This page is to give information about getting proxy servers and open relay servers re-tested.
If you are listed in the spam, zombies, DUHL, or hacked
server databases this page is not for you!
Unless you are accessing one of the Open Relay or Proxy Details pages you will not get a retest key.
|How to get Re-Tested!
Warning:Whilst the Distributed Denial of
Service attacks continue on SORBS it is impossible
to retest your machines.
Re-testing is currently .
- Use the host that is blocked to perform all of the
steps below. The importance of this cannot be
stressed enough. Doing this from any other IP
address will not work.
- ISP staff, and net block owners, please see the sections below if you cannot use the listed host.
- To be clear, only the IP address that is
listed can request a retest key.
- You need to get the re-testing key from the
- Enter your details and then look up your IP address.
- Click the 'More..' button this will give you the
- Click the 'Get Key' Button.
Important Note: If you are not using
the host that is listed you will not see the
'Get Key' button.
- Click the 'retest' link, this will give you a key string.
- Send a mail to email@example.com
with the Subject: line set to
the key you have just received (no quotes
- When you receive the confirmation key, send a second message by
following the instructions in the message.
- Wait patiently for the retest to complete, and
recheck your entry periodically.
The keywords "key="; and "confirm=" at the beginning
of the keys are part of the keys, and need to be
included in the Subject of the retest request e-mail.
Immediately after the confirmation is received, the
IP address will be re-tested. If the test finds that
the open proxies or relays (as applicable) are gone,
the proxy listing for that IP address is marked as
"inactive and not flagged to be
published". The system will then periodically
test the host to ensure it is not just temporarily
If the retest indicates that there still are open
proxies or relays remaining, the IP address will
automatically be flagged active and to be published
If the host does NOT fail the tests, the
'last seen time' will NOT be updated. This
value indicates the last time the entry was tested
and confirmed open.
|My host has been fixed and I have been re-tested clean, why am I still in the DB...?
SORBS sets a 'block' flag in the database rather than
removing the entry. This ensures that recurring hosts
are tracked. They will become more and more difficult
to remove from the database the more often they are
tested and found to be open.
Database entries are purged after 'n' years of no
activity, where 'n' is the number of re-activations
after re tests showed the host to be clean.
|My address entry shows 'inactive and not flagged' but I still see an entry in DNS, why...?
Because of load issues with DNS based block lists,
SORBS sets the Time to Live on each positive entry
to two days. This means that the DNS server you
queried will hold the entry for 2 days, even when
it has already been removed from the SORBS database.
Yes, it will cause you pain that neither you nor SORBS
can control. However, maybe that will be pain enough to
ensure that you don't end up back in the database.
|Why is it a pain in the butt to use...?
Simple, it is to stop spammers un-listing open hosts so
they can use them for spamming. It is also to ensure
that the owner of the blocked IP address doesn't just
block the tester to get unlisted, then reopen the
server later. It also ensures the owner of the IP
address will only request removal after the open relay
or proxy server has been closed.
|I cannot access the web page from the listed host, what do I do...?
This situation usually occurs when you are a
representative of the Internet service provider that
owns the network.
For such cases, we do provide a way to get re-testing
keys by email. First of all, the IP address has to
have a reverse DNS name. If there is no reverse DNS
name for the IP address, this procedure will not work.
The key request email can only be sent from certain
email addresses. The valid email addresses are
determined by the domain indicated in the reverse DNS
name of the IP address. The primary valid email
address for this purpose is the DNS SOA (Start of
Authority) address for that domain. The secondary
valid email addresses are whatever you registered with
abuse.net for this domain. If you did not register
anything yet, it is "postmaster@that domain".
Please see abuse.net
for more information about registering contact addresses.
If all of this is in order, you may mail
from one of the authorized email addresses, and the
system will then send a set of keys back for each IP
address that you requested keys for.
The format of the mail should be:
From: <your email address>
Subject: Key request.
keys for ip: address 1
keys for ip: address 2
keys for ip: address n
If the mail is in any other format, or the sending
email address is not one of the authorized ones, you
will not get a reply. Please wait at least 60 minutes
before assuming something is wrong, though.