I am trying to figure out how we got blacklisted by SORBS. I found out our email hosts IP was blacklisted, as well as our own IP from our ISP (two different companies). I am really confused. I called our email hosts and they said they were blacklisted, but it was a mistake and has been rectified. It just seesm weird that we were both blacklisted at the same time. I contacted SORBS and they sent me this response:
*** Collection of IP space considered dynamic
(Dynamic rDNS) 69.x.x.x/x
(rDNS with too short TTL) 69.x.x.x/x
The IP address space identified above is listed in SORBS DUHL list. The IP space _not_ depicted above, is _not_ listed in SORBS DUHL or is eligible for delisting. More information about this list can be found here (Please read this information thoroughly)
IP Addresses with defined rDNS and a TTL longer than 43200 seconds, have been included because they seem to point to a dynamic IP address. According to our policies, we cannot delist said IP address until actions explained below, are completed in your part.
Names that look generic (ie, include the IP address or a part of it, mention the keywords "pool", "ppp", "customer", etc) are considered by us as an indicator of the IP address being dynamically assigned. You'll find more information regarding this topic at the following RFC draft (single URL, no spaces):
(or use this shorter version instead)
Note that SORBS' tools may cache its results for up to 48 hours. Therefore, if you've recently changed your DNS configuration or intend to do so, please wait before asking us to review your case.
*** IP Space with a TTL too short
The TTL for the reverse DNS name (rDNS) of the IP address space identified above, is less than the minimum we accept for delisting, 43200 seconds. According to our policies, we cannot delist an address whose rDNS has a TTL lower than this value. Note that we recommend setting the TTL to 86400 seconds at least.
We are setting this ticket to 'Rejected', as an action is required
in your part before we can update our lists regarding the IP address you wrote us about. After one or more of the three options set forth above has been implemented, please reopen this ticket and we will
re-evaluate your case.
If you choose to modify your current DNS configuration, it is very important that you verify the correctness of your changes with a third party before asking us to review your case. This will help us all to help you faster. A reliable third party is the "Reverse DNS Lookup tool" available at http://www.dnsstuff.com/
Also, the tools used by SORBS can cache DNS lookup results for up to 48 hours. Please make sure to wait at least this time before requesting a review of this case or submitting a related one.
Your options at this time, are as follows:
(1) Send your email through your ISP's mail servers, as suggested in various places at our website.
- or -
(2) Have your DNS data modified so that the listed IP address has a clearly non-dynamic rDNS. We suggest that you include the keyword "static" on this name, to avoid future listings. Also, insure that the TTL is set to no less than 43200 seconds (we recommend 86400).
To comply with RFC1912 you must have a matching A record for every PTR record.
- or -
(3) Ask your ISP to get in touch with SORBS with the list of dynamic and static IP allocations within its network, so that our DUHL list can be updated. Note that many large ISPs do this periodically to reduce the inconvenience to its users. In this case, the communication must come from a RIR contact for the affected IP space.
Also note that if you adjust your DNS configuration properly, you may be able to use the automated delisting facility at
This facility can allow you to quickly delist IP addresses under your control without intervention of SORBS' staff.
Does anyone have any ideas or suggestions? Our email are bouncing back from some of our major clients!