Blacklists Compared, 6-Apr-02

Blacklists Compared

6 April 2002

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

Hits DNS Zone

7627 (total number of IP addresses tested, including 417 at SDSC)
3406 (union of most IP zones)
2560 xbl.selwerd.cx
1707 blackholes.five-ten-sg.com (union of all results)
1135 bl.spamcop.net
1047 relays.osirusoft.com (union of all results)
972 dnsbl.njabl.org (union of all results)
963 dnsbl.njabl.org (result 127.0.0.2 = source or relay)
859 blocktest.relays.osirusoft.com (not a blacklist!)
770 blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
631 inputs.relays.osirusoft.com
630 relays.osirusoft.com (result 127.0.0.2 = relay)
553 relays.ordb.org
521 ztl.dorkslayers.com
491 block.blars.org
487 korea.services.net
459 blackholes.intersil.net
454 relays.visi.com
452 work.drbl.croco.net
434 blackholes.wirehub.net
381 t1.bl.reynolds.net.au
366 orbs.dorkslayers.com
324 blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
315 blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
243 relays.osirusoft.com (result 127.0.0.4 = spam source)
210 blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
198 blacklist.spambag.org
194 blackholes.2mbit.com (union of all results)
162 spews.relays.osirusoft.com
162 flowgoaway.com
161 proxies.relays.monkeys.com
159 spamsources.fabel.dk
149 socks.relays.osirusoft.com
148 relays.osirusoft.com (result 127.0.0.9 = open proxy)
125 3y.spam.mrs.kithrup.com
108 ipwhois.rfc-ignorant.org
102 spam.wytnij.to
102 relays.dorkslayers.com
99 spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
99 spamsources.relays.osirusoft.com (union of all results)
87 blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
87 spamguard.leadmon.net (union of all results)
86 blackholes.2mbit.com (result 127.0.0.2 = relay)
76 blackholes.2mbit.com (result 127.0.0.10 = spam haven)
74 unconfirmed.dsbl.org
62 list.dsbl.org
47 spamguard.leadmon.net (result 127.0.0.2 = dialup)
41 sbl.spamhaus.org
40 spammers.v6net.org
39 spamhaus.relays.osirusoft.com
36 opm.blitzed.org
34 relays.osirusoft.com (result 127.0.0.6 = spamsites)
33 spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
28 http.opm.blitzed.org
26 blackholes.2mbit.com (result 127.0.0.4 = spam source)
24 dews.qmail.org
23 dynablock.wirehub.net (result 127.0.0.2 = dialup)
23 formmail.relays.monkeys.com
23 dynablock.wirehub.net (union of all results)
14 dialups.relays.osirusoft.com
13 relays.osirusoft.com (result 127.0.0.3 = dialup)
10 socks.opm.blitzed.org
9 dnsbl.njabl.org (result 127.0.0.3 = dialup)
7 spamguard.leadmon.net (result 127.0.0.3 = spam source)
6 blackholes.2mbit.com (result 127.0.0.9 = open proxy)
5 spamsites.relays.osirusoft.com (result 127.0.0.6)
5 spamsites.relays.osirusoft.com (union of all results)
1 wingate.opm.blitzed.org
1 blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
1 pm0-no-more.compu.net

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

7627 (total number of IP addresses whose names were tested, including 417 at SDSC)
1108 (union of all domain zones)
756 abuse.rfc-ignorant.org
424 whois.rfc-ignorant.org
9 postmaster.rfc-ignorant.org
5 client-domain.sjesl.monkeys.com
4 dsn.rfc-ignorant.org (zone not intended for this use)
2 sender-domain.sjesl.monkeys.com (zone not intended for this use)
1 bandwidth-pigs.monkeys.com
1 helo-domain.sjesl.monkeys.com (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

4994 (total number of domains tested, including 172 at SDSC)
648 (union of all domain zones)
248 whois.rfc-ignorant.org
212 abuse.rfc-ignorant.org
132 sender-domain.sjesl.monkeys.com
117 postmaster.rfc-ignorant.org
69 helo-domain.sjesl.monkeys.com (zone not intended for this use)
56 dsn.rfc-ignorant.org
52 client-domain.sjesl.monkeys.com (zone not intended for this use)
25 ex.dnsbl.org (union of all results)
22 ex.dnsbl.org (result 127.0.0.2 = spamsites)
7 bandwidth-pigs.monkeys.com
3 ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 8 April 2002.

