Blacklists Compared

20 October 2001

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

There were intermittent difficulties getting results from these zones:

 blocktest.relays.osirusoft.com
 inputs.relays.osirusoft.com
 xbl.selwerd.cx
during the survey this week. Their hit counts are lower than they would otherwise be.

  Hits   DNS Zone
  5990  (total number of IP addresses tested, including 280 at SDSC)
  1446  (union of most IP zones)
  1281  xbl.selwerd.cx
   589  blocktest.relays.osirusoft.com (not a blacklist!)
   502  outputs.orbz.org
   484  blackholes.five-ten-sg.com (union of all results)
   340  relays.osirusoft.com (union of all results)
   321  inputs.orbz.org
   302  relays.ordb.org
   290  ipwhois.rfc-ignorant.org
   277  blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
   244  relays.osirusoft.com (result 127.0.0.2 = relay)
   235  blackholes.intersil.net
   230  ztl.dorkslayers.com
   220  inputs.relays.osirusoft.com
   202  block.blars.org
   149  blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
   141  orbs.dorkslayers.com
   131  flowgoaway.com
   101  relays.dorkslayers.com
    79  dev.null.dk
    78  spammers.v6net.org
    69  relays.osirusoft.com (result 127.0.0.4 = spam source)
    65  spews.relays.osirusoft.com
    50  blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
    29  blackhole.compu.net
    22  dialups.relays.osirusoft.com
    22  relays.osirusoft.com (result 127.0.0.3 = dialup)
     9  relays.osirusoft.com (result 127.0.0.6 = spamware vendor)
     7  spamhaus.relays.osirusoft.com
     6  blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
     5  orbz.gst-group.co.uk (union of all results)
     3  orbz.gst-group.co.uk (result 127.0.0.3 = relay)
     2  orbz.gst-group.co.uk (result 127.0.0.2 = relay output)
     2  spamsites.relays.osirusoft.com
     2  blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

  Hits   DNS Zone
  5990  (total number of IP addresses whose names were tested, including 280 at SDSC)
   258  (union of all domain zones)
   168  whois.rfc-ignorant.org
   118  abuse.rfc-ignorant.org
     3  dsn.rfc-ignorant.org
     2  postmaster.rfc-ignorant.org
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

  Hits   DNS Zone
  4297  (total number of domains tested, including 66 at SDSC)
   284  (union of all domain zones)
   153  whois.rfc-ignorant.org
    69  abuse.rfc-ignorant.org
    63  postmaster.rfc-ignorant.org
    44  dsn.rfc-ignorant.org
The web sites listed below provide detailed information about the DNS zones listed above, including their listing policies.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 21 October 2001.