How to programmatically query senderbase.org?

Question

I'm trying to programmatically query senderbase.org but it's really hard to find any information about it.

I tried to query with:

dig txt 8.8.8.8.query.senderbase.org

Which returns:

"0-0=1|1=Google Incorporated|2=3.7|3=4.0|4=3228772|6=1174353533|8=2880|9=1|20=google-public-dns-a.|21=google.com|22=Y|23=7.9|24=8.0|25=1049184000|40=3.7|41=4.0|43=3.8|44=0.06|45=N|46=24|48=24|49=1.00|50=Mountain View|51=CA|52=94043|53=US|54=-122.057|"

But none of these fields seems to indicate if the IP is listed or not.

I found the following page with a description of the fields. But field 26, which seems to be what i need, is not present ( http://web.archive.org/web/20040830010414/http://www.senderbase.org/dnsresponses.html ).

I also found some SpamAssassin extensions which were querying rf.senderbase.org but it gives me inconsistent results. For the same field, sometimes it returns a float and sometimes it doesn't return anything.

Any ideas? Or parsing their html is the only option?

Thanks.

Answer 1

The "domain rating" specified in SenderBase DNS responses is something that was implemented but never utilized, or at least not enough to make it useful. Other fields that were originally specified are a little hit-or-miss as well, although most should be pretty fresh for higher-volume senders of email. You might want to check out the Perl Net::SenderBase library, either to use it directly or as a reference for your own implementation.

The rf.senderbase.org domain you referred to reflects SenderBase Reputation Scores (SBRS), which is mostly independent from what you see on http://www.senderbase.org. SBRS is not considered a public service, so it would be wise to receive permission from Cisco/IronPort before using it for anything serious.

Answer 2

The key values are as follows

        '0-0' => 'version_number',
        1 => 'org_name',
        2 => 'org_daily_magnitude',
        3 => 'org_monthly_magnitude',
        4 => 'org_id',
        5 => 'org_category',
        6 => 'org_first_message',
        7 => 'org_domains_count',
        8 => 'org_ip_controlled_count',
        9 => 'org_ip_used_count',
        10 => 'org_fortune_1000',

        20 => 'hostname',
        21 => 'domain_name',
        22 => 'hostname_matches_ip',
        23 => 'domain_daily_magnitude',
        24 => 'domain_monthly_magnitude',
        25 => 'domain_first_message',
        26 => 'domain_rating',

        40 => 'ip_daily_magnitude',
        41 => 'ip_monthly_magnitude',
        43 => 'ip_average_magnitude',
        44 => 'ip_30_day_volume_percent',
        45 => 'ip_in_bonded_sender',
        46 => 'ip_cidr_range',
        47 => 'ip_blacklist_score',

        50 => 'ip_city',
        51 => 'ip_state',
        52 => 'ip_postal_code',
        53 => 'ip_country',
        54 => 'ip_longitude',
        55 => 'ip_latitude',