uptimeify-dnsbl 1.0.0

package/README.md

@@ -0,0 +1,146 @@
+# uptimeify-dnsbl
+
+A lightweight, purely functional helper for checking if an IP is blocklisted. We handle the math and the mapping, you handle the network.
+
+## What is this?
+
+Checking DNS blocklists (DNSBL/RBL) usually involves three annoying steps:
+
+1. Reversing the IP address (e.g. `1.2.3.4` -> `4.3.2.1` or the complex IPv6 nibble format).
+2. Knowing which lists to check and what their specific return codes mean.
+3. Making the DNS queries.
+
+**uptimeify-dnsbl** solves #1 and #2. We give you the exact domains to query and parse the confusing result codes (like `127.0.0.4`) into human-readable reasons.
+
+We intentionally **do not** perform the DNS lookups internally. This allows you to use your preferred DNS resolver, manage timeouts, handle concurrency, and cache results exactly how your app needs it.
+
+## Features
+
+- **IPv4 & IPv6 Support**: Correctly handles IP reversal for both protocols.
+- **Result Parsing**: Translates cryptic return codes (`127.0.0.2`, `127.0.0.10`) into actual messages ("Listed in SBL", "ISP Policy").
+- **Delisting Links**: Provides direct URLs to removal forms when available.
+- **Zero Dependencies**: Just pure Javascript logic.
+
+## Included Lists
+
+We maintain definitions for the most reliable and widely used lists:
+
+- **Spamhaus ZEN** (SBL, CSS, XBL, PBL) - _The gold standard_
+- **Barracuda** (BRBL)
+- **SpamCop**
+- **Abusix Mail Intelligence**
+- **SORBS** (Aggregate)
+- **UCEPROTECT** (Level 1)
+- **Hostkarma**
+- **Backscatterer**
+- **Invaluement SIP**
+- **SpamCannibal**
+- **DroneBL**
+- **Spam Eating Monkey** (SEM-BLACK)
+- **URIBL Black**
+- **Madavi DNSBL**
+- **RV-SOFT Technology**
+- **ZapBL**
+- **Suomispam Reputation**
+- **Kempt.net**
+- **Korea Services**
+- **NiX Spam**
+- **Passive Spam Block List** (PSBL)
+- **InterServer RBL**
+- **Spamhaus SBL**
+- **all.s5h.net**
+- **Abuse.ch Combined**
+- **UCEPROTECT Level 2**
+- **Abuse.ch Drone**
+- **OrveDB AuBads**
+- **0spam RBL**
+- **Singular TTK PTE**
+- **SpamRats Spam**
+- **Spamsources Fabel**
+- **Virus RBL JP**
+- **Woody's SMTP Blacklist**
+- **WPBL**
+- **UCEPROTECT Level 3**
+- **Duinv AuPads**
+- **Gweep Proxy**
+- **Gweep Relays**
+- **Abuse.ch Spam**
+- **Digibase Spambot**
+- **Lashback UBL**
+- **WormRBL**
+- **0spam Blocklist**
+- **Team Cymru Bogons**
+- **SpamRats Dyna**
+- **SpamRats NoPtr**
+- **Nether.net Relays**
+- **Imp.ch Spam RBL**
+- **Mailspike Z**
+- **Anonmails.de**
+- **Pedantic.org**
+- **Swinog**
+- **GBUdb Truncate**
+- **LashBack UBL**
+
+## How to use it
+
+### 1. Install
+
+```bash
+npm install uptimeify-dnsbl
+```
+
+### 2. Check an IP
+
+```javascript
+import { getLookupDomains, parseLookupResult } from "uptimeify-dnsbl";
+import { resolve4 } from "node:dns/promises";
+
+async function check(ip) {
+	// 1. Get the list of domains to query
+	const checks = getLookupDomains(ip);
+	// Returns array: [{ address: "4.3.2.1.zen.spamhaus.org", listKey: "zen.spamhaus.org" }, ...]
+
+	// 2. Run your DNS lookups
+	// We use typical Promise handling here, but you can use any async pattern
+	const results = await Promise.allSettled(
+		checks.map(async ({ address, listKey }) => {
+			// A successful DNS A-record lookup means the IP is listed.
+			// If the IP is clean, resolve4 throws ENOTFOUND.
