Blacklists Compared, 30-Mar-02

Blacklists Compared

30 March 2002

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

Hits DNS Zone

7239 (total number of IP addresses tested, including 424 at SDSC)
3319 (union of most IP zones)
2321 xbl.selwerd.cx
1538 blackholes.five-ten-sg.com (union of all results)
1347 bl.spamcop.net
998 relays.osirusoft.com (union of all results)
937 dnsbl.njabl.org (union of all results)
923 dnsbl.njabl.org (result 127.0.0.2 = source or relay)
730 blocktest.relays.osirusoft.com (not a blacklist!)
687 blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
610 relays.osirusoft.com (result 127.0.0.2 = relay)
606 inputs.relays.osirusoft.com
557 relays.ordb.org
516 work.drbl.croco.net
507 ztl.dorkslayers.com
486 block.blars.org
443 korea.services.net
440 blackholes.intersil.net
365 blackholes.wirehub.net
351 t1.bl.reynolds.net.au
328 relays.visi.com
326 orbs.dorkslayers.com
324 blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
306 blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
244 relays.osirusoft.com (result 127.0.0.4 = spam source)
181 blacklist.spambag.org
169 blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
165 flowgoaway.com
162 spews.relays.osirusoft.com
145 relays.osirusoft.com (result 127.0.0.9 = open socks proxy)
145 socks.relays.osirusoft.com
143 spamsources.fabel.dk
141 proxies.relays.monkeys.com
140 blackholes.2mbit.com (union of all results)
114 3y.spam.mrs.kithrup.com
108 spamsources.relays.osirusoft.com (union of all results)
104 spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
94 spamguard.leadmon.net (union of all results)
93 ipwhois.rfc-ignorant.org
83 relays.dorkslayers.com
79 spam.wytnij.to
69 blackholes.2mbit.com (result 127.0.0.2 = relay)
66 blackholes.2mbit.com (result 127.0.0.10 = spam haven)
55 dev.null.dk
49 blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
46 spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
44 spamguard.leadmon.net (result 127.0.0.2 = dialup)
40 opm.blitzed.org
39 spammers.v6net.org
32 spamhaus.relays.osirusoft.com
31 sbl.spamhaus.org
30 http.opm.blitzed.org
30 formmail.relays.monkeys.com
29 dynablock.wirehub.net (result 127.0.0.2 = dialup)
29 dynablock.wirehub.net (union of all results)
21 relays.osirusoft.com (result 127.0.0.6 = spamsites)
20 dews.qmail.org
14 socks.opm.blitzed.org
14 dnsbl.njabl.org (result 127.0.0.3 = dialup)
9 dialups.relays.osirusoft.com
9 relays.osirusoft.com (result 127.0.0.3 = dialup)
5 blackholes.2mbit.com (result 127.0.0.4 = spam source)
4 spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
4 spamguard.leadmon.net (result 127.0.0.3 = spam source)
2 spamsites.relays.osirusoft.com (result 127.0.0.6)
2 blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
2 pm0-no-more.compu.net
2 spamsites.relays.osirusoft.com (union of all results)
1 blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
1 ex.dnsbl.org (result 127.0.0.2 = spamsites)

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

7239 (total number of IP addresses whose names were tested, including 424 at SDSC)
1013 (union of all domain zones)
684 abuse.rfc-ignorant.org
390 whois.rfc-ignorant.org
7 client-domain.sjesl.monkeys.com
5 postmaster.rfc-ignorant.org
4 dsn.rfc-ignorant.org (zone not intended for this use)
3 sender-domain.sjesl.monkeys.com (zone not intended for this use)
1 helo-domain.sjesl.monkeys.com (zone not intended for this use)
1 ex.dnsbl.org (result 127.0.0.2 = spamsites)
1 ex.dnsbl.org (union of all results)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

4822 (total number of domains tested, including 180 at SDSC)
651 (union of all domain zones)
246 whois.rfc-ignorant.org
208 abuse.rfc-ignorant.org
140 sender-domain.sjesl.monkeys.com
103 postmaster.rfc-ignorant.org
74 dsn.rfc-ignorant.org
71 helo-domain.sjesl.monkeys.com (zone not intended for this use)
49 client-domain.sjesl.monkeys.com (zone not intended for this use)
32 ex.dnsbl.org (union of all results)
26 ex.dnsbl.org (result 127.0.0.2 = spamsites)
6 bandwidth-pigs.monkeys.com
6 ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 1 April 2002.

