Blacklists Compared

22 December 2001

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

There were intermittent difficulties getting results from all of the relays.osirusoft.com zones during the survey this week, so their hit counts are lower than they would otherwise be.

HitsDNS Zone
6365(total number of IP addresses tested, including 275 at SDSC)
1993(union of most IP zones)
1838xbl.selwerd.cx
911blackholes.five-ten-sg.com (union of all results)
895bl.spamcop.net
433outputs.orbz.org
383blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
328ztl.dorkslayers.com
320relays.ordb.org
310blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
307blackholes.intersil.net
250inputs.orbz.org
225orbs.dorkslayers.com
201block.blars.org
150flowgoaway.com
131blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
129pm0-no-more.compu.net
115relays.visi.com
102blacklist.spambag.org
99dev.null.dk
81blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
78relays.dorkslayers.com
66spammers.v6net.org
58ipwhois.rfc-ignorant.org
30relays.osirusoft.com (union of all results)
20blackhole.compu.net
18blocktest.relays.osirusoft.com (not a blacklist!)
15relays.osirusoft.com (result 127.0.0.4 = spam source)
11relays.osirusoft.com (result 127.0.0.2 = relay)
9spews.relays.osirusoft.com
7inputs.relays.osirusoft.com
6blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
4spamsources.relays.osirusoft.com (union of all results)
3spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
2relays.osirusoft.com (result 127.0.0.9 = open socks proxy)
1spamsources.relays.osirusoft.com (result 127.0.0.9 = unconfirmed opt-in)
1relays.osirusoft.com (result 127.0.0.6 = spamsites)
1spamhaus.relays.osirusoft.com
1dialups.relays.osirusoft.com
1relays.osirusoft.com (result 127.0.0.3 = dialup)

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
6365(total number of IP addresses whose names were tested, including 275 at SDSC)
599(union of all domain zones)
320whois.rfc-ignorant.org
302abuse.rfc-ignorant.org
7dsn.rfc-ignorant.org (zone not intended for this use)
2postmaster.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
4579(total number of domains tested, including 57 at SDSC)
410(union of all domain zones)
223whois.rfc-ignorant.org
134abuse.rfc-ignorant.org
73postmaster.rfc-ignorant.org
43dsn.rfc-ignorant.org
8bandwidth-pigs.monkeys.com

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 23 December 2001.