Blacklists Compared

13 October 2001

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

  Hits   DNS Zone
  5891  (total number of IP addresses tested, including 267 at SDSC)
  1468  xbl.selwerd.cx
  1347  (union of most IP zones)
   539  outputs.orbz.org
   518  blocktest.relays.osirusoft.com (not a blacklist!)
   512  blackholes.five-ten-sg.com (union of all results)
   368  inputs.orbz.org
   359  relays.ordb.org
   333  relays.osirusoft.com (union of all results)
   272  blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
   272  ztl.dorkslayers.com
   256  blackholes.intersil.net
   248  relays.osirusoft.com (result 127.0.0.2 = relay)
   242  inputs.relays.osirusoft.com
   143  blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
   136  flowgoaway.com
   122  orbs.dorkslayers.com
   122  block.blars.org
    99  relays.dorkslayers.com
    88  blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
    74  dev.null.dk
    73  spammers.v6net.org
    70  relays.osirusoft.com (result 127.0.0.4 = spam source)
    68  spews.relays.osirusoft.com
    27  blackhole.compu.net
    26  ipwhois.rfc-ignorant.org
    14  dialups.relays.osirusoft.com
    14  relays.osirusoft.com (result 127.0.0.3 = dialup)
     7  relays.osirusoft.com (result 127.0.0.6 = spamware vendor)
     6  spamhaus.relays.osirusoft.com
     5  blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
     4  blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
     4  orbz.gst-group.co.uk (union of all results)
     3  orbz.gst-group.co.uk (result 127.0.0.3 = relay)
     1  orbz.gst-group.co.uk (result 127.0.0.2 = relay output)
     1  spamsites.relays.osirusoft.com
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

  Hits   DNS Zone
  5891  (total number of IP addresses whose names were tested, including 267 at SDSC)
   254  (union of all domain zones)
   175  whois.rfc-ignorant.org
    99  abuse.rfc-ignorant.org
     5  postmaster.rfc-ignorant.org
     3  dsn.rfc-ignorant.org
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

  Hits   DNS Zone
  4189  (total number of domains tested, including 65 at SDSC)
   273  (union of all domain zones)
   153  whois.rfc-ignorant.org
    61  abuse.rfc-ignorant.org
    55  postmaster.rfc-ignorant.org
    42  dsn.rfc-ignorant.org
The web sites listed below provide detailed information about the DNS zones listed above, including their listing policies.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

The DNS lists maintained at the 4 sites marked with an asterisk ("*") were suspended after the destruction of the World Trade Center to avoid any collateral blocking of communications by the survivors. All of the lists have returned to normal except ORBL, which is why there were no hits in it this week.

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 13 October 2001.