+			const [code] = await resolve4(address);
+			return parseLookupResult(listKey, code);
+		}),
+	);
+
+	// 3. Process results
+	const listings = results
+		.filter((r) => r.status === "fulfilled") // Successful lookup = Listed
+		.map((r) => r.value);
+
+	if (listings.length > 0) {
+		console.log(`❌ IP ${ip} is listed on:`);
+		listings.forEach((listing) => {
+			console.log(`   - ${listing.name}`);
+			console.log(`     Reason: ${listing.reason}`);
+			console.log(`     Delist: ${listing.delistUrl}`);
+		});
+	} else {
+		console.log(`✅ IP ${ip} is clean.`);
+	}
+}
+
+check("127.0.0.2");
+```
+
+## API
+
+### `getLookupDomains(ip)`
+
+Returns an array of objects containing the fully qualified domain to query (`address`) and the identifier key (`listKey`).
+
+### `parseLookupResult(listKey, resultCode)`
+
+Takes the list identifier and the IP address returned by the DNS query (e.g., `127.0.0.2`) and returns a rich object with the listing name, reason, and delist URL.
+
+### `parseLookupResultJson(listKey, resultCode)`
+
+Same as `parseLookupResult`, but returns a stringified JSON representation of the result.

package/examples/test.js

@@ -0,0 +1,116 @@
+/**
+ * Uptimeify DNSBL - Usage Example
+ *
+ * This script demonstrates how to identify if an IP address is blacklisted
+ * using the helper functions provided by this library.
+ *
+ * Workflow:
+ * 1. Generate lookup domains using `getLookupDomains(ip)`
+ * 2. Query these domains using standard DNS lookups (A records)
+ * 3. Parse the results using `parseLookupResult(listKey, code)`
+ */
+
+import {
+	getLookupDomains,
+	parseLookupResult,
+	parseLookupResultJson,
+} from "../src/index.js";
+import { resolve4 } from "node:dns/promises";
+import { performance } from "node:perf_hooks";
+
+async function checkIP(ip) {
+	console.log(`\n🔎 Checking IP: ${ip}`);
+
+	try {
+		// 1. Get the list of all DNSBL domains to query for this IP
+		const startGetDomains = performance.now();
+		const domains = getLookupDomains(ip);
+		const endGetDomains = performance.now();
+		console.log(
+			`   Preparing to query ${domains.length} blacklists... (took ${(endGetDomains - startGetDomains).toFixed(5)}ms)`,
+		);
+
+		let totalParseTime = 0;
+
+		// 2. Perform DNS lookups in parallel
+		// Note: handling DNS queries is outside the scope of the library,
+		// but standard Node.js 'dns' module works perfectly.
+		const results = await Promise.all(
+			domains.map(async ({ address, listKey }) => {
+				try {
+					// resolve4 throws ENOTFOUND if the record doesn't exist (IP is clean)
+					const addresses = await resolve4(address);
+					const code = addresses[0]; // e.g., '127.0.0.2'
+
+					// 3. Parse the returned code into a readable structure
+					const startParse = performance.now();
+					const result = parseLookupResult(listKey, code);
+					const endParse = performance.now();
+					totalParseTime += endParse - startParse;
+
+					return result;
+				} catch (error) {
+					if (error.code === "ENOTFOUND") {
+						// Domain not found = IP is not on this blacklist
+						return {
+							name: listKey,
+							listed: false,
+							reason: "Not Listed",
+							code: null,
+						};
+					}
+					// Handle other DNS errors
+					return {
+						name: listKey,
+						listed: false,
+						reason: `DNS Error: ${error.code}`,
+						code: null,
+					};
+				}
