Blacklists Compared, 19-Oct-02

Blacklists Compared

19 October 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

9026 (total number of IP addresses whose names were tested, including 463 at SDSC)
1741 (union of all domain zones)
1375 abuse.rfc-ignorant.org
507 whois.rfc-ignorant.org (union of all results)
281 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
226 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
11 postmaster.rfc-ignorant.org
9 dsn.rfc-ignorant.org (zone not intended for this use)
8 client-domain.sjesl.monkeys.com
4 sender-domain.sjesl.monkeys.com (zone not intended for this use)
4 helo-domain.sjesl.monkeys.com (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

6391 (total number of domains tested, including 219 at SDSC)
1048 (union of all domain zones)
426 whois.rfc-ignorant.org (union of all results)
395 abuse.rfc-ignorant.org
304 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
198 postmaster.rfc-ignorant.org
166 sender-domain.sjesl.monkeys.com
129 dsn.rfc-ignorant.org
122 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
104 helo-domain.sjesl.monkeys.com (zone not intended for this use)
73 client-domain.sjesl.monkeys.com (zone not intended for this use)
30 ex.dnsbl.org (union of all results)
23 ex.dnsbl.org (result 127.0.0.2 = spamsites)
9 bandwidth-pigs.monkeys.com
7 ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 22 October 2002.

Hits	DNS Zone
9026	(total number of IP addresses tested, including 463 at SDSC)
5630	(union of most IP zones)
3927	xbl.selwerd.cx
2784	blackholes.five-ten-sg.com (union of all results)
2120	bl.spamcop.net
1534	relays.osirusoft.com (union of all results)
1412	blackholes.wirehub.net
1384	block.blars.org
1354	no-more-funn.moensted.dk (union of all results)
1211	ztl.dorkslayers.com
1081	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
865	cn-kr.blackholes.us (union of all results)
863	dnsbl.njabl.org (union of all results)
824	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
818	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
816	unconfirmed.dsbl.org
801	blocktest.relays.osirusoft.com (not a blacklist!)
784	cw.blackholes.us
756	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
750	relays.osirusoft.com (result 127.0.0.4 = spam source)
673	spam.dnsrbl.net
650	blackholes.intersil.net
594	proxies.relays.monkeys.com
586	ipwhois.rfc-ignorant.org
527	ybl.megacity.org
511	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
511	korea.blackholes.us
507	korea.services.net
503	list.dsbl.org
449	blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
445	spews.relays.osirusoft.com
440	spamsources.relays.osirusoft.com (union of all results)
439	work.drbl.croco.net
423	t1.bl.reynolds.net.au
414	spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
396	relays.osirusoft.com (result 127.0.0.2 = relay)
396	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
393	inputs.relays.osirusoft.com
354	cn-kr.blackholes.us (result 127.0.0.2 = China)
354	china.blackholes.us
353	assholes.madscience.nl
318	relays.osirusoft.com (result 127.0.0.9 = open proxy)
314	mail-abuse.blacklist.jippg.org
309	socks.relays.osirusoft.com
308	relays.ordb.org
305	relays.bl.kundenserver.de
276	relays.visi.com
276	multihop.dsbl.org
260	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
249	spam.wytnij.to
247	flowgoaway.com
230	opm.blitzed.org
221	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
215	sbl.spamhaus.org
214	dnsbl.delink.net
211	spamhaus.relays.osirusoft.com
208	blacklist.spambag.org
196	relays.osirusoft.com (result 127.0.0.6 = spamsites)
184	3y.spam.mrs.kithrup.com
167	http.opm.blitzed.org
159	orbs.dorkslayers.com
150	verio.blackholes.us
131	brazil.blackholes.us
130	dev.null.dk
128	spamsources.fabel.dk
107	level3.blackholes.us
97	internap.blackholes.us
92	dun.dnsrbl.net
91	spamguard.leadmon.net (union of all results)
88	ciberlynx.blackholes.us
84	taiwan.blackholes.us
82	xo.blackholes.us
80	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
79	rr.blackholes.us
78	rackspace.blackholes.us
75	socks.opm.blitzed.org
74	blackhole.compu.net
73	spamguard.leadmon.net (result 127.0.0.2 = dialup)
69	dialups.visi.com
67	formmail.relays.monkeys.com
55	argentina.blackholes.us
46	japan.blackholes.us
44	dialups.relays.osirusoft.com (union of all results)
39	dnsbl.njabl.org (result 127.0.0.3 = dialup)
37	inflow.blackholes.us
35	dynablock.wirehub.net (result 127.0.0.2 = dialup)
35	hongkong.blackholes.us
35	dynablock.wirehub.net (union of all results)
34	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
33	dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
29	relays.osirusoft.com (result 127.0.0.3 = dialup)
28	russia.blackholes.us
25	relays.dorkslayers.com
24	singapore.blackholes.us
23	nigeria.blackholes.us
21	spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
16	broadwing.blackholes.us
15	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
14	eli.blackholes.us
14	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
12	he.blackholes.us
11	epoch.blackholes.us
11	dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
9	wanadoo-fr.blackholes.us
9	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
8	thailand.blackholes.us
8	malaysia.blackholes.us
7	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
7	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
7	dialup.blacklist.jippg.org (union of all results)
6	proxies.relays.osirusoft.com
6	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
5	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
4	wingate.opm.blitzed.org
4	spamsources.relays.osirusoft.com (result 127.0.0.9 = unconfirmed opt-in)
4	relays.osirusoft.com (result 127.0.0.5 = relay output)
3	valueweb.blackholes.us
3	spamguard.leadmon.net (result 127.0.0.3 = spam source)
2	spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
2	relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
1	skynetweb.blackholes.us
1	spamsites.relays.osirusoft.com (result 127.0.0.6)
1	dialup.blacklist.jippg.org (result 127.0.0.4 = dialup in Japan)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
1	spamsites.relays.osirusoft.com (union of all results)

Hits	DNS Zone
6391	(total number of domains tested, including 219 at SDSC)
1048	(union of all domain zones)
426	whois.rfc-ignorant.org (union of all results)
395	abuse.rfc-ignorant.org
304	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
198	postmaster.rfc-ignorant.org
166	sender-domain.sjesl.monkeys.com
129	dsn.rfc-ignorant.org
122	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
104	helo-domain.sjesl.monkeys.com (zone not intended for this use)
73	client-domain.sjesl.monkeys.com (zone not intended for this use)
30	ex.dnsbl.org (union of all results)
23	ex.dnsbl.org (result 127.0.0.2 = spamsites)
9	bandwidth-pigs.monkeys.com
7	ex.dnsbl.org (result 127.0.0.3 = spam source)