Blacklists Compared

1 December 2001

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

  Hits   DNS Zone
  6466  (total number of IP addresses tested, including 266 at SDSC)
  2036  (union of most IP zones)
  1711  xbl.selwerd.cx
   829  blackholes.five-ten-sg.com (union of all results)
   701  bl.spamcop.net
   603  outputs.orbz.org
   411  inputs.orbz.org
   389  relays.ordb.org
   376  blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
   302  ztl.dorkslayers.com
   264  blackholes.intersil.net
   253  blocktest.relays.osirusoft.com (not a blacklist!)
   226  blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
   223  orbs.dorkslayers.com
   216  block.blars.org
   149  relays.osirusoft.com (union of all results)
   139  flowgoaway.com
   132  pm0-no-more.compu.net
   115  blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
   103  relays.visi.com
    95  dev.null.dk
    94  relays.osirusoft.com (result 127.0.0.2 = relay)
    92  inputs.relays.osirusoft.com
    91  blacklist.spambag.org
    86  relays.dorkslayers.com
    72  blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
    64  spammers.v6net.org
    58  ipwhois.rfc-ignorant.org
    51  relays.osirusoft.com (result 127.0.0.4 = spam source)
    44  spews.relays.osirusoft.com
    35  ss.blackholes.five-ten-sg.com
    22  blackhole.compu.net
    15  spamsources.relays.osirusoft.com (union of all results)
    14  spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
     8  blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
     4  relays.osirusoft.com (result 127.0.0.6 = spamsites)
     4  spamhaus.relays.osirusoft.com
     2  dialups.relays.osirusoft.com
     2  relays.osirusoft.com (result 127.0.0.3 = dialup)
     2  blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
     1  spamsources.relays.osirusoft.com (result 127.0.0.9 = unconfirmed opt-in)
     1  relays.osirusoft.com (result 127.0.0.9 = open socks proxy)
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

  Hits   DNS Zone
  6466  (total number of IP addresses whose names were tested, including 266 at SDSC)
   532  (union of all domain zones)
   303  whois.rfc-ignorant.org
   262  abuse.rfc-ignorant.org
     3  dsn.rfc-ignorant.org
     1  postmaster.rfc-ignorant.org
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

  Hits   DNS Zone
  4686  (total number of domains tested, including 76 at SDSC)
   391  (union of all domain zones)
   209  whois.rfc-ignorant.org
   124  abuse.rfc-ignorant.org
    73  postmaster.rfc-ignorant.org
    50  dsn.rfc-ignorant.org
The web sites listed below provide detailed information about the DNS zones listed above, including their listing policies and suggestions for appropriate use.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 1 December 2001.