+			}),
+		);
+
+		console.log(
+			`   [Perf] Cumulative time in parseLookupResult: ${totalParseTime.toFixed(5)}ms`,
+		);
+
+		// Display the findings
+		const listed = results.filter((r) => r.listed);
+
+		if (listed.length > 0) {
+			console.log(`\n❌ [LISTED] Found in ${listed.length} blacklists:`);
+			listed.forEach((res) => {
+				console.log(`   - ${res.name}`);
+				console.log(`     Reason: ${res.reason}`);
+				console.log(`     Code:   ${res.code}`);
+				if (res.delistUrl) {
+					console.log(`     Delist: ${res.delistUrl}`);
+				}
+				console.log("");
+			});
+		} else {
+			console.log("✅ [CLEAN] IP is not listed in any supported blacklists.");
+		}
+	} catch (err) {
+		console.error("Critical Error during check:", err.message);
+	}
+}
+
+// --- Execution ---
+
+console.log("--- DNSBL Verification Utility ---");
+
+// Check IPv4
+await checkIP("213.209.159.159");
+
+// Check IPv6
+await checkIP("2a06:4880:8000::99");
+
+// Check JSON Parsing Feature
+console.log("\n-----------------------------------");
+console.log("ℹ️  JSON Output Test:");
+const startJson = performance.now();
+const demoJson = parseLookupResultJson("zen.spamhaus.org", "127.0.0.4");
+const endJson = performance.now();
+console.log(demoJson);
+console.log(`   (took ${(endJson - startJson).toFixed(5)}ms)`);

package/package.json

@@ -0,0 +1,25 @@
+{
+	"name": "uptimeify-dnsbl",
+	"version": "1.0.0",
+	"description": "Helper module to prepare DNSBL queries and parse results.",
+	"main": "src/index.js",
+	"types": "src/index.d.ts",
+	"type": "module",
+	"exports": {
+		".": "./src/index.js"
+	},
+	"scripts": {
+		"test": "node examples/test.js"
+	},
+	"keywords": [
+		"dnsbl",
+		"blacklist",
+		"spam",
+		"check"
+	],
+	"author": "Uptimeify",
+	"license": "MIT",
+	"engines": {
+		"node": ">=20.0.0 <25.0.0"
+	}
+}

package/src/definitions.js

@@ -0,0 +1,459 @@
+/**
+ * @typedef {Object} BlacklistDefinition
+ * @property {string} name - The human-readable name of the blacklist
+ * @property {string} delistUrl - URL where a user can request removal
+ * @property {Object.<string, string>} mappings - Mapping of return codes (IPs) to reasons
+ */
+
+/**
+ * Definition of known blacklists and their return codes.
+ * @type {Object.<string, BlacklistDefinition>}
+ */
+export const blacklists = {
+	"zen.spamhaus.org": {
+		name: "Spamhaus ZEN",
+		delistUrl: "https://check.spamhaus.org/",
+		mappings: {
+			"127.0.0.2": "Listed in SBL (Spamhaus Block List - Direct spam sources)",
+			"127.0.0.3":
+				"Listed in CSS (Combating Spam Syndicate - Compromised hosts)",
+			"127.0.0.4":
+				"Listed in XBL/PBL (Exploits/Policy Block List - Botnets, open proxies, dynamic IPs)",
+			"127.0.0.5":
+				"Listed in XBL/PBL (Exploits/Policy Block List - Botnets, open proxies, dynamic IPs)",
+			"127.0.0.6":
+				"Listed in XBL/PBL (Exploits/Policy Block List - Botnets, open proxies, dynamic IPs)",
+			"127.0.0.7":
+				"Listed in XBL/PBL (Exploits/Policy Block List - Botnets, open proxies, dynamic IPs)",
+			"127.0.0.10": "PBL - ISP Policy",
+			"127.0.0.11": "PBL - ISP Policy",
+		},
+	},
+	"b.barracudacentral.org": {
+		name: "Barracuda Reputation Block List",
+		delistUrl: "https://www.barracudacentral.org/rbl/removal-request",
+		mappings: {
+			"127.0.0.2": "Listed in Barracuda RBL",
+		},
+	},
+	"bl.spamcop.net": {
