Add NordSpam, SpamEatingMonkey Fresh, Tiopan DBL, and SORBS RHSBL to default DNSBL zones

README.md

@@ -10,6 +10,10 @@ widely-used reputation systems.
 | Spamhaus DBL          | DNS-based DBL   | no             | admin (default on) |
 | SURBL multi           | DNS-based DBL   | no             | admin (default on) |
 | URIBL multi           | DNS-based DBL   | no             | admin (default on) |
+| NordSpam DBL          | DNS-based DBL   | no             | admin (default on) |
+| SpamEatingMonkey Fresh| DNS-based DBL   | no             | admin (default on) |
+| Tiopan DBL            | DNS-based DBL   | no             | admin (default on) |
+| SORBS RHSBL           | DNS-based DBL   | no             | admin (default on) |
 | Extra DNSBL zones     | DNS-based DBL   | no             | admin |
 | Google Safe Browsing  | HTTPS lookup    | yes (admin)    | admin |
 | OpenPhish public feed | downloaded list | no             | user (default on) |
@@ -68,7 +72,7 @@ downloaded once per hour by the provider and cached in memory.
 The report opens with a diagnosis-first "Action required" section that
 lists the most common, high-impact problems with a one-shot remediation:
 
-1. **Listed on Spamhaus DBL / SURBL / URIBL**: direct lookup link and
+1. **Listed on Spamhaus DBL / SURBL / URIBL / NordSpam / SpamEatingMonkey / Tiopan / SORBS**: direct lookup link and
    removal procedure URL per operator.
 2. **Flagged by Google Safe Browsing**: link to Google Search Console's
    security-issues review request.

checker/dnsbl.go

@@ -88,6 +88,34 @@ var DefaultDNSBLZones = []DNSBLZone{
 			return v4 != nil && v4[3] == 1
 		},
 	},
+	{
+		Zone:       "dbl.nordspam.com",
+		Label:      "NordSpam DBL",
+		LookupURL:  "https://www.nordspam.com/",
+		RemovalURL: "https://www.nordspam.com/delist/",
+		Decode:     decodeNordSpamDBL,
+	},
+	{
+		Zone:       "fresh.spameatingmonkey.net",
+		Label:      "SpamEatingMonkey Fresh",
+		LookupURL:  "https://spameatingmonkey.com/lookup",
+		RemovalURL: "https://spameatingmonkey.com/lookup",
+		Decode:     decodeSEMFresh,
+	},
+	{
+		Zone:       "dbl.tiopan.com",
+		Label:      "Tiopan DBL",
+		LookupURL:  "http://www.tiopan.com/blacklist.php",
+		RemovalURL: "http://www.tiopan.com/blacklist.php",
+		Decode:     decodeTiopanDBL,
+	},
+	{
+		Zone:       "rhsbl.sorbs.net",
+		Label:      "SORBS RHSBL",
+		LookupURL:  "http://www.sorbs.net/lookup.shtml",
+		RemovalURL: "http://www.sorbs.net/delisting/overview.shtml",
+		Decode:     decodeSORBSRHSBL,
+	},
 }
 
 func (s *dnsblSource) Query(ctx context.Context, domain, registered string, opts sdk.CheckerOptions) []SourceResult {
@@ -315,6 +343,37 @@ func decodeSURBLMulti(ip net.IP) []string {
 	return out
 }
 
+func decodeNordSpamDBL(ip net.IP) []string {
+	if ip.String() == "127.0.0.2" {
+		return []string{"Listed (spam/phishing/scam/ransomware)"}
+	}
+	return []string{"Listed (code " + ip.String() + ")"}
+}
+
+func decodeSEMFresh(ip net.IP) []string {
+	if ip.String() == "127.0.0.2" {
+		return []string{"Newly registered domain (within last 5 days)"}
+	}
+	return []string{"Listed (code " + ip.String() + ")"}
+}
+
+func decodeTiopanDBL(ip net.IP) []string {
+	if ip.String() == "127.0.0.2" {
+		return []string{"Listed (spam/abuse)"}
+	}
+	return []string{"Listed (code " + ip.String() + ")"}
+}
+
+func decodeSORBSRHSBL(ip net.IP) []string {
+	switch ip.String() {
+	case "127.0.0.11":
+		return []string{"BADCONF: domain has bad A/MX DNS records"}
+	case "127.0.0.12":
+		return []string{"NOMAIL: domain has no valid mail server"}
+	}
+	return []string{"Listed (code " + ip.String() + ")"}
+}
+
 func decodeURIBLMulti(ip net.IP) []string {
 	v4 := ip.To4()
 	if v4 == nil || v4[0] != 127 {