Definitions:

what is a DNSBL?

a DNSBL, for Domain Name System Black List, is a protocol to distribute a blacklist of domain names or ip addresses, using the DNS protocol. one can check if a domain name or an ip address is in a DNSBL by querying a subdomain of the DNSBL root service this way:

if our "root service" is "zen.spamhaus.org", querying "example.net" in the blacklist would require to query "example.net.zen.spamhaus.org" if we want to check an IP address, we query the IP address, but reversed (this allow to blacklist entire networks). to query the presence in the blacklist of "192.168.0.1", we should query "1.0.168.192.zen.spamhaus.org"

Usually, a DNSBL return NXDOMAIN (domain not found) when a value is not in the blacklist, and return 127.0.0.1 (or another similar value) when it is in the blacklist.

what is a URIBL?

a URIBL is a kind of DNSBL which tells that a domain names is blacklisted because it was used either in comment form spams or email spams, either as sender of the spam, or using URL of this domain in spam.


Existing URIBL

Is there equivalent existing projects?

https://uribl.com and http://www.surbl.org are existing uribl. Their listing and delisting process may be described on their website.

How is SARBL working?

Spammers are smart :) they always try to hide and masquerade as legit emails. They also need to be able to prove that people saw their email, therefore they often use tracking url or white pixels in their emails, so that people opening their email or clicking in it can be tracked as such. As a result, spammers need domain names, either to use as sender for their mailing, or as print/click/tracking urls.

That's how uribl usually works: they receive spams from people, and they find domain names in those spams. When a domain seems to be used only for spamming purpose, it can be blacklisted. The problem is that domain names are cheap : down to 5$ a year for some TLD (like .pl, .com etc.). As a result, now, spammers are buying a different domain name every day, which means that even if we blacklist his domain one day, they would use another one the day after ...

SARBL try to fix this by finding common factors to all the domains of a specific spammer, example of common factors includes: ip address of certain subdomains, name servers, or even content in the webpage that may be served by the domain name.

Thanks to that, we can not only filter existing domain names of spammers, but also the domain they just bought for their next campaign!

Some of our users are contributing to SARBL by giving us their spams, thanks to that, we can find new patterns to include in the filtering.

PLEASE BE WARNED that SARBL is not the ultimate perfect spamming filtering tool: use it among others filters!

Are there any statistics available?

Yes. We publish daily, weekly and monthly stats in our webpage at https://sarbl.org/stats.php

There, you can see how many times each of our filters were triggered from a query of our users, and how many different domain names they had.

This does not match exactly how many spams were filtered, since we answer with DNS answers with a one minute caching time. This gives a proper ratio between spammers though.

To protect ourselves from unwanted trials, we hide the name of each company in our counters. People who participate to SARBL's enhancement can see those full company names.

Is there opensource code available to replicate this behavior on my own server?

Sadly no, not at the moment. Some people have access to the entire source code and the list of filters we are using, but only those who contributed to the SARBL.

Even if we strongly believe in free software, the problem with spam is that publishing the techniques we use would make them quickly useless, since spammers will change their behavior to go around our filters.


I am a marketing agency, a mailing provider, a mail routing provider, and I am listed in your URIBL, but I'm not a spammer!

It's really more likely that you ARE a spammer. Be aware that we consider that any email received without a confirmed optin of a user is a spam (even if some local laws allow to send mailing to corporate generic emails). In our mind, confirmed optin is the rule.

You may try and contact us using the email team [at] sarbl.org, and explain us, with precise examples, why we should consider removing you from our blacklist. Please specify the domain names used in the filtered email, including domain names used in FROM, TO, and HTML links or pictures. We NEVER do blacklist based on IP address

We enter spammers individually in our spam list, manually, with no fully-automated process, and thanks to that we achieve a "almost no false positive" quality. Therefore, if we have to remove a filter, it should be done manually too. Your request will be read by humans, be gentle and precise. Thanks.

Can I pay you something or buy you some service to improve my deliverability?

If you are thinking of something like "can I pay you to remove my company from your filters?", the answer is NO.

If you are in our filter, it means either that you have a shitty job which consists of sending crappy email into people's mailbox without their consent, OR that you are using a mailing service of a company who did that so much that we chose to add this company to our blocklist.

Wow-contribution-icon.jpg

How can I help ?

Can I help SARBL doing a better job ?

Yes ! If you are a sysadmin or just have your own server somewhere on the Internet, we are interested. SARBL is doing (quite a lot of) WHOIS queries to whois databases all over the Internet, and also a few GET queries to web servers. But Whois servers are quick at detecting our requests and consider them as abuse. To prevent this, we need proxies located on various networks on the Internet.

So, If you have a web server with PHP (v5 or v7) installed, and can host a small and safe php script, please host this script : https://updates.sarbl.org/sarbl.php in your server, and tell us you did it by sending an email at team AT sarbl.org, telling us at which URL we can join it. You will help us providing a better service.

If, in the future, we publish a new version of our software, we will ask you to update your script on your server.

Thanks for your help !