Blacklists Compared

11 May 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

HitsDNS Zone
7717(total number of IP addresses tested, including 425 at SDSC)
3558(union of most IP zones)
2766xbl.selwerd.cx
1697blackholes.five-ten-sg.com (union of all results)
1046bl.spamcop.net
862blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
847relays.osirusoft.com (union of all results)
830dnsbl.njabl.org (union of all results)
818dnsbl.njabl.org (result 127.0.0.2 = source or relay)
649block.blars.org
585korea.services.net
554unconfirmed.dsbl.org
501work.drbl.croco.net
461ztl.dorkslayers.com
455blackholes.intersil.net
430blocktest.relays.osirusoft.com (not a blacklist!)
426inputs.relays.osirusoft.com
414relays.osirusoft.com (result 127.0.0.2 = relay)
369blackholes.2mbit.com (union of all results)
366blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
364blackholes.wirehub.net
354relays.visi.com
319list.dsbl.org
314ipwhois.rfc-ignorant.org
295relays.osirusoft.com (result 127.0.0.4 = spam source)
280orbs.dorkslayers.com
264spews.relays.osirusoft.com
263relays.ordb.org
256blacklist.spambag.org
237t1.bl.reynolds.net.au
209blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
193blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
171spamsources.fabel.dk
170flowgoaway.com
165proxies.relays.monkeys.com
1563y.spam.mrs.kithrup.com
123multihop.dsbl.org
119relays.osirusoft.com (result 127.0.0.9 = open proxy)
115blackholes.2mbit.com (result 127.0.0.9 = open proxy)
111blackholes.2mbit.com (result 127.0.0.2 = relay)
104spamsources.relays.osirusoft.com (union of all results)
100spamguard.leadmon.net (union of all results)
97spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
87blackholes.2mbit.com (result 127.0.0.4 = spam source)
87sbl.spamhaus.org
77spam.wytnij.to
70spamhaus.relays.osirusoft.com
65spamguard.leadmon.net (result 127.0.0.2 = dialup)
59blackholes.2mbit.com (result 127.0.0.10 = spam haven)
59blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
54relays.osirusoft.com (result 127.0.0.6 = spamsites)
51opm.blitzed.org
51dews.qmail.org
47relays.dorkslayers.com
46formmail.relays.monkeys.com
41http.opm.blitzed.org
35dynablock.wirehub.net (result 127.0.0.2 = dialup)
35spammers.v6net.org
35dynablock.wirehub.net (union of all results)
29spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
13socks.opm.blitzed.org
13dialups.relays.osirusoft.com
13relays.osirusoft.com (result 127.0.0.3 = dialup)
12dnsbl.njabl.org (result 127.0.0.3 = dialup)
7spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
6socks.relays.osirusoft.com
6spamguard.leadmon.net (result 127.0.0.3 = spam source)
6blackhole.compu.net
4blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
4blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
1spamsites.relays.osirusoft.com (result 127.0.0.6)
1pm0-no-more.compu.net
1spamsites.relays.osirusoft.com (union of all results)

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
7717(total number of IP addresses whose names were tested, including 425 at SDSC)
1172(union of all domain zones)
853abuse.rfc-ignorant.org
816whois.rfc-ignorant.org (union of all results)
633whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
183whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
8postmaster.rfc-ignorant.org
7client-domain.sjesl.monkeys.com
4sender-domain.sjesl.monkeys.com (zone not intended for this use)
1dsn.rfc-ignorant.org (zone not intended for this use)
1helo-domain.sjesl.monkeys.com (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
5148(total number of domains tested, including 191 at SDSC)
721(union of all domain zones)
281whois.rfc-ignorant.org (union of all results)
268abuse.rfc-ignorant.org
205whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
143sender-domain.sjesl.monkeys.com
129postmaster.rfc-ignorant.org
78helo-domain.sjesl.monkeys.com (zone not intended for this use)
76whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
64dsn.rfc-ignorant.org
52client-domain.sjesl.monkeys.com (zone not intended for this use)
22ex.dnsbl.org (union of all results)
20ex.dnsbl.org (result 127.0.0.2 = spamsites)
6bandwidth-pigs.monkeys.com
2ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 12 May 2002.