Blacklists Compared, 13-Apr-02

Blacklists Compared

13 April 2002

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

Hits DNS Zone

7442 (total number of IP addresses tested, including 419 at SDSC)
3341 (union of most IP zones)
2612 xbl.selwerd.cx
1662 blackholes.five-ten-sg.com (union of all results)
1098 bl.spamcop.net
1065 relays.osirusoft.com (union of all results)
965 dnsbl.njabl.org (union of all results)
955 dnsbl.njabl.org (result 127.0.0.2 = source or relay)
793 blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
629 relays.osirusoft.com (result 127.0.0.2 = relay)
629 inputs.relays.osirusoft.com
563 relays.ordb.org
529 ztl.dorkslayers.com
502 block.blars.org
493 korea.services.net
469 blackholes.intersil.net
422 relays.visi.com
384 work.drbl.croco.net
348 blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
336 t1.bl.reynolds.net.au
312 blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
305 blackholes.wirehub.net
302 orbs.dorkslayers.com
286 relays.osirusoft.com (result 127.0.0.4 = spam source)
257 unconfirmed.dsbl.org
217 blackholes.2mbit.com (union of all results)
195 blacklist.spambag.org
181 spews.relays.osirusoft.com
173 flowgoaway.com
172 blocktest.relays.osirusoft.com (not a blacklist!)
165 blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
145 proxies.relays.monkeys.com
143 spamsources.fabel.dk
135 relays.osirusoft.com (result 127.0.0.9 = open proxy)
134 socks.relays.osirusoft.com
124 ipwhois.rfc-ignorant.org
123 spamsources.relays.osirusoft.com (union of all results)
120 spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
113 spam.wytnij.to
112 3y.spam.mrs.kithrup.com
89 blackholes.2mbit.com (result 127.0.0.2 = relay)
89 relays.dorkslayers.com
80 spamguard.leadmon.net (union of all results)
73 blackholes.2mbit.com (result 127.0.0.10 = spam haven)
59 sbl.spamhaus.org
48 blackholes.2mbit.com (result 127.0.0.4 = spam source)
45 opm.blitzed.org
44 spamguard.leadmon.net (result 127.0.0.2 = dialup)
41 blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
39 relays.osirusoft.com (result 127.0.0.6 = spamsites)
38 http.opm.blitzed.org
37 formmail.relays.monkeys.com
35 spamhaus.relays.osirusoft.com
35 dews.qmail.org
34 spammers.v6net.org
25 spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
21 dynablock.wirehub.net (result 127.0.0.2 = dialup)
21 dynablock.wirehub.net (union of all results)
12 list.dsbl.org
11 socks.opm.blitzed.org
10 dnsbl.njabl.org (result 127.0.0.3 = dialup)
10 spamguard.leadmon.net (result 127.0.0.3 = spam source)
9 dialups.relays.osirusoft.com
9 relays.osirusoft.com (result 127.0.0.3 = dialup)
7 blackholes.2mbit.com (result 127.0.0.9 = open proxy)
7 blackhole.compu.net
3 spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
3 spamsites.relays.osirusoft.com (result 127.0.0.6)
3 spamsites.relays.osirusoft.com (union of all results)
2 blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
2 pm0-no-more.compu.net
1 spamguard.leadmon.net (result 127.0.0.5 = relay)
1 blackholes.five-ten-sg.com (result 127.0.0.6 = relay)

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

7442 (total number of IP addresses whose names were tested, including 419 at SDSC)
937 (union of all domain zones)
768 abuse.rfc-ignorant.org
219 whois.rfc-ignorant.org
6 client-domain.sjesl.monkeys.com
5 dsn.rfc-ignorant.org (zone not intended for this use)
3 postmaster.rfc-ignorant.org
2 sender-domain.sjesl.monkeys.com (zone not intended for this use)
1 helo-domain.sjesl.monkeys.com (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

4912 (total number of domains tested, including 166 at SDSC)
500 (union of all domain zones)
247 abuse.rfc-ignorant.org
129 sender-domain.sjesl.monkeys.com
110 postmaster.rfc-ignorant.org
74 helo-domain.sjesl.monkeys.com (zone not intended for this use)
62 whois.rfc-ignorant.org
57 dsn.rfc-ignorant.org
54 client-domain.sjesl.monkeys.com (zone not intended for this use)
27 ex.dnsbl.org (union of all results)
24 ex.dnsbl.org (result 127.0.0.2 = spamsites)
6 bandwidth-pigs.monkeys.com
3 ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 15 April 2002.

