tags:

views:

37

answers:

1
Q: 

How can I query Spamhaus's SBL with a domain name?

I want to query Spamhaus's SBL using a domain name. I know this is possible to do because this form (Find SBL Listings by ISP Domain Name) does it and SpamAssassin does it, but I can only seem to get it to work with IP addresses. I took a quick look at the SpamAssassin code, but it has been so generalized that I could probably spend a couple hours tracking down the code that actually does something. Right now I can successfully query SBL for IP addresses like this:

#returns 127.0.0.2, so 208.73.210.0 is on the blacklist
dig +short 0.210.73.208.sbl.spamhaus.org 

#returns nothing, so 72.14.225.72 isn't on the blacklist
dig +short 72.225.14.72.sbl.spamhaus.org

Querying with domain names seems to have something to do with DNS TXT records, but I don't know the right hostname to lookup. When I try something like

dig oversee.net.sbl.spamhaus.org TXT

I don't get any useful information back, but if you search with the form you find that oversee.net is associated with 208.73.210.0 which was reported as spamming on 30-Jul-2009 21:17 GMT.

A: 

Domains are in the "Domain Block List", not the SBL. Use dbl.spamhaus.org as the domain suffix.

The particular search you linked to is based on the ISP's domain name, and I don't believe it uses the same DNSBL interface.

Alnitak  2010-07-28 13:12:37
That is what I tried first, but "oversee.net.dbl.spamhaus.org" says oversee.net is clean. DBL checks to see if the domain "oversee.net" is used by spammers. But that is the name of the owner of the IP address, not the spammer. What I am trying to find (and the form on Spamhaus shows) is if any of the IP addresses owned by that ISP are being used by spammers. For instance google.com is obviously a clean website (and DBL confirms this), but the form shows that 12 of their IP addresses are being used to spam (the spammers are using Google Docs and the new Google URL shortener to redirect spam).
Chas. Owens  2010-07-28 14:06:48

related questions

How do I setup an MX record for a sub-domain?
Wildcards in a hosts file
Best DNS with API access.
How to gain SSL load balancing!!!
How do I get a list of all subdomains of a domain?
Using glibc, why does my gethostbyname fail after I/DHCP has changed the DNS server?
How does my shared host's nameserver resolve http://servername.com/~username/ to my top level domain?
Regular expression to match hostname or IP Address?
Can I lookup the IP address of a hostname from javascript?
DNS- Route DNS for subfolder to different server?
Python + DNS : Cannot get RRSIG records: No Answer
Hosting a website on your own server
Does a caching-nameserver usually cache the negative DNS response SERVFAIL
Blocking part of a website
How can I find the current DNS server?
How to use getaddrinfo_a to do async resolve with glibc
Setting Nameservers - how?
Redirect from domain name to a dotted quad hosted box
Redirecting ".local" subdomain to unicast DNS
Does the PHP mail() function work if I don't own the MX record
How do I find the authoritative name-server for a domain name?
How to redirect siteA to siteB with A or CNAME records
How do I prevent dnsmasq from appending my domain name to invalid domain requests?
Reverse DNS in Ruby?
How to make subdomain user accounts in a webapp