+		name: "SpamCop Blocking List",
+		delistUrl: "https://www.spamcop.net/bl.shtml",
+		mappings: {
+			"127.0.0.2": "Listed in SpamCop",
+		},
+	},
+	"combined.mail.abusix.zone": {
+		name: "Abusix Mail Intelligence",
+		delistUrl: "https://abusix.com/lookup/",
+		mappings: {
+			"127.0.0.2": "Blacklisted (Generic)",
+			"127.0.0.3": "Blacklisted (External)",
+			"127.0.0.4": "Blacklisted (Dynamic/Policy)",
+		},
+	},
+	"dnsbl.sorbs.net": {
+		name: "SORBS Aggregate",
+		delistUrl: "http://www.sorbs.net/lookup.shtml",
+		mappings: {
+			"127.0.0.2": "HTTP Proxy",
+			"127.0.0.3": "SOCKS Proxy",
+			"127.0.0.4": "Misc Proxy",
+			"127.0.0.5": "SMTP Relay",
+			"127.0.0.6": "Spam Source",
+			"127.0.0.7": "Web Spam",
+			"127.0.0.8": "Block List",
+			"127.0.0.9": "Zombie",
+		},
+	},
+	"dnsbl-1.uceprotect.net": {
+		name: "UCEPROTECT Level 1",
+		delistUrl: "http://www.uceprotect.net/en/rblcheck.php",
+		mappings: {
+			"127.0.0.2": "Listed in UCEPROTECT Level 1",
+		},
+	},
+	"nodes.junkemailfilter.com": {
+		name: "Hostkarma",
+		delistUrl: "http://www.junkemailfilter.com/",
+		mappings: {
+			"127.0.0.2": "Blacklisted (Spam Source)",
+			"127.0.0.3": "Yellow list (Mixed spam/non-spam)",
+			"127.0.0.4": "Brown list (Suspicious/Score)",
+			"127.0.0.5": "No Blacklist (Do not block)",
+			"127.0.0.1": "Whitelisted (Pass)",
+		},
+	},
+	"ips.backscatterer.org": {
+		name: "Backscatterer",
+		delistUrl: "http://www.backscatterer.org/?target=test",
+		mappings: {
+			"127.0.0.2": "Listed in Backscatterer",
+		},
+	},
+	"ivm-sip.invaluement.com": {
+		name: "Invaluement SIP",
+		delistUrl: "https://www.invaluement.com/lookup/",
+		mappings: {
+			"127.0.0.2": "Listed in Invaluement SIP",
+		},
+	},
+	"bl.spamcannibal.org": {
+		name: "SpamCannibal",
+		delistUrl: "http://www.spamcannibal.org/",
+		mappings: {
+			"127.0.0.2": "Listed in SpamCannibal",
+		},
+	},
+	"dnsbl.dronebl.org": {
+		name: "DroneBL",
+		delistUrl: "https://dronebl.org/lookup",
+		mappings: {
+			"127.0.0.2": "Sample",
+			"127.0.0.3": "IRC Drone",
+			"127.0.0.5": "Bottler",
+			"127.0.0.6": "Glass bot",
+			"127.0.0.7": "DDoS Drone",
+			"127.0.0.8": "SOCKS Proxy",
+			"127.0.0.9": "HTTP Proxy",
+			"127.0.0.10": "ProxyChain",
+			"127.0.0.11": "Web Page Proxy",
+			"127.0.0.12": "Open DNS Resolver",
+			"127.0.0.13": "Brute Force Attackers",
+			"127.0.0.14": "Open Wingate Proxy",
+			"127.0.0.15": "Compromised Router / Gateway",
+			"127.0.0.16": "Rootkit / Trojan",
+			"127.0.0.17": "Automatically Determined Botnet (Tracker)",
+			"127.0.0.18": "DNSBL / Tor Exit Node",
+			"127.0.0.255": "Unknown",
+		},
+	},
+	"bl.spameatingmonkey.net": {
+		name: "Spam Eating Monkey SEM-BLACK",
+		delistUrl: "https://spameatingmonkey.com/lookup",
+		mappings: {
+			"127.0.0.2": "Listed in SEM-BLACK",
+		},
+	},
+	"black.uribl.com": {
+		name: "URIBL Black",
+		delistUrl: "https://lookup.uribl.com/",
+		mappings: {
+			"127.0.0.2": "Listed in URIBL Black",
+		},
+	},
+	"dnsbl.madavi.de": {
+		name: "Madavi DNSBL",
+		delistUrl: "https://www.madavi.de/en/dnsbl.html",
+		mappings: {
+			"127.0.0.2": "Listed in Madavi DNSBL",
+		},
+	},
+	"dnsbl.rv-soft.info": {
+		name: "RV-SOFT Technology DNSBL",
+		delistUrl: "http://dnsbl.rv-soft.info",
+		mappings: {
+			"127.0.0.2": "Open relay",
+			"127.0.0.3": "Open proxy",
+			"127.0.0.4": "Spam source",
