Where is the documentation for Spamhaus?

Question

I would like to know how to query Spamhaus for IP addresses (Spamhaus zen http://www.spamhaus.org/zen/) and for domains (DBL http://www.spamhaus.org/dbl/) found in incoming email in order to determine whether a given message is spam.

Answer 1

You can interface to the DBL through host or dig, since it runs as a DNS service. This page of the FAQ shows example queries: http://www.spamhaus.org/faq/section/Spamhaus%20DBL#277

$ host example.com.dbl.spamhaus.org
Host example.com.dbl.spamhaus.org not found: 3(NXDOMAIN)

$ host dbltest.com.dbl.spamhaus.org
dbltest.com.dbl.spamhaus.org has address 127.0.1.2

IP address lookups are done similarly, with the numbers in the IP address in reverse order (1.2.3.4 becomes 4.3.2.1.zen.spamhaus.org). This is documented at the bottom of the FAQ for DNSBL (http://www.spamhaus.org/faq/section/DNSBL%20Usage#252).

$ host 130.119.180.199.zen.spamhaus.org
130.119.180.199.zen.spamhaus.org has address 127.0.0.2
130.119.180.199.zen.spamhaus.org has address 127.0.0.11

A listed domain or address results in results of the form 127.0.0.*, while clean domains/addresses return a "not found" status.

Answer 2

This C++ code works safe and fast:

char *server = "some.spammer.org"; // or Ip address
BYTE ResType = 0;
HOSTENT *pHost = gethostbyname(server);
if (pHost)
{
    char query[80];
    BYTE *ip = (BYTE *)pHost->h_addr;
    sprintf(query, "%u.%u.%u.%u.zen.spamhaus.org", ip[3], ip[2], ip[1], p[0]);
    pHost = gethostbyname(query);
    if (pHost)
    {
        ResType = pHost->h_addr[3];
    }
}