Hits	DNS Zone
7442	(total number of IP addresses tested, including 419 at SDSC)
3341	(union of most IP zones)
2612	xbl.selwerd.cx
1662	blackholes.five-ten-sg.com (union of all results)
1098	bl.spamcop.net
1065	relays.osirusoft.com (union of all results)
965	dnsbl.njabl.org (union of all results)
955	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
793	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
629	relays.osirusoft.com (result 127.0.0.2 = relay)
629	inputs.relays.osirusoft.com
563	relays.ordb.org
529	ztl.dorkslayers.com
502	block.blars.org
493	korea.services.net
469	blackholes.intersil.net
422	relays.visi.com
384	work.drbl.croco.net
348	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
336	t1.bl.reynolds.net.au
312	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
305	blackholes.wirehub.net
302	orbs.dorkslayers.com
286	relays.osirusoft.com (result 127.0.0.4 = spam source)
257	unconfirmed.dsbl.org
217	blackholes.2mbit.com (union of all results)
195	blacklist.spambag.org
181	spews.relays.osirusoft.com
173	flowgoaway.com
172	blocktest.relays.osirusoft.com (not a blacklist!)
165	blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
145	proxies.relays.monkeys.com
143	spamsources.fabel.dk
135	relays.osirusoft.com (result 127.0.0.9 = open proxy)
134	socks.relays.osirusoft.com
124	ipwhois.rfc-ignorant.org
123	spamsources.relays.osirusoft.com (union of all results)
120	spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
113	spam.wytnij.to
112	3y.spam.mrs.kithrup.com
89	blackholes.2mbit.com (result 127.0.0.2 = relay)
89	relays.dorkslayers.com
80	spamguard.leadmon.net (union of all results)
73	blackholes.2mbit.com (result 127.0.0.10 = spam haven)
59	sbl.spamhaus.org
48	blackholes.2mbit.com (result 127.0.0.4 = spam source)
45	opm.blitzed.org
44	spamguard.leadmon.net (result 127.0.0.2 = dialup)
41	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
39	relays.osirusoft.com (result 127.0.0.6 = spamsites)
38	http.opm.blitzed.org
37	formmail.relays.monkeys.com
35	spamhaus.relays.osirusoft.com
35	dews.qmail.org
34	spammers.v6net.org
25	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
21	dynablock.wirehub.net (result 127.0.0.2 = dialup)
21	dynablock.wirehub.net (union of all results)
12	list.dsbl.org
11	socks.opm.blitzed.org
10	dnsbl.njabl.org (result 127.0.0.3 = dialup)
10	spamguard.leadmon.net (result 127.0.0.3 = spam source)
9	dialups.relays.osirusoft.com
9	relays.osirusoft.com (result 127.0.0.3 = dialup)
7	blackholes.2mbit.com (result 127.0.0.9 = open proxy)
7	blackhole.compu.net
3	spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
3	spamsites.relays.osirusoft.com (result 127.0.0.6)
3	spamsites.relays.osirusoft.com (union of all results)
2	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
2	pm0-no-more.compu.net
1	spamguard.leadmon.net (result 127.0.0.5 = relay)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = relay)

Hits	DNS Zone
4912	(total number of domains tested, including 166 at SDSC)
500	(union of all domain zones)
247	abuse.rfc-ignorant.org
129	sender-domain.sjesl.monkeys.com
110	postmaster.rfc-ignorant.org
74	helo-domain.sjesl.monkeys.com (zone not intended for this use)
62	whois.rfc-ignorant.org
57	dsn.rfc-ignorant.org
54	client-domain.sjesl.monkeys.com (zone not intended for this use)
27	ex.dnsbl.org (union of all results)
24	ex.dnsbl.org (result 127.0.0.2 = spamsites)
6	bandwidth-pigs.monkeys.com
3	ex.dnsbl.org (result 127.0.0.3 = spam source)