uptimeify-dnsbl 1.0.0 → 1.0.2

package/README.md

@@ -26,9 +26,9 @@ We intentionally **do not** perform the DNS lookups internally. This allows you
 We maintain definitions for the most reliable and widely used lists:
 
 - **Spamhaus ZEN** (SBL, CSS, XBL, PBL) - _The gold standard_
+- **Spamhaus DQS (ZEN)** - Same result parsing, but query via Spamhaus DQS (requires a DQS key)
 - **Barracuda** (BRBL)
 - **SpamCop**
-- **Abusix Mail Intelligence**
 - **SORBS** (Aggregate)
 - **UCEPROTECT** (Level 1)
 - **Hostkarma**
@@ -38,7 +38,6 @@ We maintain definitions for the most reliable and widely used lists:
 - **DroneBL**
 - **Spam Eating Monkey** (SEM-BLACK)
 - **URIBL Black**
-- **Madavi DNSBL**
 - **RV-SOFT Technology**
 - **ZapBL**
 - **Suomispam Reputation**
@@ -52,7 +51,6 @@ We maintain definitions for the most reliable and widely used lists:
 - **Abuse.ch Combined**
 - **UCEPROTECT Level 2**
 - **Abuse.ch Drone**
-- **OrveDB AuBads**
 - **0spam RBL**
 - **Singular TTK PTE**
 - **SpamRats Spam**
@@ -61,7 +59,6 @@ We maintain definitions for the most reliable and widely used lists:
 - **Woody's SMTP Blacklist**
 - **WPBL**
 - **UCEPROTECT Level 3**
-- **Duinv AuPads**
 - **Gweep Proxy**
 - **Gweep Relays**
 - **Abuse.ch Spam**
@@ -77,7 +74,6 @@ We maintain definitions for the most reliable and widely used lists:
 - **Mailspike Z**
 - **Anonmails.de**
 - **Pedantic.org**
-- **Swinog**
 - **GBUdb Truncate**
 - **LashBack UBL**
 
@@ -97,8 +93,15 @@ import { resolve4 } from "node:dns/promises";
 
 async function check(ip) {
 	// 1. Get the list of domains to query
-	const checks = getLookupDomains(ip);
+	const checks = getLookupDomains(ip, {
+		spamhaus: {
+			// Default: "zen" (public). Use "dqs" to query Spamhaus via DQS.
+			mode: process.env.SPAMHAUS_DQS_KEY ? "dqs" : "zen",
+			dqsKey: process.env.SPAMHAUS_DQS_KEY,
+		},
+	});
 	// Returns array: [{ address: "4.3.2.1.zen.spamhaus.org", listKey: "zen.spamhaus.org" }, ...]
+	// Or with DQS:   [{ address: "4.3.2.1.<DQS_KEY>.zen.dq.spamhaus.net", listKey: "zen.dq.spamhaus.net" }, ...]
 
 	// 2. Run your DNS lookups
 	// We use typical Promise handling here, but you can use any async pattern
@@ -133,10 +136,28 @@ check("127.0.0.2");
 
 ## API
 
-### `getLookupDomains(ip)`
+### `getLookupDomains(ip, options?)`
 
 Returns an array of objects containing the fully qualified domain to query (`address`) and the identifier key (`listKey`).
 
+#### Spamhaus DQS
+
+You can switch Spamhaus from the public DNSBL hostnames to Spamhaus DQS by passing an options object.
+
+```js
+const checks = getLookupDomains("1.2.3.4", {
+	spamhaus: {
+		mode: "dqs",
+		dqsKey: process.env.SPAMHAUS_DQS_KEY,
+	},
+});
+```
+
+Notes:
+
+- When `mode: "dqs"` is set, this library will generate DQS lookup domains for Spamhaus (and will not query the public Spamhaus DNSBL hostnames).
+- Keep the DQS key secret (don’t commit it to git or log it).
+
 ### `parseLookupResult(listKey, resultCode)`
 
 Takes the list identifier and the IP address returned by the DNS query (e.g., `127.0.0.2`) and returns a rich object with the listing name, reason, and delist URL.