+			"127.0.0.5": "Malware domain",
+			"127.0.0.6": "Phishing messages",
+			"127.0.0.7": "Spear phishing messages",
+			"127.0.0.8": "Fraudulent messages, HOAX",
+			"127.0.0.9": "Blackmail messages",
+			"127.0.0.10": "Spam from End User, local PC",
+			"127.0.0.11": "Non-RFC Compliant",
+			"127.0.0.12": "Does not properly handle 5xx errors",
+			"127.0.0.13": "Compromised System - DDoS",
+			"127.0.0.14": "Compromised System - Relay",
+			"127.0.0.15": "Compromised System - Proxy",
+			"127.0.0.16": "Compromised System - Autorooter/Scanner",
+			"127.0.0.17": "Compromised System - Mass mailing virus",
+			"127.0.0.18": "Compromised System - Mass mailing phishing",
+			"127.0.0.19": "Bad reputation",
+			"127.0.0.20": "Mass distribution",
+			"127.0.0.126": "Other reason",
+			"127.0.0.127": "Private record",
+		},
+	},
+	"dnsbl.zapbl.net": {
+		name: "ZapBL",
+		delistUrl: "http://zapbl.net/",
+		mappings: {
+			"127.0.0.2": "Listed in ZapBL",
+		},
+	},
+	"gl.suomispam.net": {
+		name: "Suomispam Reputation",
+		delistUrl: "https://suomispam.net/",
+		mappings: {
+			"127.0.0.2": "Listed in Suomispam",
+		},
+	},
+	"dnsbl.kempt.net": {
+		name: "Kempt.net DNSBL",
+		delistUrl: "http://dnsbl.kempt.net/",
+		mappings: {
+			"127.0.0.2": "Listed in Kempt.net",
+		},
+	},
+	"korea.services.net": {
+		name: "Korea Services DNSBL",
+		delistUrl: "http://www.korea.services.net/",
+		mappings: {
+			"127.0.0.2": "Listed in Korea Services",
+		},
+	},
+	"nixspam.heise.de": {
+		name: "NiX Spam",
+		delistUrl: "https://www.heise.de/ix/nixspam/",
+		mappings: {
+			"127.0.0.2": "Listed in NiX Spam",
+		},
+	},
+	"psbl.surriel.com": {
+		name: "Passive Spam Block List (PSBL)",
+		delistUrl: "http://psbl.surriel.com/",
+		mappings: {
+			"127.0.0.2": "Listed in PSBL",
+		},
+	},
+	"rbl.interserver.net": {
+		name: "InterServer RBL",
+		delistUrl: "http://rbl.interserver.net/",
+		mappings: {
+			"127.0.0.2": "Listed in InterServer RBL",
+		},
+	},
+	"sbl.spamhaus.org": {
+		name: "Spamhaus SBL",
+		delistUrl: "https://check.spamhaus.org/",
+		mappings: {
+			"127.0.0.2": "Listed in SBL (Spamhaus Block List)",
+		},
+	},
+	"spam.dnsbl.anonmails.de": {
+		name: "Anonmails.de DNSBL",
+		delistUrl: "https://spam.dnsbl.anonmails.de/",
+		mappings: {
+			"127.0.0.2": "Listed in Anonmails.de",
+		},
+	},
+	"spam.pedantic.org": {
+		name: "Pedantic.org spam list",
+		delistUrl: "http://www.pedantic.org/",
+		mappings: {
+			"127.0.0.2": "Listed in Pedantic.org",
+		},
+	},
+	"swinog.spam.dnsbl.ch": {
+		name: "Swinog DNSBL",
+		delistUrl: "https://www.swinog.ch/spam/",
+		mappings: {
+			"127.0.0.2": "Listed in Swinog",
+		},
+	},
+	"truncate.gbudb.net": {
+		name: "GBUdb Truncate",
+		delistUrl: "http://www.gbudb.com/truncate/",
+		mappings: {
+			"127.0.0.2": "Listed in GBUdb",
+		},
+	},
+	"ubl.unsubscore.com": {
+		name: "LashBack UBL",
+		delistUrl: "https://blacklist.lashback.com/",
+		mappings: {
+			"127.0.0.2": "Listed in LashBack UBL",
+		},
+	},
+	"all.s5h.net": {
+		name: "all.s5h.net",
+		delistUrl: "http://s5h.net",
+		mappings: {
+			"127.0.0.2": "Listed in all.s5h.net",
+		},
+	},
+	"combined.abuse.ch": {
+		name: "Abuse.ch Combined",
+		delistUrl: "https://abuse.ch",
+		mappings: {
+			"127.0.0.2": "Listed in Abuse.ch",
+		},
+	},
+	"dnsbl-2.uceprotect.net": {
+		name: "UCEPROTECT Level 2",
