Blacklists Compared

8 December 2001

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

There were intermittent difficulties getting results from all of the relays.osirusoft.com zones during the survey this week, so their hit counts are lower than they would otherwise be.

  Hits   DNS Zone
  6501  (total number of IP addresses tested, including 291 at SDSC)
  2173  (union of most IP zones)
  1865  xbl.selwerd.cx
  1006  bl.spamcop.net
   865  blackholes.five-ten-sg.com (union of all results)
   662  outputs.orbz.org
   463  relays.ordb.org
   435  inputs.orbz.org
   370  blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
   337  ztl.dorkslayers.com
   276  blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
   264  blackholes.intersil.net
   248  block.blars.org
   222  orbs.dorkslayers.com
   143  flowgoaway.com
   133  dev.null.dk
   131  pm0-no-more.compu.net
   127  blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
   122  blacklist.spambag.org
   119  relays.visi.com
    79  blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
    77  relays.dorkslayers.com
    67  blocktest.relays.osirusoft.com (not a blacklist!)
    65  relays.osirusoft.com (union of all results)
    62  ipwhois.rfc-ignorant.org
    60  spammers.v6net.org
    40  relays.osirusoft.com (result 127.0.0.2 = relay)
    39  inputs.relays.osirusoft.com
    25  blackhole.compu.net
    24  relays.osirusoft.com (result 127.0.0.4 = spam source)
    22  spews.relays.osirusoft.com
    12  blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
     7  spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
     7  spamsources.relays.osirusoft.com (union of all results)
     1  dialups.relays.osirusoft.com
     1  relays.osirusoft.com (result 127.0.0.3 = dialup)
     1  blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

  Hits   DNS Zone
  6501  (total number of IP addresses whose names were tested, including 291 at SDSC)
   550  (union of all domain zones)
   328  whois.rfc-ignorant.org
   260  abuse.rfc-ignorant.org
     4  dsn.rfc-ignorant.org (zone not intended for this use)
     3  postmaster.rfc-ignorant.org
Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

  Hits   DNS Zone
  4699  (total number of domains tested, including 191 at SDSC)
   376  (union of all domain zones)
   216  whois.rfc-ignorant.org
   107  abuse.rfc-ignorant.org
    65  postmaster.rfc-ignorant.org
    48  dsn.rfc-ignorant.org
The web sites listed below provide detailed information about the DNS zones listed above, including their listing policies and suggestions for appropriate use.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 8 December 2001.