Hits	DNS Zone
7239	(total number of IP addresses tested, including 424 at SDSC)
3319	(union of most IP zones)
2321	xbl.selwerd.cx
1538	blackholes.five-ten-sg.com (union of all results)
1347	bl.spamcop.net
998	relays.osirusoft.com (union of all results)
937	dnsbl.njabl.org (union of all results)
923	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
730	blocktest.relays.osirusoft.com (not a blacklist!)
687	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
610	relays.osirusoft.com (result 127.0.0.2 = relay)
606	inputs.relays.osirusoft.com
557	relays.ordb.org
516	work.drbl.croco.net
507	ztl.dorkslayers.com
486	block.blars.org
443	korea.services.net
440	blackholes.intersil.net
365	blackholes.wirehub.net
351	t1.bl.reynolds.net.au
328	relays.visi.com
326	orbs.dorkslayers.com
324	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
306	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
244	relays.osirusoft.com (result 127.0.0.4 = spam source)
181	blacklist.spambag.org
169	blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
165	flowgoaway.com
162	spews.relays.osirusoft.com
145	relays.osirusoft.com (result 127.0.0.9 = open socks proxy)
145	socks.relays.osirusoft.com
143	spamsources.fabel.dk
141	proxies.relays.monkeys.com
140	blackholes.2mbit.com (union of all results)
114	3y.spam.mrs.kithrup.com
108	spamsources.relays.osirusoft.com (union of all results)
104	spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
94	spamguard.leadmon.net (union of all results)
93	ipwhois.rfc-ignorant.org
83	relays.dorkslayers.com
79	spam.wytnij.to
69	blackholes.2mbit.com (result 127.0.0.2 = relay)
66	blackholes.2mbit.com (result 127.0.0.10 = spam haven)
55	dev.null.dk
49	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
46	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
44	spamguard.leadmon.net (result 127.0.0.2 = dialup)
40	opm.blitzed.org
39	spammers.v6net.org
32	spamhaus.relays.osirusoft.com
31	sbl.spamhaus.org
30	http.opm.blitzed.org
30	formmail.relays.monkeys.com
29	dynablock.wirehub.net (result 127.0.0.2 = dialup)
29	dynablock.wirehub.net (union of all results)
21	relays.osirusoft.com (result 127.0.0.6 = spamsites)
20	dews.qmail.org
14	socks.opm.blitzed.org
14	dnsbl.njabl.org (result 127.0.0.3 = dialup)
9	dialups.relays.osirusoft.com
9	relays.osirusoft.com (result 127.0.0.3 = dialup)
5	blackholes.2mbit.com (result 127.0.0.4 = spam source)
4	spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
4	spamguard.leadmon.net (result 127.0.0.3 = spam source)
2	spamsites.relays.osirusoft.com (result 127.0.0.6)
2	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
2	pm0-no-more.compu.net
2	spamsites.relays.osirusoft.com (union of all results)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
1	ex.dnsbl.org (result 127.0.0.2 = spamsites)

Hits	DNS Zone
4822	(total number of domains tested, including 180 at SDSC)
651	(union of all domain zones)
246	whois.rfc-ignorant.org
208	abuse.rfc-ignorant.org
140	sender-domain.sjesl.monkeys.com
103	postmaster.rfc-ignorant.org
74	dsn.rfc-ignorant.org
71	helo-domain.sjesl.monkeys.com (zone not intended for this use)
49	client-domain.sjesl.monkeys.com (zone not intended for this use)
32	ex.dnsbl.org (union of all results)
26	ex.dnsbl.org (result 127.0.0.2 = spamsites)
6	bandwidth-pigs.monkeys.com
6	ex.dnsbl.org (result 127.0.0.3 = spam source)