+		delistUrl: "http://www.uceprotect.net/en/rblcheck.php",
+		mappings: {
+			"127.0.0.2": "Listed in UCEPROTECT Level 2",
+		},
+	},
+	"drone.abuse.ch": {
+		name: "Abuse.ch Drone",
+		delistUrl: "https://abuse.ch",
+		mappings: {
+			"127.0.0.2": "Listed in Abuse.ch Drone",
+		},
+	},
+	"orvedb.aupads.org": {
+		name: "OrveDB AuBads",
+		delistUrl: "https://aupads.org",
+		mappings: {
+			"127.0.0.2": "Listed in OrveDB",
+		},
+	},
+	"rbl.0spam.org": {
+		name: "0spam RBL",
+		delistUrl: "https://0spam.org",
+		mappings: {
+			"127.0.0.2": "Listed in 0spam RBL",
+		},
+	},
+	"singular.ttk.pte.hu": {
+		name: "Singular TTK PTE",
+		delistUrl: "http://singular.ttk.pte.hu",
+		mappings: {
+			"127.0.0.2": "Listed in Singular TTK PTE",
+		},
+	},
+	"spam.spamrats.com": {
+		name: "SpamRats Spam",
+		delistUrl: "https://www.spamrats.com",
+		mappings: {
+			"127.0.0.38": "Listed in SpamRats Spam",
+		},
+	},
+	"spamsources.fabel.dk": {
+		name: "Spamsources Fabel",
+		delistUrl: "http://www.fabel.dk",
+		mappings: {
+			"127.0.0.2": "Listed in Spamsources Fabel",
+		},
+	},
+	"virus.rbl.jp": {
+		name: "Virus RBL JP",
+		delistUrl: "http://www.rbl.jp",
+		mappings: {
+			"127.0.0.2": "Listed in Virus RBL JP",
+		},
+	},
+	"blacklist.woody.ch": {
+		name: "Woody's SMTP Blacklist",
+		delistUrl: "http://blacklist.woody.ch",
+		mappings: {
+			"127.0.0.2": "Listed in Woody's",
+		},
+	},
+	"db.wpbl.info": {
+		name: "WPBL",
+		delistUrl: "http://wpbl.info",
+		mappings: {
+			"127.0.0.2": "Listed in WPBL",
+		},
+	},
+	"dnsbl-3.uceprotect.net": {
+		name: "UCEPROTECT Level 3",
+		delistUrl: "http://www.uceprotect.net/en/rblcheck.php",
+		mappings: {
+			"127.0.0.2": "Listed in UCEPROTECT Level 3",
+		},
+	},
+	"duinv.aupads.org": {
+		name: "Duinv AuPads",
+		delistUrl: "https://aupads.org",
+		mappings: {
+			"127.0.0.2": "Listed in Duinv",
+		},
+	},
+	"proxy.bl.gweep.ca": {
+		name: "Gweep Proxy",
+		delistUrl: "http://gweep.ca",
+		mappings: {
+			"127.0.0.2": "Listed in Gweep Proxy",
+		},
+	},
+	"relays.bl.gweep.ca": {
+		name: "Gweep Relays",
+		delistUrl: "http://gweep.ca",
+		mappings: {
+			"127.0.0.2": "Listed in Gweep Relays",
+		},
+	},
+	"spam.abuse.ch": {
+		name: "Abuse.ch Spam",
+		delistUrl: "https://abuse.ch",
+		mappings: {
+			"127.0.0.2": "Listed in Abuse.ch Spam",
+		},
+	},
+	"spambot.bls.digibase.ca": {
+		name: "Digibase Spambot",
+		delistUrl: "http://bls.digibase.ca",
+		mappings: {
+			"127.0.0.2": "Listed in Digibase Spambot",
+		},
+	},
+	"ubl.lashback.com": {
+		name: "Lashback UBL",
+		delistUrl: "https://blacklist.lashback.com",
+		mappings: {
+			"127.0.0.2": "Listed in Lashback UBL",
+		},
+	},
+	"wormrbl.imp.ch": {
+		name: "WormRBL",
+		delistUrl: "http://antispam.imp.ch",
+		mappings: {
+			"127.0.0.2": "Listed in WormRBL",
+		},
+	},
+	"bl.0spam.org": {
+		name: "0spam Blocklist",
+		delistUrl: "https://0spam.org",
+		mappings: {
+			"127.0.0.2": "Listed in 0spam",
+		},
+	},
+	"bogons.cymru.com": {
+		name: "Team Cymru Bogons",
+		delistUrl: "https://www.team-cymru.com/bogon-reference.html",
+		mappings: {
+			"127.0.0.2": "Listed in Bogons",
+		},
+	},
+	"dyna.spamrats.com": {
+		name: "SpamRats Dyna",
+		delistUrl: "https://www.spamrats.com",
+		mappings: {
+			"127.0.0.36": "Listed in SpamRats Dyna",
+		},
+	},
+	"noptr.spamrats.com": {
+		name: "SpamRats NoPtr",
