Blacklists Compared, 14-Sep-02

Blacklists Compared

14 September 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net" and the pm0-no-more.compu.net zone "blocks all pm0 email."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

8464 (total number of IP addresses whose names were tested, including 648 at SDSC)
1514 (union of all domain zones)
1209 abuse.rfc-ignorant.org
458 whois.rfc-ignorant.org (union of all results)
251 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
207 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
6 postmaster.rfc-ignorant.org
6 dsn.rfc-ignorant.org (zone not intended for this use)
5 sender-domain.sjesl.monkeys.com (zone not intended for this use)
5 client-domain.sjesl.monkeys.com
2 helo-domain.sjesl.monkeys.com (zone not intended for this use)
1 ex.dnsbl.org (result 127.0.0.2 = spamsites)
1 ex.dnsbl.org (union of all results)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

5508 (total number of domains tested, including 214 at SDSC)
892 (union of all domain zones)
374 abuse.rfc-ignorant.org
321 whois.rfc-ignorant.org (union of all results)
208 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
176 postmaster.rfc-ignorant.org
145 sender-domain.sjesl.monkeys.com
113 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
101 dsn.rfc-ignorant.org
99 helo-domain.sjesl.monkeys.com (zone not intended for this use)
72 client-domain.sjesl.monkeys.com (zone not intended for this use)
35 ex.dnsbl.org (union of all results)
24 ex.dnsbl.org (result 127.0.0.2 = spamsites)
11 ex.dnsbl.org (result 127.0.0.3 = spam source)
7 bandwidth-pigs.monkeys.com
1 in.dnsbl.org (result 127.0.0.2 = spam source)
1 in.dnsbl.org (union of all results)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 16 September 2002.

Hits	DNS Zone
8464	(total number of IP addresses tested, including 648 at SDSC)
4841	(union of most IP zones)
3427	xbl.selwerd.cx
2314	blackholes.five-ten-sg.com (union of all results)
1276	no-more-funn.moensted.dk (union of all results)
1209	block.blars.org
1157	bl.spamcop.net
1073	relays.osirusoft.com (union of all results)
906	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
826	ztl.dorkslayers.com
798	cw.blackholes.us
789	blackholes.wirehub.net
774	dnsbl.njabl.org (union of all results)
765	cn-kr.blackholes.us (union of all results)
753	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
731	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
731	spam.dnsrbl.net
692	unconfirmed.dsbl.org
628	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
546	ipwhois.rfc-ignorant.org
523	ybl.megacity.org
510	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
510	korea.blackholes.us
507	korea.services.net
495	t1.bl.reynolds.net.au
495	relays.osirusoft.com (result 127.0.0.4 = spam source)
480	blackholes.intersil.net
385	spews.relays.osirusoft.com
381	list.dsbl.org
379	mail-abuse.blacklist.jippg.org
361	inputs.relays.osirusoft.com
358	relays.osirusoft.com (result 127.0.0.2 = relay)
347	assholes.madscience.nl
334	blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
319	relays.bl.kundenserver.de
316	relays.ordb.org
316	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
309	proxies.relays.monkeys.com
290	relays.visi.com
284	multihop.dsbl.org
255	cn-kr.blackholes.us (result 127.0.0.2 = China)
255	china.blackholes.us
245	spam.wytnij.to
238	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
236	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
216	flowgoaway.com
206	spamsources.relays.osirusoft.com (union of all results)
203	relays.osirusoft.com (result 127.0.0.9 = open proxy)
195	socks.relays.osirusoft.com
189	blacklist.spambag.org
188	spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
176	sbl.spamhaus.org
157	verio.blackholes.us
153	spamhaus.relays.osirusoft.com
149	relays.osirusoft.com (result 127.0.0.6 = spamsites)
149	dev.null.dk
139	orbs.dorkslayers.com
137	spamsources.fabel.dk
132	3y.spam.mrs.kithrup.com
125	work.drbl.croco.net
121	opm.blitzed.org
114	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
112	brazil.blackholes.us
100	level3.blackholes.us
100	http.opm.blitzed.org
99	xo.blackholes.us
99	dun.dnsrbl.net
81	spamguard.leadmon.net (union of all results)
77	blocktest.relays.osirusoft.com (not a blacklist!)
75	taiwan.blackholes.us
71	dnsbl.delink.net
69	rr.blackholes.us
65	spamguard.leadmon.net (result 127.0.0.2 = dialup)
57	blackhole.compu.net
52	japan.blackholes.us
48	ciberlynx.blackholes.us
48	dialups.relays.osirusoft.com (union of all results)
47	argentina.blackholes.us
44	rackspace.blackholes.us
43	dnsbl.njabl.org (result 127.0.0.3 = dialup)
41	formmail.relays.monkeys.com
38	dynablock.wirehub.net (result 127.0.0.2 = dialup)
38	dynablock.wirehub.net (union of all results)
37	inflow.blackholes.us
35	dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
33	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
28	socks.opm.blitzed.org
28	relays.osirusoft.com (result 127.0.0.3 = dialup)
25	nigeria.blackholes.us
24	relays.dorkslayers.com
20	eli.blackholes.us
19	russia.blackholes.us
18	broadwing.blackholes.us
17	thailand.blackholes.us
17	spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
14	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
13	proxies.relays.osirusoft.com
13	dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
11	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
9	epoch.blackholes.us
9	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
6	wanadoo-fr.blackholes.us
4	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
4	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
3	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
2	valueweb.blackholes.us
2	skynetweb.blackholes.us
2	spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
2	spamguard.leadmon.net (result 127.0.0.3 = spam source)
2	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
2	dialup.blacklist.jippg.org (union of all results)
1	wingate.opm.blitzed.org
1	spamsites.relays.osirusoft.com (result 127.0.0.6)
1	relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
1	ex.dnsbl.org (result 127.0.0.2 = spamsites)
1	pm0-no-more.compu.net
1	spamsites.relays.osirusoft.com (union of all results)

Hits	DNS Zone
5508	(total number of domains tested, including 214 at SDSC)
892	(union of all domain zones)
374	abuse.rfc-ignorant.org
321	whois.rfc-ignorant.org (union of all results)
208	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
176	postmaster.rfc-ignorant.org
145	sender-domain.sjesl.monkeys.com
113	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
101	dsn.rfc-ignorant.org
99	helo-domain.sjesl.monkeys.com (zone not intended for this use)
72	client-domain.sjesl.monkeys.com (zone not intended for this use)
35	ex.dnsbl.org (union of all results)
24	ex.dnsbl.org (result 127.0.0.2 = spamsites)
11	ex.dnsbl.org (result 127.0.0.3 = spam source)
7	bandwidth-pigs.monkeys.com
1	in.dnsbl.org (result 127.0.0.2 = spam source)
1	in.dnsbl.org (union of all results)