Blacklists Compared, 12-Oct-02

Blacklists Compared

12 October 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

8678 (total number of IP addresses whose names were tested, including 595 at SDSC)
1700 (union of all domain zones)
1298 abuse.rfc-ignorant.org
552 whois.rfc-ignorant.org (union of all results)
298 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
254 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
12 postmaster.rfc-ignorant.org
11 dsn.rfc-ignorant.org (zone not intended for this use)
8 client-domain.sjesl.monkeys.com
4 sender-domain.sjesl.monkeys.com (zone not intended for this use)
3 helo-domain.sjesl.monkeys.com (zone not intended for this use)
1 ex.dnsbl.org (result 127.0.0.2 = spamsites)
1 ex.dnsbl.org (union of all results)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

5857 (total number of domains tested, including 236 at SDSC)
1034 (union of all domain zones)
418 whois.rfc-ignorant.org (union of all results)
416 abuse.rfc-ignorant.org
297 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
195 postmaster.rfc-ignorant.org
144 sender-domain.sjesl.monkeys.com
121 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
119 dsn.rfc-ignorant.org
94 helo-domain.sjesl.monkeys.com (zone not intended for this use)
65 client-domain.sjesl.monkeys.com (zone not intended for this use)
31 ex.dnsbl.org (union of all results)
24 ex.dnsbl.org (result 127.0.0.2 = spamsites)
7 bandwidth-pigs.monkeys.com
7 ex.dnsbl.org (result 127.0.0.3 = spam source)
1 in.dnsbl.org (result 127.0.0.2 = spam source)
1 in.dnsbl.org (union of all results)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 15 October 2002.

Hits	DNS Zone
8678	(total number of IP addresses tested, including 595 at SDSC)
5189	(union of most IP zones)
3564	xbl.selwerd.cx
2483	blackholes.five-ten-sg.com (union of all results)
1398	bl.spamcop.net
1298	relays.osirusoft.com (union of all results)
1272	no-more-funn.moensted.dk (union of all results)
1239	block.blars.org
1218	blackholes.wirehub.net
1175	ztl.dorkslayers.com
931	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
775	cw.blackholes.us
764	dnsbl.njabl.org (union of all results)
749	cn-kr.blackholes.us (union of all results)
737	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
720	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
714	unconfirmed.dsbl.org
707	spam.dnsrbl.net
706	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
639	blackholes.intersil.net
569	relays.osirusoft.com (result 127.0.0.4 = spam source)
536	ipwhois.rfc-ignorant.org
515	ybl.megacity.org
514	proxies.relays.monkeys.com
505	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
505	korea.blackholes.us
500	korea.services.net
444	work.drbl.croco.net
398	t1.bl.reynolds.net.au
395	list.dsbl.org
390	blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
388	spews.relays.osirusoft.com
373	inputs.relays.osirusoft.com
370	relays.osirusoft.com (result 127.0.0.2 = relay)
366	assholes.madscience.nl
353	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
318	mail-abuse.blacklist.jippg.org
303	socks.relays.osirusoft.com
301	relays.osirusoft.com (result 127.0.0.9 = open proxy)
284	multihop.dsbl.org
266	relays.bl.kundenserver.de
261	spamsources.relays.osirusoft.com (union of all results)
251	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
244	cn-kr.blackholes.us (result 127.0.0.2 = China)
244	china.blackholes.us
241	spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
240	spam.wytnij.to
233	relays.ordb.org
232	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
219	flowgoaway.com
205	blacklist.spambag.org
200	relays.visi.com
195	opm.blitzed.org
182	3y.spam.mrs.kithrup.com
177	sbl.spamhaus.org
175	relays.osirusoft.com (result 127.0.0.6 = spamsites)
175	spamhaus.relays.osirusoft.com
163	http.opm.blitzed.org
158	blocktest.relays.osirusoft.com (not a blacklist!)
151	verio.blackholes.us
138	dev.null.dk
122	spamsources.fabel.dk
119	orbs.dorkslayers.com
116	level3.blackholes.us
105	brazil.blackholes.us
94	rackspace.blackholes.us
93	xo.blackholes.us
91	dun.dnsrbl.net
88	spamguard.leadmon.net (union of all results)
83	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
73	taiwan.blackholes.us
69	spamguard.leadmon.net (result 127.0.0.2 = dialup)
67	blackhole.compu.net
64	formmail.relays.monkeys.com
63	dialups.visi.com
62	internap.blackholes.us
61	ciberlynx.blackholes.us
60	rr.blackholes.us
49	argentina.blackholes.us
49	socks.opm.blitzed.org
44	dnsbl.njabl.org (result 127.0.0.3 = dialup)
43	dnsbl.delink.net
42	dialups.relays.osirusoft.com (union of all results)
36	dynablock.wirehub.net (result 127.0.0.2 = dialup)
36	japan.blackholes.us
36	inflow.blackholes.us
36	dynablock.wirehub.net (union of all results)
34	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
31	singapore.blackholes.us
30	dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
29	russia.blackholes.us
28	relays.osirusoft.com (result 127.0.0.3 = dialup)
27	eli.blackholes.us
20	nigeria.blackholes.us
18	spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
17	broadwing.blackholes.us
16	relays.dorkslayers.com
15	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
13	epoch.blackholes.us
12	dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
12	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
11	thailand.blackholes.us
9	he.blackholes.us
8	wanadoo-fr.blackholes.us
8	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
7	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
7	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
5	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
5	dialup.blacklist.jippg.org (union of all results)
4	valueweb.blackholes.us
4	wingate.opm.blitzed.org
4	proxies.relays.osirusoft.com
4	spamguard.leadmon.net (result 127.0.0.3 = spam source)
3	spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
3	relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
3	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
1	skynetweb.blackholes.us
1	spamsources.relays.osirusoft.com (result 127.0.0.9 = unconfirmed opt-in)
1	spamsites.relays.osirusoft.com (result 127.0.0.6)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
1	ex.dnsbl.org (result 127.0.0.2 = spamsites)
1	spamsites.relays.osirusoft.com (union of all results)

Hits	DNS Zone
5857	(total number of domains tested, including 236 at SDSC)
1034	(union of all domain zones)
418	whois.rfc-ignorant.org (union of all results)
416	abuse.rfc-ignorant.org
297	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
195	postmaster.rfc-ignorant.org
144	sender-domain.sjesl.monkeys.com
121	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
119	dsn.rfc-ignorant.org
94	helo-domain.sjesl.monkeys.com (zone not intended for this use)
65	client-domain.sjesl.monkeys.com (zone not intended for this use)
31	ex.dnsbl.org (union of all results)
24	ex.dnsbl.org (result 127.0.0.2 = spamsites)
7	bandwidth-pigs.monkeys.com
7	ex.dnsbl.org (result 127.0.0.3 = spam source)
1	in.dnsbl.org (result 127.0.0.2 = spam source)
1	in.dnsbl.org (union of all results)