Blacklists Compared, 26-Oct-02

Blacklists Compared

26 October 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

8822 (total number of IP addresses whose names were tested, including 456 at SDSC)
1708 (union of all domain zones)
1367 abuse.rfc-ignorant.org
467 whois.rfc-ignorant.org (union of all results)
280 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
187 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
10 client-domain.sjesl.monkeys.com
6 postmaster.rfc-ignorant.org
6 dsn.rfc-ignorant.org (zone not intended for this use)
5 sender-domain.sjesl.monkeys.com (zone not intended for this use)
4 helo-domain.sjesl.monkeys.com (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

6164 (total number of domains tested, including 231 at SDSC)
1028 (union of all domain zones)
416 whois.rfc-ignorant.org (union of all results)
404 abuse.rfc-ignorant.org
295 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
190 postmaster.rfc-ignorant.org
167 sender-domain.sjesl.monkeys.com
121 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
118 dsn.rfc-ignorant.org
103 helo-domain.sjesl.monkeys.com (zone not intended for this use)
77 client-domain.sjesl.monkeys.com (zone not intended for this use)
28 ex.dnsbl.org (union of all results)
21 ex.dnsbl.org (result 127.0.0.2 = spamsites)
7 bandwidth-pigs.monkeys.com
7 ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 29 October 2002.

Hits	DNS Zone
8822	(total number of IP addresses tested, including 456 at SDSC)
5500	(union of most IP zones)
3845	xbl.selwerd.cx
2764	blackholes.five-ten-sg.com (union of all results)
1608	relays.osirusoft.com (union of all results)
1502	bl.spamcop.net
1450	block.blars.org
1416	blackholes.wirehub.net
1307	no-more-funn.moensted.dk (union of all results)
1150	ztl.dorkslayers.com
1124	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
888	dnsbl.njabl.org (union of all results)
838	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
832	blocktest.relays.osirusoft.com (not a blacklist!)
832	cn-kr.blackholes.us (union of all results)
799	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
781	cw.blackholes.us
761	relays.osirusoft.com (result 127.0.0.4 = spam source)
749	ipwhois.rfc-ignorant.org
747	unconfirmed.dsbl.org
714	blackholes.intersil.net
713	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
631	spam.dnsrbl.net
564	proxies.relays.monkeys.com
505	spews.relays.osirusoft.com
500	ybl.megacity.org
484	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
484	korea.blackholes.us
478	korea.services.net
458	blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
456	list.dsbl.org
439	t1.bl.reynolds.net.au
436	work.drbl.croco.net
430	spamsources.relays.osirusoft.com (union of all results)
406	spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
390	relays.osirusoft.com (result 127.0.0.2 = relay)
390	inputs.relays.osirusoft.com
376	relays.osirusoft.com (result 127.0.0.9 = open proxy)
371	socks.relays.osirusoft.com
364	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
348	cn-kr.blackholes.us (result 127.0.0.2 = China)
348	china.blackholes.us
340	assholes.madscience.nl
317	mail-abuse.blacklist.jippg.org
315	relays.bl.kundenserver.de
293	relays.ordb.org
278	sbl.spamhaus.org
275	spamhaus.relays.osirusoft.com
268	relays.osirusoft.com (result 127.0.0.6 = spamsites)
254	multihop.dsbl.org
245	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
237	opm.blitzed.org
236	spam.wytnij.to
230	dnsbl.delink.net
217	blacklist.spambag.org
216	relays.visi.com
216	flowgoaway.com
214	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
178	http.opm.blitzed.org
162	3y.spam.mrs.kithrup.com
156	orbs.dorkslayers.com
149	brazil.blackholes.us
148	verio.blackholes.us
133	spamsources.fabel.dk
119	dev.null.dk
108	internap.blackholes.us
104	level3.blackholes.us
102	spamguard.leadmon.net (union of all results)
101	xo.blackholes.us
100	ciberlynx.blackholes.us
96	blackhole.compu.net
89	taiwan.blackholes.us
86	spamguard.leadmon.net (result 127.0.0.2 = dialup)
85	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
79	rackspace.blackholes.us
72	dialups.visi.com
71	socks.opm.blitzed.org
67	argentina.blackholes.us
66	dun.dnsrbl.net
59	japan.blackholes.us
58	rr.blackholes.us
50	dnsbl.njabl.org (result 127.0.0.3 = dialup)
47	formmail.relays.monkeys.com
44	russia.blackholes.us
42	dialups.relays.osirusoft.com (union of all results)
34	he.blackholes.us
33	dynablock.wirehub.net (result 127.0.0.2 = dialup)
33	inflow.blackholes.us
33	dynablock.wirehub.net (union of all results)
32	hongkong.blackholes.us
30	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
29	dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
24	relays.osirusoft.com (result 127.0.0.3 = dialup)
23	singapore.blackholes.us
23	nigeria.blackholes.us
22	spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
20	malaysia.blackholes.us
20	relays.dorkslayers.com
15	broadwing.blackholes.us
13	dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
12	eli.blackholes.us
12	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
12	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
11	epoch.blackholes.us
10	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
8	wanadoo-fr.blackholes.us
7	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
6	thailand.blackholes.us
6	proxies.relays.osirusoft.com
6	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
4	relays.osirusoft.com (result 127.0.0.5 = relay output)
4	spamguard.leadmon.net (result 127.0.0.3 = spam source)
3	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
2	valueweb.blackholes.us
2	spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
1	skynetweb.blackholes.us
1	wingate.opm.blitzed.org
1	spamsources.relays.osirusoft.com (result 127.0.0.9 = unconfirmed opt-in)
1	spamsites.relays.osirusoft.com (result 127.0.0.6)
1	relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
1	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
1	spamsites.relays.osirusoft.com (union of all results)
1	dialup.blacklist.jippg.org (union of all results)

Hits	DNS Zone
6164	(total number of domains tested, including 231 at SDSC)
1028	(union of all domain zones)
416	whois.rfc-ignorant.org (union of all results)
404	abuse.rfc-ignorant.org
295	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
190	postmaster.rfc-ignorant.org
167	sender-domain.sjesl.monkeys.com
121	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
118	dsn.rfc-ignorant.org
103	helo-domain.sjesl.monkeys.com (zone not intended for this use)
77	client-domain.sjesl.monkeys.com (zone not intended for this use)
28	ex.dnsbl.org (union of all results)
21	ex.dnsbl.org (result 127.0.0.2 = spamsites)
7	bandwidth-pigs.monkeys.com
7	ex.dnsbl.org (result 127.0.0.3 = spam source)