns about their participation in society.

No successful CEO would allow the terms.

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question