Blacklists Compared

6 July 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

HitsDNS Zone
7033(total number of IP addresses tested, including 404 at SDSC)
3610(union of most IP zones)
2719xbl.selwerd.cx
1829blackholes.five-ten-sg.com (union of all results)
1091no-more-funn.moensted.dk (union of all results)
1088bl.spamcop.net
1026blocktest.relays.osirusoft.com (not a blacklist!)
976relays.osirusoft.com (union of all results)
823spam.dnsrbl.net
776blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
675no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
626dnsbl.njabl.org (union of all results)
613block.blars.org
602dnsbl.njabl.org (result 127.0.0.2 = source or relay)
601ztl.dorkslayers.com
535unconfirmed.dsbl.org
489korea.services.net
471blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
461work.drbl.croco.net
430relays.osirusoft.com (result 127.0.0.4 = spam source)
362spews.relays.osirusoft.com
353ipwhois.rfc-ignorant.org
336blackholes.intersil.net
333blackholes.wirehub.net
324ybl.megacity.org
324relays.osirusoft.com (result 127.0.0.2 = relay)
324inputs.relays.osirusoft.com
300list.dsbl.org
286blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
271t1.bl.reynolds.net.au
255blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
244proxies.relays.monkeys.com
233relays.bl.kundenserver.de
221socks.relays.osirusoft.com
221relays.osirusoft.com (result 127.0.0.9 = open proxy)
214relays.ordb.org
211multihop.dsbl.org
205relays.visi.com
197no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
172no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
172flowgoaway.com
170blacklist.spambag.org
152orbs.dorkslayers.com
142spamsources.fabel.dk
1283y.spam.mrs.kithrup.com
123dun.dnsrbl.net
118spam.wytnij.to
108opm.blitzed.org
100spamsources.relays.osirusoft.com (union of all results)
88http.opm.blitzed.org
85spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
78spamguard.leadmon.net (union of all results)
70relays.osirusoft.com (result 127.0.0.6 = spamsites)
64sbl.spamhaus.org
63spamhaus.relays.osirusoft.com
58spamguard.leadmon.net (result 127.0.0.2 = dialup)
38blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
36formmail.relays.monkeys.com
32spammers.v6net.org
30relays.dorkslayers.com
29socks.opm.blitzed.org
26dynablock.wirehub.net (result 127.0.0.2 = dialup)
26dynablock.wirehub.net (union of all results)
24dnsbl.njabl.org (result 127.0.0.3 = dialup)
23no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
22dialups.relays.osirusoft.com
22no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
21relays.osirusoft.com (result 127.0.0.3 = dialup)
15spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
14spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
6proxies.relays.osirusoft.com
6spamguard.leadmon.net (result 127.0.0.3 = spam source)
6blackhole.compu.net
5spamsites.relays.osirusoft.com (result 127.0.0.6)
5spamsites.relays.osirusoft.com (union of all results)
4wingate.opm.blitzed.org
2no-more-funn.moensted.dk (result 127.0.0.9 = misc)
2blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
1blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
1pm0-no-more.compu.net

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
7033(total number of IP addresses whose names were tested, including 404 at SDSC)
1106(union of all domain zones)
784abuse.rfc-ignorant.org
771whois.rfc-ignorant.org (union of all results)
581whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
190whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
7client-domain.sjesl.monkeys.com
6sender-domain.sjesl.monkeys.com (zone not intended for this use)
3postmaster.rfc-ignorant.org
3helo-domain.sjesl.monkeys.com (zone not intended for this use)
1dsn.rfc-ignorant.org (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
4592(total number of domains tested, including 212 at SDSC)
676(union of all domain zones)
276abuse.rfc-ignorant.org
241whois.rfc-ignorant.org (union of all results)
179whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
134sender-domain.sjesl.monkeys.com
126postmaster.rfc-ignorant.org
91helo-domain.sjesl.monkeys.com (zone not intended for this use)
62whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
59dsn.rfc-ignorant.org
56client-domain.sjesl.monkeys.com (zone not intended for this use)
29ex.dnsbl.org (union of all results)
20ex.dnsbl.org (result 127.0.0.2 = spamsites)
9ex.dnsbl.org (result 127.0.0.3 = spam source)
5bandwidth-pigs.monkeys.com
2in.dnsbl.org (result 127.0.0.2 = spam source)
2in.dnsbl.org (union of all results)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 7 July 2002.