+		delistUrl: "https://www.spamrats.com",
+		mappings: {
+			"127.0.0.38": "Listed in SpamRats NoPtr",
+		},
+	},
+	"relays.nether.net": {
+		name: "Nether.net Relays",
+		delistUrl: "http://puck.nether.net/bl/",
+		mappings: {
+			"127.0.0.2": "Listed in Nether.net",
+		},
+	},
+	"spamrbl.imp.ch": {
+		name: "Imp.ch Spam RBL",
+		delistUrl: "http://antispam.imp.ch",
+		mappings: {
+			"127.0.0.2": "Listed in Imp.ch",
+		},
+	},
+	"z.mailspike.net": {
+		name: "Mailspike Z",
+		delistUrl: "http://mailspike.net",
+		mappings: {
+			"127.0.0.2": "Listed in Mailspike Z",
+		},
+	},
+};

package/src/index.d.ts

@@ -0,0 +1,65 @@
+export interface LookupDomain {
+	/** The domain to query (e.g. 2.0.0.127.zen.spamhaus.org) */
+	address: string;
+	/** The key of the blacklist (e.g. zen.spamhaus.org) */
+	listKey: string;
+}
+
+export interface LookupResult {
+	/** The name of the blacklist or listKey if unknown */
+	name: string;
+	/** Whether the IP is listed (true) or not (false) */
+	listed: boolean;
+	/** The reason for listing or status message */
+	reason: string;
+	/** The IP returned by the DNS query, or null */
+	code: string | null;
+	/** URL to request delisting, or null */
+	delistUrl: string | null;
+}
+
+export interface BlacklistDefinition {
+	/** The human-readable name of the blacklist */
+	name: string;
+	/** URL where a user can request removal */
+	delistUrl: string;
+	/** Mapping of return codes (IPs) to reasons */
+	mappings: Record<string, string>;
+}
+
+/**
+ * Definition of known blacklists and their return codes.
+ */
+export const blacklists: Record<string, BlacklistDefinition>;
+
+/**
+ * Generates the list of domains to query.
+ *
+ * @param ip - The IPv4 or IPv6 address to check.
+ * @returns List of domains to query.
+ */
+export function getLookupDomains(ip: string): LookupDomain[];
+
+/**
+ * Parses the result from a DNS A-record lookup.
+ *
+ * @param listKey - The blacklist domain (e.g. 'zen.spamhaus.org')
+ * @param resultCode - The IP returned by the DNS query (e.g. '127.0.0.2')
+ * @returns Human readable result
+ */
+export function parseLookupResult(
+	listKey: string,
+	resultCode: string,
+): LookupResult;
+
+/**
+ * Parses the result from a DNS A-record lookup and returns a JSON string.
+ *
+ * @param listKey - The blacklist domain (e.g. 'zen.spamhaus.org')
+ * @param resultCode - The IP returned by the DNS query (e.g. '127.0.0.2')
+ * @returns JSON formatted string
+ */
+export function parseLookupResultJson(
+	listKey: string,
+	resultCode: string,
+): string;

package/src/index.js

@@ -0,0 +1,163 @@
+import { blacklists } from "./definitions.js";
+import net from "node:net";
+
+/**
+ * @typedef {Object} LookupDomain
+ * @property {string} address - The domain to query (e.g. 2.0.0.127.zen.spamhaus.org)
+ * @property {string} listKey - The key of the blacklist (e.g. zen.spamhaus.org)
+ */
+
+/**
+ * @typedef {Object} LookupResult
+ * @property {string} name - The name of the blacklist or listKey if unknown
+ * @property {boolean} listed - Whether the IP is listed (true) or not (false)
+ * @property {string} reason - The reason for listing or status message
+ * @property {string|null} code - The IP returned by the DNS query, or null
+ * @property {string|null} delistUrl - URL to request delisting, or null
+ */
+
+/**
+ * Reverses an IP address for DNSBL queries.