package/examples/test-dqs.js

@@ -0,0 +1,89 @@
+/**
+ * Uptimeify DNSBL - Spamhaus DQS Example
+ *
+ * This script demonstrates how to query Spamhaus via DQS using a DQS key.
+ *
+ * IMPORTANT:
+ * - Treat the key as a secret in real projects (use env vars / secret manager).
+ * - The key below is a placeholder example provided by the user.
+ */
+
+import { getLookupDomains, parseLookupResult } from "../src/index.js";
+import { resolve4 } from "node:dns/promises";
+
+const DQS_KEY = process.env.SPAMHAUS_DQS_KEY;
+
+async function checkIP(ip) {
+	console.log(`\n🔎 Checking IP (Spamhaus DQS): ${ip}`);
+
+	const domains = getLookupDomains(ip, {
+		spamhaus: {
+			mode: "dqs",
+			dqsKey: DQS_KEY,
+		},
+	});
+
+	// Reduce output noise: only show Spamhaus checks here.
+	const spamhausOnly = domains.filter(
+		(d) => d.listKey === "zen.dq.spamhaus.net" || d.listKey === "sbl.dq.spamhaus.net",
+	);
+
+	console.log(`   Using DQS key: ${DQS_KEY.slice(0, 4)}… (masked)`);
+	console.log(`   Querying ${spamhausOnly.length} Spamhaus list(s) via DQS...`);
+
+	const results = await Promise.all(
+		spamhausOnly.map(async ({ address, listKey }) => {
+			try {
+				const [code] = await resolve4(address);
+				return parseLookupResult(listKey, code);
+			} catch (error) {
+				if (error.code === "ENOTFOUND") {
+					return {
+						name: listKey,
+						listed: false,
+						reason: "Not Listed",
+						code: null,
+						delistUrl: null,
+					};
+				}
+
+				return {
+					name: listKey,
+					listed: false,
+					reason: `DNS Error: ${error.code || error.message}`,
+					code: null,
+					delistUrl: null,
+				};
+			}
+		}),
+	);
+
+	const listed = results.filter((r) => r.listed);
+	const notListed = results.filter((r) => !r.listed);
+
+	if (listed.length > 0) {
+		console.log(`\n❌ [LISTED] Found in ${listed.length} Spamhaus list(s):`);
+		for (const res of listed) {
+			console.log(`   - ${res.name}`);
+			console.log(`     Reason: ${res.reason}`);
+			console.log(`     Code:   ${res.code}`);
+			if (res.delistUrl) console.log(`     Delist: ${res.delistUrl}`);
+		}
+	} else {
+		console.log("\n✅ [CLEAN] Not listed in Spamhaus (via DQS).");
+	}
+
+	// Show non-listed results too, because DQS can return useful block/policy messages.
+	if (notListed.length > 0) {
+		console.log("\nℹ️  Other results:");
+		for (const res of notListed) {
+			console.log(`   - ${res.name}: ${res.reason}${res.code ? ` (${res.code})` : ""}`);
+		}
+	}
+}
+
+console.log("--- Spamhaus DQS Verification Utility ---");
+
+// Example IPs (replace as needed)
+await checkIP("213.209.159.159");
+await checkIP("2a06:4880:8000::99");

package/examples/test.js

@@ -21,10 +21,22 @@ import { performance } from "node:perf_hooks";
 async function checkIP(ip) {
 	console.log(`\n🔎 Checking IP: ${ip}`);
 
+	const lookupOptions = process.env.SPAMHAUS_DQS_KEY
+		? {
+			spamhaus: {
+				mode: "dqs",
+				dqsKey: process.env.SPAMHAUS_DQS_KEY,
+			},
+		}
+		: undefined;
+	console.log(
+		`   Spamhaus mode: ${lookupOptions ? "dqs" : "zen"}${lookupOptions ? " (via SPAMHAUS_DQS_KEY)" : ""}`,
+	);
+
 	try {
 		// 1. Get the list of all DNSBL domains to query for this IP
 		const startGetDomains = performance.now();
-		const domains = getLookupDomains(ip);
+		const domains = getLookupDomains(ip, lookupOptions);
 		const endGetDomains = performance.now();
 		console.log(
 			`   Preparing to query ${domains.length} blacklists... (took ${(endGetDomains - startGetDomains).toFixed(5)}ms)`,

