Blacklists Compared

1 June 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

HitsDNS Zone
7506(total number of IP addresses tested, including 421 at SDSC)
3730(union of most IP zones)
2851xbl.selwerd.cx
1853blackholes.five-ten-sg.com (union of all results)
1370blocktest.relays.osirusoft.com (not a blacklist!)
1171no-more-funn.moensted.dk (union of all results)
1044bl.spamcop.net
1035relays.osirusoft.com (union of all results)
1001blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
822dnsbl.njabl.org (union of all results)
818no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
812dnsbl.njabl.org (result 127.0.0.2 = source or relay)
694unconfirmed.dsbl.org
652block.blars.org
644korea.services.net
591work.drbl.croco.net
591ztl.dorkslayers.com
475inputs.relays.osirusoft.com
473relays.osirusoft.com (result 127.0.0.2 = relay)
449blackholes.intersil.net
441blackholes.wirehub.net
412relays.osirusoft.com (result 127.0.0.4 = spam source)
403list.dsbl.org
367spews.relays.osirusoft.com
347relays.ordb.org
333ipwhois.rfc-ignorant.org
328relays.visi.com
314blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
270t1.bl.reynolds.net.au
263blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
242blacklist.spambag.org
238multihop.dsbl.org
231orbs.dorkslayers.com
221blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
191spamsources.fabel.dk
165flowgoaway.com
160no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
1463y.spam.mrs.kithrup.com
131proxies.relays.monkeys.com
129relays.osirusoft.com (result 127.0.0.9 = open proxy)
120no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
113spam.wytnij.to
105sbl.spamhaus.org
101relays.osirusoft.com (result 127.0.0.6 = spamsites)
98spamhaus.relays.osirusoft.com
83spamsources.relays.osirusoft.com (union of all results)
82spamguard.leadmon.net (union of all results)
80spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
60dews.qmail.org
53spamguard.leadmon.net (result 127.0.0.2 = dialup)
53blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
48no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
44opm.blitzed.org
42formmail.relays.monkeys.com
42relays.dorkslayers.com
35spammers.v6net.org
35http.opm.blitzed.org
31dynablock.wirehub.net (result 127.0.0.2 = dialup)
31dynablock.wirehub.net (union of all results)
25no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
22spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
16dialups.relays.osirusoft.com
16relays.osirusoft.com (result 127.0.0.3 = dialup)
13socks.opm.blitzed.org
12dnsbl.njabl.org (result 127.0.0.3 = dialup)
12blackhole.compu.net
7socks.relays.osirusoft.com
7spamguard.leadmon.net (result 127.0.0.3 = spam source)
3spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
2spamsites.relays.osirusoft.com (result 127.0.0.6)
2spamsites.relays.osirusoft.com (union of all results)
1blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
1pm0-no-more.compu.net

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
7506(total number of IP addresses whose names were tested, including 421 at SDSC)
1143(union of all domain zones)
809abuse.rfc-ignorant.org
782whois.rfc-ignorant.org (union of all results)
570whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
212whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
9postmaster.rfc-ignorant.org
6sender-domain.sjesl.monkeys.com (zone not intended for this use)
6client-domain.sjesl.monkeys.com
3helo-domain.sjesl.monkeys.com (zone not intended for this use)
2dsn.rfc-ignorant.org (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
5017(total number of domains tested, including 198 at SDSC)
738(union of all domain zones)
296whois.rfc-ignorant.org (union of all results)
268abuse.rfc-ignorant.org
211whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
149sender-domain.sjesl.monkeys.com
140postmaster.rfc-ignorant.org
85whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
85helo-domain.sjesl.monkeys.com (zone not intended for this use)
66dsn.rfc-ignorant.org
59client-domain.sjesl.monkeys.com (zone not intended for this use)
21ex.dnsbl.org (union of all results)
18ex.dnsbl.org (result 127.0.0.2 = spamsites)
6bandwidth-pigs.monkeys.com
3ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 2 June 2002.