Blacklists Compared, 6-Oct-01

Blacklists Compared

6 October 2001

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses.

  Hits   DNS Zone
  6080  (total number of IP addresses tested, including 287 at SDSC)
  1558  xbl.selwerd.cx
  1489  (union of all IP zones except xbl.selwerd.cx)
   515  outputs.orbz.org
   498  blackholes.five-ten-sg.com (union of all results)
   345  relays.ordb.org
   341  inputs.orbz.org
   312  relays.osirusoft.com (union of all results)
   260  blocktest.relays.osirusoft.com (not a blacklist!)
   260  blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
   245  blackholes.intersil.net
   216  ztl.dorkslayers.com
   204  relays.osirusoft.com (result 127.0.0.2 = relay)
   204  inputs.relays.osirusoft.com
   160  blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
   141  flowgoaway.com
   138  block.blars.org
   134  orbs.dorkslayers.com
   113  relays.dorkslayers.com
    79  relays.osirusoft.com (result 127.0.0.4 = spam source)
    75  spews.relays.osirusoft.com
    74  spammers.v6net.org
    70  blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
    69  dev.null.dk
    25  dialups.relays.osirusoft.com
    25  relays.osirusoft.com (result 127.0.0.3 = dialup)
    13  ipwhois.rfc-ignorant.org
     6  relays.osirusoft.com (result 127.0.0.6 = spamware vendor)
     6  spamhaus.relays.osirusoft.com
     5  blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
     3  blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
     3  orbz.gst-group.co.uk (union of all results)
     2  orbz.gst-group.co.uk (result 127.0.0.2 = relay output)
     1  orbz.gst-group.co.uk (result 127.0.0.3 = relay)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

  Hits   DNS Zone
  6080  (total number of IP addresses whose names were tested, including 287 at SDSC)
   242  (union of all domain zones)
   171  whois.rfc-ignorant.org
    92  abuse.rfc-ignorant.org
     5  postmaster.rfc-ignorant.org
     4  dsn.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

  Hits   DNS Zone
  4258  (total number of domains tested, including 104 at SDSC)
   256  (union of all domain zones)
   161  whois.rfc-ignorant.org
    51  abuse.rfc-ignorant.org
    48  postmaster.rfc-ignorant.org
    34  dsn.rfc-ignorant.org

The web sites listed below provide detailed information about the DNS zones listed above, including their listing policies.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

The DNS lists maintained at the 4 sites marked with an asterisk ("*") were suspended after the destruction of the World Trade Center to avoid any collateral blocking of communications by the survivors. All of the lists have returned to normal except ORBL, which is why there were no hits in it this week.

The XBL is excluded from the zone union because of of its extremely aggressive listing policy, but otherwise is shown for completeness.

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 7 October 2001.