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "uptimeify-dnsbl",
-	"version": "1.0.0",
+	"version": "1.0.2",
 	"description": "Helper module to prepare DNSBL queries and parse results.",
 	"main": "src/index.js",
 	"types": "src/index.d.ts",

package/src/definitions.js

@@ -14,6 +14,29 @@ export const blacklists = {
 		name: "Spamhaus ZEN",
 		delistUrl: "https://check.spamhaus.org/",
 		mappings: {
+			"127.255.255.254":
+				"Query blocked by Spamhaus (rate limit / missing authorization / policy)",
+			"127.0.0.2": "Listed in SBL (Spamhaus Block List - Direct spam sources)",
+			"127.0.0.3":
+				"Listed in CSS (Combating Spam Syndicate - Compromised hosts)",
+			"127.0.0.4":
+				"Listed in XBL/PBL (Exploits/Policy Block List - Botnets, open proxies, dynamic IPs)",
+			"127.0.0.5":
+				"Listed in XBL/PBL (Exploits/Policy Block List - Botnets, open proxies, dynamic IPs)",
+			"127.0.0.6":
+				"Listed in XBL/PBL (Exploits/Policy Block List - Botnets, open proxies, dynamic IPs)",
+			"127.0.0.7":
+				"Listed in XBL/PBL (Exploits/Policy Block List - Botnets, open proxies, dynamic IPs)",
+			"127.0.0.10": "PBL - ISP Policy",
+			"127.0.0.11": "PBL - ISP Policy",
+		},
+	},
+	"zen.dq.spamhaus.net": {
+		name: "Spamhaus DQS (ZEN)",
+		delistUrl: "https://check.spamhaus.org/",
+		mappings: {
+			"127.255.255.254":
+				"Query blocked by Spamhaus (rate limit / missing authorization / policy)",
 			"127.0.0.2": "Listed in SBL (Spamhaus Block List - Direct spam sources)",
 			"127.0.0.3":
 				"Listed in CSS (Combating Spam Syndicate - Compromised hosts)",
@@ -43,15 +66,16 @@ export const blacklists = {
 			"127.0.0.2": "Listed in SpamCop",
 		},
 	},
-	"combined.mail.abusix.zone": {
-		name: "Abusix Mail Intelligence",
-		delistUrl: "https://abusix.com/lookup/",
-		mappings: {
-			"127.0.0.2": "Blacklisted (Generic)",
-			"127.0.0.3": "Blacklisted (External)",
-			"127.0.0.4": "Blacklisted (Dynamic/Policy)",
-		},
-	},
+	// Disabled as Abusix RBLs are now paid services
+	// "combined.mail.abusix.zone": {
+	//	name: "Abusix Mail Intelligence",
+	//	delistUrl: "https://abusix.com/lookup/",
+	//	mappings: {
+	//		"127.0.0.2": "Blacklisted (Generic)",
+	//		"127.0.0.3": "Blacklisted (External)",
+	//		"127.0.0.4": "Blacklisted (Dynamic/Policy)",
+	//	},
+	//},
 	"dnsbl.sorbs.net": {
 		name: "SORBS Aggregate",
 		delistUrl: "http://www.sorbs.net/lookup.shtml",
@@ -139,16 +163,19 @@ export const blacklists = {
 		name: "URIBL Black",
 		delistUrl: "https://lookup.uribl.com/",
 		mappings: {
+			"127.0.0.1": "Query blocked, possibly due to high volume",
 			"127.0.0.2": "Listed in URIBL Black",
+			"127.0.0.255": "Query blocked",
 		},
 	},
-	"dnsbl.madavi.de": {
-		name: "Madavi DNSBL",
-		delistUrl: "https://www.madavi.de/en/dnsbl.html",
-		mappings: {
-			"127.0.0.2": "Listed in Madavi DNSBL",
-		},
-	},
+	// Dead on arrival, not reliable
+	// "dnsbl.madavi.de": {
+	// 	name: "Madavi DNSBL",
+	// 	delistUrl: "https://www.madavi.de/en/dnsbl.html",
