Blacklists Compared

27 April 2002

[ Fighting Spam | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

HitsDNS Zone
7927(total number of IP addresses tested, including 403 at SDSC)
3557(union of most IP zones)
2812xbl.selwerd.cx
1802blackholes.five-ten-sg.com (union of all results)
1062bl.spamcop.net
897blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
858relays.osirusoft.com (union of all results)
826dnsbl.njabl.org (union of all results)
820dnsbl.njabl.org (result 127.0.0.2 = source or relay)
611korea.services.net
558ztl.dorkslayers.com
533block.blars.org
510work.drbl.croco.net
458blackholes.intersil.net
452relays.ordb.org
448unconfirmed.dsbl.org
407relays.osirusoft.com (result 127.0.0.2 = relay)
396inputs.relays.osirusoft.com
364blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
354ipwhois.rfc-ignorant.org
345relays.visi.com
305blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
294orbs.dorkslayers.com
279t1.bl.reynolds.net.au
277relays.osirusoft.com (result 127.0.0.4 = spam source)
271blackholes.wirehub.net
232blackholes.2mbit.com (union of all results)
204blacklist.spambag.org
196spamsources.fabel.dk
179proxies.relays.monkeys.com
178list.dsbl.org
177spews.relays.osirusoft.com
175blocktest.relays.osirusoft.com (not a blacklist!)
175blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
172flowgoaway.com
144relays.osirusoft.com (result 127.0.0.9 = open proxy)
1253y.spam.mrs.kithrup.com
116spamsources.relays.osirusoft.com (union of all results)
112spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
103spam.wytnij.to
92multihop.dsbl.org
89blackholes.2mbit.com (result 127.0.0.4 = spam source)
89sbl.spamhaus.org
84spamguard.leadmon.net (union of all results)
82blackholes.2mbit.com (result 127.0.0.10 = spam haven)
72relays.dorkslayers.com
64spamhaus.relays.osirusoft.com
57spamguard.leadmon.net (result 127.0.0.2 = dialup)
56blackholes.2mbit.com (result 127.0.0.2 = relay)
56relays.osirusoft.com (result 127.0.0.6 = spamsites)
56formmail.relays.monkeys.com
55blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
41opm.blitzed.org
36http.opm.blitzed.org
35spammers.v6net.org
27dews.qmail.org
21dynablock.wirehub.net (result 127.0.0.2 = dialup)
21spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
21dynablock.wirehub.net (union of all results)
8dialups.relays.osirusoft.com
8relays.osirusoft.com (result 127.0.0.3 = dialup)
6dnsbl.njabl.org (result 127.0.0.3 = dialup)
6spamguard.leadmon.net (result 127.0.0.3 = spam source)
5blackholes.2mbit.com (result 127.0.0.9 = open proxy)
5socks.opm.blitzed.org
5spamsites.relays.osirusoft.com (result 127.0.0.6)
5socks.relays.osirusoft.com
5blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
5spamsites.relays.osirusoft.com (union of all results)
4spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
3blackhole.compu.net
1wingate.opm.blitzed.org
1blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
1pm0-no-more.compu.net

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
7927(total number of IP addresses whose names were tested, including 403 at SDSC)
1225(union of all domain zones)
838abuse.rfc-ignorant.org
498whois.rfc-ignorant.org (union of all results)
257whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
241whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
13postmaster.rfc-ignorant.org
8client-domain.sjesl.monkeys.com
2sender-domain.sjesl.monkeys.com (zone not intended for this use)
1dsn.rfc-ignorant.org (zone not intended for this use)
1helo-domain.sjesl.monkeys.com (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
5265(total number of domains tested, including 160 at SDSC)
782(union of all domain zones)
318whois.rfc-ignorant.org (union of all results)
272abuse.rfc-ignorant.org
251whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
151postmaster.rfc-ignorant.org
150sender-domain.sjesl.monkeys.com
80helo-domain.sjesl.monkeys.com (zone not intended for this use)
68dsn.rfc-ignorant.org
67whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
57client-domain.sjesl.monkeys.com (zone not intended for this use)
27ex.dnsbl.org (union of all results)
23ex.dnsbl.org (result 127.0.0.2 = spamsites)
6bandwidth-pigs.monkeys.com
4ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 28 April 2002.