Hits	DNS Zone
7627	(total number of IP addresses tested, including 417 at SDSC)
3406	(union of most IP zones)
2560	xbl.selwerd.cx
1707	blackholes.five-ten-sg.com (union of all results)
1135	bl.spamcop.net
1047	relays.osirusoft.com (union of all results)
972	dnsbl.njabl.org (union of all results)
963	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
859	blocktest.relays.osirusoft.com (not a blacklist!)
770	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
631	inputs.relays.osirusoft.com
630	relays.osirusoft.com (result 127.0.0.2 = relay)
553	relays.ordb.org
521	ztl.dorkslayers.com
491	block.blars.org
487	korea.services.net
459	blackholes.intersil.net
454	relays.visi.com
452	work.drbl.croco.net
434	blackholes.wirehub.net
381	t1.bl.reynolds.net.au
366	orbs.dorkslayers.com
324	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
315	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
243	relays.osirusoft.com (result 127.0.0.4 = spam source)
210	blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
198	blacklist.spambag.org
194	blackholes.2mbit.com (union of all results)
162	spews.relays.osirusoft.com
162	flowgoaway.com
161	proxies.relays.monkeys.com
159	spamsources.fabel.dk
149	socks.relays.osirusoft.com
148	relays.osirusoft.com (result 127.0.0.9 = open proxy)
125	3y.spam.mrs.kithrup.com
108	ipwhois.rfc-ignorant.org
102	spam.wytnij.to
102	relays.dorkslayers.com
99	spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
99	spamsources.relays.osirusoft.com (union of all results)
87	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
87	spamguard.leadmon.net (union of all results)
86	blackholes.2mbit.com (result 127.0.0.2 = relay)
76	blackholes.2mbit.com (result 127.0.0.10 = spam haven)
74	unconfirmed.dsbl.org
62	list.dsbl.org
47	spamguard.leadmon.net (result 127.0.0.2 = dialup)
41	sbl.spamhaus.org
40	spammers.v6net.org
39	spamhaus.relays.osirusoft.com
36	opm.blitzed.org
34	relays.osirusoft.com (result 127.0.0.6 = spamsites)
33	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
28	http.opm.blitzed.org
26	blackholes.2mbit.com (result 127.0.0.4 = spam source)
24	dews.qmail.org
23	dynablock.wirehub.net (result 127.0.0.2 = dialup)
23	formmail.relays.monkeys.com
23	dynablock.wirehub.net (union of all results)
14	dialups.relays.osirusoft.com
13	relays.osirusoft.com (result 127.0.0.3 = dialup)
10	socks.opm.blitzed.org
9	dnsbl.njabl.org (result 127.0.0.3 = dialup)
7	spamguard.leadmon.net (result 127.0.0.3 = spam source)
6	blackholes.2mbit.com (result 127.0.0.9 = open proxy)
5	spamsites.relays.osirusoft.com (result 127.0.0.6)
5	spamsites.relays.osirusoft.com (union of all results)
1	wingate.opm.blitzed.org
1	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
1	pm0-no-more.compu.net

Hits	DNS Zone
4994	(total number of domains tested, including 172 at SDSC)
648	(union of all domain zones)
248	whois.rfc-ignorant.org
212	abuse.rfc-ignorant.org
132	sender-domain.sjesl.monkeys.com
117	postmaster.rfc-ignorant.org
69	helo-domain.sjesl.monkeys.com (zone not intended for this use)
56	dsn.rfc-ignorant.org
52	client-domain.sjesl.monkeys.com (zone not intended for this use)
25	ex.dnsbl.org (union of all results)
22	ex.dnsbl.org (result 127.0.0.2 = spamsites)
7	bandwidth-pigs.monkeys.com
3	ex.dnsbl.org (result 127.0.0.3 = spam source)