+	// 	mappings: {
+	// 		"127.0.0.2": "Listed in Madavi DNSBL",
+	// 	},
+	// },
 	"dnsbl.rv-soft.info": {
 		name: "RV-SOFT Technology DNSBL",
 		delistUrl: "http://dnsbl.rv-soft.info",
@@ -229,6 +256,17 @@ export const blacklists = {
 		name: "Spamhaus SBL",
 		delistUrl: "https://check.spamhaus.org/",
 		mappings: {
+			"127.255.255.254":
+				"Query blocked by Spamhaus (rate limit / missing authorization / policy)",
+			"127.0.0.2": "Listed in SBL (Spamhaus Block List)",
+		},
+	},
+	"sbl.dq.spamhaus.net": {
+		name: "Spamhaus DQS (SBL)",
+		delistUrl: "https://check.spamhaus.org/",
+		mappings: {
+			"127.255.255.254":
+				"Query blocked by Spamhaus (rate limit / missing authorization / policy)",
 			"127.0.0.2": "Listed in SBL (Spamhaus Block List)",
 		},
 	},
@@ -246,13 +284,14 @@ export const blacklists = {
 			"127.0.0.2": "Listed in Pedantic.org",
 		},
 	},
-	"swinog.spam.dnsbl.ch": {
-		name: "Swinog DNSBL",
-		delistUrl: "https://www.swinog.ch/spam/",
-		mappings: {
-			"127.0.0.2": "Listed in Swinog",
-		},
-	},
+	// Disabled as Swinog DNSBL is not stable/reliable
+	//"swinog.spam.dnsbl.ch": {
+	//	name: "Swinog DNSBL",
+	//	delistUrl: "https://www.swinog.ch/spam/",
+	//	mappings: {
+	//		"127.0.0.2": "Listed in Swinog",
+	//	},
+	//},
 	"truncate.gbudb.net": {
 		name: "GBUdb Truncate",
 		delistUrl: "http://www.gbudb.com/truncate/",
@@ -295,13 +334,14 @@ export const blacklists = {
 			"127.0.0.2": "Listed in Abuse.ch Drone",
 		},
 	},
-	"orvedb.aupads.org": {
-		name: "OrveDB AuBads",
-		delistUrl: "https://aupads.org",
-		mappings: {
-			"127.0.0.2": "Listed in OrveDB",
-		},
-	},
+	// Dead project
+	//"orvedb.aupads.org": {
+	//	name: "OrveDB AuBads",
+	//	delistUrl: "https://aupads.org",
+	//	mappings: {
+	//		"127.0.0.2": "Listed in OrveDB",
+	//	},
+	//},
 	"rbl.0spam.org": {
 		name: "0spam RBL",
 		delistUrl: "https://0spam.org",
@@ -344,13 +384,14 @@ export const blacklists = {
 			"127.0.0.2": "Listed in Woody's",
 		},
 	},
-	"db.wpbl.info": {
-		name: "WPBL",
-		delistUrl: "http://wpbl.info",
-		mappings: {
-			"127.0.0.2": "Listed in WPBL",
-		},
-	},
+	// Often overloaded/unreliable
+	// "db.wpbl.info": {
+	// 	name: "WPBL",
+	// 	delistUrl: "http://wpbl.info",
+	// 	mappings: {
+	// 		"127.0.0.2": "Listed in WPBL",
+	// 	},
+	// },
 	"dnsbl-3.uceprotect.net": {
 		name: "UCEPROTECT Level 3",
 		delistUrl: "http://www.uceprotect.net/en/rblcheck.php",
@@ -358,13 +399,14 @@ export const blacklists = {
 			"127.0.0.2": "Listed in UCEPROTECT Level 3",
 		},
 	},
-	"duinv.aupads.org": {
-		name: "Duinv AuPads",
-		delistUrl: "https://aupads.org",
-		mappings: {
-			"127.0.0.2": "Listed in Duinv",
-		},
-	},
+	// Dead project
+	// "duinv.aupads.org": {
+	// 	name: "Duinv AuPads",
+	// 	delistUrl: "https://aupads.org",
+	// 	mappings: {
+	// 		"127.0.0.2": "Listed in Duinv",
+	// 	},
+	// },
 	"proxy.bl.gweep.ca": {
 		name: "Gweep Proxy",
 		delistUrl: "http://gweep.ca",

