Blacklists Compared

27 October 2001

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

There were intermittent difficulties getting results from the blocktest.relays.osirusoft.com zone during the survey this week, so its hit count is lower than it would otherwise be.

  Hits   DNS Zone
  5981  (total number of IP addresses tested, including 299 at SDSC)
  1536  xbl.selwerd.cx
  1516  (union of most IP zones)
   683  blocktest.relays.osirusoft.com (not a blacklist!)
   615  blackholes.five-ten-sg.com (union of all results)
   515  outputs.orbz.org
   402  relays.osirusoft.com (union of all results)
   372  blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
   356  relays.ordb.org
   346  inputs.orbz.org
   315  inputs.relays.osirusoft.com
   310  relays.osirusoft.com (result 127.0.0.2 = relay)
   257  blackholes.intersil.net
   249  ztl.dorkslayers.com
   237  block.blars.org
   160  blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
   159  orbs.dorkslayers.com
   136  flowgoaway.com
   117  relays.dorkslayers.com
   112  dev.null.dk
    77  relays.osirusoft.com (result 127.0.0.4 = spam source)
    75  spammers.v6net.org
    72  spews.relays.osirusoft.com
    72  blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
    29  ipwhois.rfc-ignorant.org
    25  blackhole.compu.net
    14  dialups.relays.osirusoft.com
    11  relays.osirusoft.com (result 127.0.0.3 = dialup)
     8  blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
     7  relays.osirusoft.com (result 127.0.0.6 = spamware vendor)
     6  spamhaus.relays.osirusoft.com
     5  orbz.gst-group.co.uk (union of all results)
     3  orbz.gst-group.co.uk (result 127.0.0.2 = relay output)
     2  orbz.gst-group.co.uk (result 127.0.0.3 = relay)
     2  blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
     1  spamsites.relays.osirusoft.com
     1  relays.osirusoft.com (result 127.0.0.9 = open socks proxy)
     1  blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

  Hits   DNS Zone
  5981  (total number of IP addresses whose names were tested, including 299 at SDSC)
   360  (union of all domain zones)
   272  whois.rfc-ignorant.org
   112  abuse.rfc-ignorant.org
     2  postmaster.rfc-ignorant.org
     1  dsn.rfc-ignorant.org
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

  Hits   DNS Zone
  4223  (total number of domains tested, including 105 at SDSC)
   294  (union of all domain zones)
   163  whois.rfc-ignorant.org
    66  abuse.rfc-ignorant.org
    57  postmaster.rfc-ignorant.org
    45  dsn.rfc-ignorant.org
The web sites listed below provide detailed information about the DNS zones listed above, including their listing policies.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 28 October 2001.