+ * Supports IPv4 and IPv6.
+ * @param {string} ip
+ * @returns {string|null} Reversed IP (d.c.b.a for IPv4, nibbles for IPv6) or null if invalid
+ */
+function reverseIP(ip) {
+	if (typeof ip !== "string") {
+		return null;
+	}
+
+	if (net.isIPv4(ip)) {
+		return ip.split(".").reverse().join(".");
+	}
+
+	if (net.isIPv6(ip)) {
+		try {
+			// Expand ::
+			let expanded = ip;
+			if (ip.indexOf("::") !== -1) {
+				const parts = ip.split("::");
+				const left = parts[0].split(":").filter((p) => p);
+				const right = parts[1].split(":").filter((p) => p);
+				const missing = 8 - (left.length + right.length);
+				// Safety check for invalid IPv6 length
+				if (missing < 0) return null;
+				const middle = new Array(missing).fill("0000");
+				expanded = [...left, ...middle, ...right].join(":");
+			}
+
+			// Check for IPv4-mapped IPv6 addresses (contain dots), not supported for now
+			if (expanded.includes(".")) {
+				return null;
+			}
+
+			const segments = expanded.split(":").map((part) => part.padStart(4, "0"));
+			const fullHex = segments.join("");
+
+			return fullHex.split("").reverse().join(".");
+		} catch (e) {
+			return null;
+		}
+	}
+
+	return null;
+}
+
+/**
+ * Generates the list of domains to query.
+ *
+ * @param {string} ip - The IPv4 or IPv6 address to check.
+ * @returns {Array<LookupDomain>} List of domains to query.
+ */
+export function getLookupDomains(ip) {
+	if (!ip || typeof ip !== "string") {
+		throw new Error("IP address must be a non-empty string");
+	}
+
+	const reversed = reverseIP(ip);
+	if (!reversed) {
+		throw new Error(`Invalid IP address: ${ip}`);
+	}
+
+	return Object.keys(blacklists).map((listKey) => {
+		return {
+			address: `${reversed}.${listKey}`,
+			listKey: listKey,
+		};
+	});
+}
+
+/**
+ * Parses the result from a DNS A-record lookup.
+ *
+ * @param {string} listKey - The blacklist domain (e.g. 'zen.spamhaus.org')
+ * @param {string} resultCode - The IP returned by the DNS query (e.g. '127.0.0.2')
+ * @returns {LookupResult} Human readable result
+ */
+export function parseLookupResult(listKey, resultCode) {
+	if (!listKey || typeof listKey !== "string") {
+		return {
+			name: "Unknown",
+			listed: false,
+			reason: "Invalid list key provided",
+			code: resultCode || null,
+			delistUrl: null,
+		};
+	}
+
+	const hasProp = Object.prototype.hasOwnProperty.call(blacklists, listKey);
+	const listDef = hasProp ? blacklists[listKey] : null;
+
+	if (!listDef) {
+		return {
+			name: listKey,
+			listed: true,
+			reason: "Unknown List",
+			code: resultCode,
+			delistUrl: null,
+		};
+	}
+
+	try {
+		if (listKey === "nodes.junkemailfilter.com" && resultCode === "127.0.0.1") {
+			return {
+				name: listDef.name,
+				listed: false,
+				reason: listDef.mappings[resultCode] || "Whitelisted",
+				code: resultCode,
+				delistUrl: listDef.delistUrl,
+			};
+		}
+
+		const reason = listDef.mappings?.[resultCode] || "Listed (Unknown Reason)";
+
+		return {
+			name: listDef.name,
+			listed: true,
+			reason: reason,
+			code: resultCode,
+			delistUrl: listDef.delistUrl,
+		};
+	} catch (error) {
+		return {
+			name: listDef.name || listKey,
+			listed: true,
+			reason: "Error parsing result",
+			code: resultCode,
+			delistUrl: listDef.delistUrl || null,
+		};
+	}
+}
+
+/**
+ * Parses the result from a DNS A-record lookup and returns a JSON string.
+ *
+ * @param {string} listKey - The blacklist domain (e.g. 'zen.spamhaus.org')
+ * @param {string} resultCode - The IP returned by the DNS query (e.g. '127.0.0.2')
+ * @returns {string} JSON formatted string
+ */
+export function parseLookupResultJson(listKey, resultCode) {
+	return JSON.stringify(parseLookupResult(listKey, resultCode));
+}
+
+export { blacklists };