Blacklists Compared, 22-Sep-01

Blacklists Compared

22 September 2001

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses.

  Hits   DNS Zone
  6006  (total number of IP addresses tested, including 274 at SDSC)
  1338  xbl.selwerd.cx
  1162  (union of all IP zones except xbl.selwerd.cx)
   424  outputs.orbz.org
   347  blackholes.five-ten-sg.com (union of all results)
   260  relays.ordb.org
   253  inputs.orbz.org
   237  relays.osirusoft.com (union of all results)
   213  blackholes.intersil.net
   189  blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
   163  ztl.dorkslayers.com
   151  relays.mail-abuse.org
   123  block.blars.org
   122  relays.osirusoft.com (result 127.0.0.2 = relay)
   122  inputs.relays.osirusoft.com
   122  flowgoaway.com
   118  blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
   104  orbs.dorkslayers.com
    84  relays.dorkslayers.com
    81  spews.relays.osirusoft.com (union of all results)
    72  relays.osirusoft.com (result 127.0.0.4 = spam source)
    67  spews.relays.osirusoft.com (result 127.0.0.4 = spam source)
    60  dev.null.dk
    43  spammers.v6net.org
    38  blocktest.relays.osirusoft.com (not a blacklist!)
    36  blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
    33  dialups.mail-abuse.org
    22  dialups.relays.osirusoft.com
    22  relays.osirusoft.com (result 127.0.0.3 = dialup)
    14  relays.osirusoft.com (result 127.0.0.10 = spam friendly)
    14  spews.relays.osirusoft.com (result 127.0.0.10 = spam friendly)
    13  ipwhois.rfc-ignorant.org
     9  blackholes.mail-abuse.org
     9  relays.osirusoft.com (result 127.0.0.6 = spamware vendor)
     5  spamhaus.relays.osirusoft.com
     4  blackholes.five-ten-sg.com (result 127.0.0.5 = should be listed at MAPS)
     4  orbz.gst-group.co.uk (union of all results)
     3  orbz.gst-group.co.uk (result 127.0.0.3 = relay)
     3  spamsites.relays.osirusoft.com
     1  orbz.gst-group.co.uk (result 127.0.0.2 = relay output)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

  Hits   DNS Zone
  6006  (total number of IP addresses whose names were tested, including 274 at SDSC)
   241  (union of all domain zones)
   165  whois.rfc-ignorant.org
    93  abuse.rfc-ignorant.org
     5  postmaster.rfc-ignorant.org
     2  dsn.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

  Hits   DNS Zone
  4344  (total number of domains tested, including 80 at SDSC)
   242  (union of all domain zones)
   159  whois.rfc-ignorant.org
    44  postmaster.rfc-ignorant.org
    41  abuse.rfc-ignorant.org
    21  dsn.rfc-ignorant.org

The web sites listed below provide detailed information about the DNS zones listed above, including their listing policies.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

The DNS lists maintained at the 4 sites marked with an asterisk ("*") were suspended after the destruction of the World Trade Center to avoid any collateral blocking of communications by the survivors. All of the lists have returned to normal except ORBL, which is why there were no hits in it this week.

The XBL is excluded from the zone union because of of its extremely aggressive listing policy, but otherwise is shown for completeness.

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 24 September 2001.