SORBS Blacklist: What It Is, How to Check, and How to Get Removed

If your business email suddenly stopped reaching customers, there's a good chance you've landed on a blacklist. One of the oldest and most widely used is SORBS, and a listing there can quietly tank your deliverability across thousands of mail servers overnight.

This guide explains what SORBS is, what each of its sub-lists actually tracks, how to check if you're on it, and the exact steps to get removed.

What Is SORBS?

SORBS stands for the Spam and Open Relay Blocking System. It launched in 2002 and has since become one of the more aggressive DNS-based blocklists (DNSBLs) used by email providers to filter inbound mail. When a receiving mail server checks an incoming message, it can query SORBS to see if the sending IP or domain is flagged. If it is, the message gets rejected, throttled, or shoved into spam.

SORBS isn't a single list. It's a collection of over a dozen sub-lists, each tracking a different type of bad behavior. That's important because the reason you're listed determines how you get off.

If you're new to the topic, our introduction to email blacklisting covers the basics before you dive in here.

The SORBS Sub-Lists Explained

Here's what each SORBS sub-list tracks and what gets you on it:

SPAM-related lists

• SPAM — IPs that have sent spam directly to SORBS spam traps. This is the most common reason small businesses end up listed.
• RECENT — IPs added to the spam list within the last 28 days. Newer listings are weighted more heavily by some receivers.
• OLD — Spam sources older than 28 days but still considered tainted.
• ESCALATIONS — IPs belonging to networks whose abuse desks ignored complaints. Usually a problem for hosting providers, not end users.

Open service lists

• WEB — IPs running vulnerable web scripts (like open form mailers) that spammers are abusing.
• BLOCK — Networks whose admins have explicitly told SORBS not to accept submissions. Effectively a "do not contact" flag that mail servers treat as suspicious.
• ZOMBIE — Hijacked IPs, typically infected machines being used in botnets.
• PROXIES — Open or misconfigured proxy servers.
• RELAYS — Open SMTP relays that allow anyone to send mail through them.
• SMTP — Hijacked or compromised SMTP servers.
• HTTP — Open HTTP proxies.
• MISC — Other open services not covered by the categories above.

Policy lists

• DUHL (Dynamic User Host List) — IPs that SORBS believes are dynamically assigned (residential broadband, mobile, etc.). Mail from these shouldn't be sent directly. The sorbs duhl blacklist is the most common surprise listing for self-hosted mail servers on consumer or VPS connections.
• NOSERVER — IP ranges that should never be running mail servers, like infrastructure space.

For a broader look at how these lists fit into the wider ecosystem, see our blocklists explained article.

How to Check If You're on SORBS

The fastest way to see your status across all SORBS sub-lists at once is to use a free sorbs blacklist check tool. Our email blacklist checker queries SORBS along with dozens of other major DNSBLs in a single scan, so you don't have to test each list individually.

You can also query SORBS directly via their website lookup, but that only shows one list at a time and won't tell you if you're flagged elsewhere — and a SORBS listing often comes with listings on Spamhaus, Barracuda, or others.

If you want to see the full landscape of services you should be checking, our blacklist directory has the complete list.

Step-by-Step SORBS Blacklist Removal

The sorbs blacklist removal process is the same regardless of which sub-list you're on, but the requirements differ. Here's the workflow:

1. Identify which list you're on

Run a check first. Removing yourself from the SPAM list is very different from removing yourself from DUHL. Note the exact list name from your scan results.

2. Fix the underlying problem

SORBS won't delist you until the cause is gone. That might mean:

• SPAM/RECENT/OLD — Find and stop the spam source. Check for compromised mailboxes, misconfigured forms, or a hacked CMS.
• DUHL — Confirm with your ISP that the IP is statically assigned, and get a written confirmation or rDNS update.
• PROXIES/RELAYS/SMTP/HTTP — Close the open service. Lock down your mail server, firewall the proxy, patch the script.
• ZOMBIE — Clean the infected machine completely before requesting removal.

3. Submit the delisting request

Go to the SORBS delisting form and open a support ticket for the specific list you're on. You'll need to:

• Provide the IP or domain
• Explain what the problem was
• Describe exactly how you fixed it
• For DUHL, include proof from your ISP that the IP is static and authorized to send mail

Be specific. Vague requests like "please remove me, I fixed it" get rejected. SORBS volunteers handle a high ticket volume and they reject anything that looks lazy.

4. Wait

Most listings clear within a few days once the ticket is processed. SPAM listings sometimes auto-expire after a period of clean behavior, but waiting it out can take weeks.

For a more general workflow that applies to other lists too, see how to get delisted.

Why You Keep Getting Relisted

If you've been delisted and ended up back on SORBS within days or weeks, one of these is almost certainly happening:

• A mailbox is still compromised. Change passwords, enable MFA, and check for forwarding rules you didn't set.
• A web form is being abused. Add CAPTCHA and rate limiting. Open contact forms are a top sorbs spam trigger.
• You're sending from a dynamic IP. Stop. Use a proper SMTP relay service instead.
• Your authentication is broken. Without SPF, DKIM, and DMARC, your mail looks indistinguishable from spoofed traffic.
• You're sending to stale lists. Hitting old addresses triggers spam traps fast.

Prevention: Stay Off SORBS for Good

A few habits keep you out of trouble:

1. Authenticate everything. Set up SPF, DKIM, and DMARC properly.
2. Use a reputable sending service. Don't send marketing or transactional mail directly from your office or VPS.
3. Keep your list clean. Remove bounces and unengaged contacts on a schedule.
4. Lock down forms. Any web form that can send mail is a target.
5. Monitor continuously. A blacklist listing you don't know about is one that's already costing you customers. Set up email blacklist monitoring so you find out within minutes, not weeks.

SORBS isn't going anywhere, and neither are the dozens of other blacklists watching your traffic. The businesses that avoid deliverability disasters are the ones that catch problems before customers start complaining.