package/src/index.d.ts

@@ -27,6 +27,15 @@ export interface BlacklistDefinition {
 	mappings: Record<string, string>;
 }
 
+export interface GetLookupDomainsOptions {
+	spamhaus?: {
+		/** Use Spamhaus public DNSBLs (zen) or Spamhaus DQS (dqs). Default: zen */
+		mode?: "zen" | "dqs";
+		/** Required when mode is 'dqs' */
+		dqsKey?: string;
+	};
+}
+
 /**
  * Definition of known blacklists and their return codes.
  */
@@ -40,6 +49,14 @@ export const blacklists: Record<string, BlacklistDefinition>;
  */
 export function getLookupDomains(ip: string): LookupDomain[];
 
+/**
+ * Generates the list of domains to query, with optional Spamhaus DQS support.
+ */
+export function getLookupDomains(
+	ip: string,
+	options?: GetLookupDomainsOptions,
+): LookupDomain[];
+
 /**
  * Parses the result from a DNS A-record lookup.
  *

package/src/index.js

@@ -67,9 +67,13 @@ function reverseIP(ip) {
  * Generates the list of domains to query.
  *
  * @param {string} ip - The IPv4 or IPv6 address to check.
+ * @param {Object} [options]
+ * @param {Object} [options.spamhaus]
+ * @param {"zen"|"dqs"} [options.spamhaus.mode] - Use Spamhaus public DNSBLs (zen) or Spamhaus DQS (dqs).
+ * @param {string} [options.spamhaus.dqsKey] - Required when mode is 'dqs'.
  * @returns {Array<LookupDomain>} List of domains to query.
  */
-export function getLookupDomains(ip) {
+export function getLookupDomains(ip, options = undefined) {
 	if (!ip || typeof ip !== "string") {
 		throw new Error("IP address must be a non-empty string");
 	}
@@ -79,10 +83,50 @@ export function getLookupDomains(ip) {
 		throw new Error(`Invalid IP address: ${ip}`);
 	}
 
-	return Object.keys(blacklists).map((listKey) => {
+	const spamhausMode = options?.spamhaus?.mode || "zen";
+	const dqsKeyRaw = options?.spamhaus?.dqsKey;
+	const dqsKey = typeof dqsKeyRaw === "string" ? dqsKeyRaw.trim() : "";
+
+	if (spamhausMode !== "zen" && spamhausMode !== "dqs") {
+		throw new Error("options.spamhaus.mode must be either 'zen' or 'dqs'");
+	}
+
+	if (spamhausMode === "dqs") {
+		if (!dqsKey) {
+			throw new Error(
+				"options.spamhaus.dqsKey is required when options.spamhaus.mode is 'dqs'",
+			);
+		}
+		// DQS keys are used as a DNS label; reject dots/whitespace and other characters.
+		if (!/^[a-z0-9-]+$/i.test(dqsKey)) {
+			throw new Error(
+				"options.spamhaus.dqsKey must be a valid DNS label (letters/numbers/hyphen)",
+			);
+		}
+	}
+
+	const spamhausPublicKeys = new Set(["zen.spamhaus.org", "sbl.spamhaus.org"]);
+	const spamhausDqsKeys = new Set(["zen.dq.spamhaus.net", "sbl.dq.spamhaus.net"]);
+
+	const listKeys = Object.keys(blacklists).filter((listKey) => {
+		if (spamhausMode === "zen") {
+			return !spamhausDqsKeys.has(listKey);
+		}
+		if (spamhausMode === "dqs") {
+			return !spamhausPublicKeys.has(listKey);
+		}
+		return true;
+	});
+
+	return listKeys.map((listKey) => {
+		const address =
+			spamhausMode === "dqs" && spamhausDqsKeys.has(listKey)
+				? `${reversed}.${dqsKey}.${listKey}`
+				: `${reversed}.${listKey}`;
+
 		return {
-			address: `${reversed}.${listKey}`,
-			listKey: listKey,
+			address,
+			listKey,
 		};
 	});
 }
@@ -119,6 +163,41 @@ export function parseLookupResult(listKey, resultCode) {
 	}
 
 	try {
+		// Some lists use A-record responses to indicate query errors/blocks.
+		// Treat these as NOT listed, otherwise they become false positives.
+		const spamhausKeys = new Set([
+			"zen.spamhaus.org",
+			"sbl.spamhaus.org",
+			"zen.dq.spamhaus.net",
+			"sbl.dq.spamhaus.net",
+		]);
+		if (spamhausKeys.has(listKey) && resultCode === "127.255.255.254") {
+			return {
+				name: listDef.name,
+				listed: false,
+				reason:
+					listDef.mappings?.[resultCode] ||
+					"Query blocked by Spamhaus (rate limit / missing authorization / policy)",
+				code: resultCode,
+				delistUrl: listDef.delistUrl,
+			};
+		}
+
+		if (
+			listKey === "black.uribl.com" &&
+			(resultCode === "127.0.0.1" || resultCode === "127.0.0.255")
+		) {
+			return {
+				name: listDef.name,
+				listed: false,
+				reason:
+					listDef.mappings?.[resultCode] ||
+					"Query blocked by URIBL (possibly due to high volume)",
+				code: resultCode,
+				delistUrl: listDef.delistUrl,
+			};
+		}
+
 		if (listKey === "nodes.junkemailfilter.com" && resultCode === "127.0.0.1") {
 			return {
 				name: listDef.name,
@@ -129,7 +208,9 @@ export function parseLookupResult(listKey, resultCode) {
 			};
 		}
 
-		const reason = listDef.mappings?.[resultCode] || "Listed (Unknown Reason)";
+		const reason =
+			listDef.mappings?.[resultCode] ||
+			`Listed (Unmapped return code: ${resultCode})`;
 
 		return {
 			name: listDef.name,