Blacklists Compared, 24-Nov-01

Blacklists Compared

24 November 2001

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

  Hits   DNS Zone
  5511  (total number of IP addresses tested, including 246 at SDSC)
  1707  (union of most IP zones)
  1493  xbl.selwerd.cx
   763  blackholes.five-ten-sg.com (union of all results)
   511  outputs.orbz.org
   421  bl.spamcop.net
   345  relays.ordb.org
   336  blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
   321  inputs.orbz.org
   259  ztl.dorkslayers.com
   244  blackholes.intersil.net
   230  blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
   226  block.blars.org
   193  orbs.dorkslayers.com
   174  blocktest.relays.osirusoft.com (not a blacklist!)
   130  flowgoaway.com
   128  pm0-no-more.compu.net
   121  blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
    96  relays.dorkslayers.com
    95  dev.null.dk
    93  relays.osirusoft.com (union of all results)
    91  relays.visi.com
    58  spammers.v6net.org
    58  relays.osirusoft.com (result 127.0.0.2 = relay)
    56  inputs.relays.osirusoft.com
    43  ss.blackholes.five-ten-sg.com
    39  ipwhois.rfc-ignorant.org
    33  relays.osirusoft.com (result 127.0.0.4 = spam source)
    32  spews.relays.osirusoft.com
    30  blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
    21  blackhole.compu.net
    16  spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
    16  spamsources.relays.osirusoft.com (union of all results)
     6  blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
     2  orbz.gst-group.co.uk (union of all results)
     1  orbz.gst-group.co.uk (result 127.0.0.3 = relay)
     1  orbz.gst-group.co.uk (result 127.0.0.2 = relay output)
     1  relays.osirusoft.com (result 127.0.0.6 = spamsites)
     1  spamhaus.relays.osirusoft.com
     1  dialups.relays.osirusoft.com
     1  relays.osirusoft.com (result 127.0.0.3 = dialup)
     1  blackholes.five-ten-sg.com (result 127.0.0.6 = relay)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

  Hits   DNS Zone
  5511  (total number of IP addresses whose names were tested, including 246 at SDSC)
   441  (union of all domain zones)
   284  whois.rfc-ignorant.org
   185  abuse.rfc-ignorant.org
     3  dsn.rfc-ignorant.org
     2  postmaster.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

  Hits   DNS Zone
  4006  (total number of domains tested, including 182 at SDSC)
   325  (union of all domain zones)
   192  whois.rfc-ignorant.org
    81  abuse.rfc-ignorant.org
    62  postmaster.rfc-ignorant.org
    40  dsn.rfc-ignorant.org

The web sites listed below provide detailed information about the DNS zones listed above, including their listing policies and suggestions for appropriate use.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 24 November 2001.