Blacklists Compared

16 November 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

HitsDNS Zone
9434(total number of IP addresses tested, including 447 at SDSC)
5895(union of most IP zones)
4305xbl.selwerd.cx
3177blackholes.five-ten-sg.com (union of all results)
1677bl.spamcop.net
1611no-more-funn.moensted.dk (union of all results)
1514relays.osirusoft.com (union of all results)
1506blackholes.wirehub.net
1485block.blars.org
1109blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
1056work.drbl.croco.net
1024ztl.dorkslayers.com
965unconfirmed.dsbl.org
878relays.osirusoft.com (result 127.0.0.4 = spam source)
864blackholes.intersil.net
849no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
838dnsbl.njabl.org (union of all results)
820ipwhois.rfc-ignorant.org
818blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
769blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
731cw.blackholes.us
677cn-kr.blackholes.us (union of all results)
605list.dsbl.org
590korea.services.net
576spews.relays.osirusoft.com
521spam.dnsrbl.net
479blackholes.uceb.org (union of all results)
473cn-kr.blackholes.us (result 127.0.0.3 = Korea)
472korea.blackholes.us
470t1.bl.reynolds.net.au
465ybl.megacity.org
421spamsources.relays.osirusoft.com (union of all results)
412assholes.madscience.nl
404sbl.spamhaus.org
402spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
399dnsbl.njabl.org (result 127.0.0.2 = source or relay)
393no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
378blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
369relays.osirusoft.com (result 127.0.0.6 = spamsites)
369spamhaus.relays.osirusoft.com
348dnsbl.njabl.org (result 127.0.0.4 = spam source)
314no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
288spam.wytnij.to
282blackholes.uceb.org (result 127.0.0.4 = spam organization)
278spamsources.fabel.dk
267relays.osirusoft.com (result 127.0.0.9 = open proxy)
266multihop.dsbl.org
264socks.relays.osirusoft.com
264mail-abuse.blacklist.jippg.org
252blacklist.spambag.org
249relays.bl.kundenserver.de
248opm.blitzed.org
246dnsbl.delink.net
236relays.osirusoft.com (result 127.0.0.2 = relay)
236inputs.relays.osirusoft.com
224flowgoaway.com
221relays.ordb.org
205china.blackholes.us
204cn-kr.blackholes.us (result 127.0.0.2 = China)
201relays.visi.com
199verio.blackholes.us
1883y.spam.mrs.kithrup.com
185http.opm.blitzed.org
168brazil.blackholes.us
132blackholes.uceb.org (result 127.0.0.3 = spam source)
128dialups.visi.com
123rackspace.blackholes.us
121orbs.dorkslayers.com
112blocktest.relays.osirusoft.com (not a blacklist!)
104internap.blackholes.us
102spamguard.leadmon.net (union of all results)
101blackhole.compu.net
95level3.blackholes.us
87spamguard.leadmon.net (result 127.0.0.2 = dialup)
83dev.null.dk
83blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
82blackholes.uceb.org (result 127.0.0.2 = relay)
71xo.blackholes.us
70vox.schpider.com
69dnsbl.njabl.org (result 127.0.0.3 = dialup)
60dynablock.wirehub.net (result 127.0.0.2 = dialup)
60dynablock.wirehub.net (union of all results)
59japan.blackholes.us
59socks.opm.blitzed.org
58rr.blackholes.us
48formmail.relays.monkeys.com
43dialups.relays.osirusoft.com (union of all results)
42taiwan.blackholes.us
41dun.dnsrbl.net
36no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
35inflow.blackholes.us
35dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
35inflow.noflow.org
33russia.blackholes.us
32relays.osirusoft.com (result 127.0.0.3 = dialup)
31singapore.blackholes.us
30cybercon.blackholes.us
29hongkong.blackholes.us
27ciberlynx.blackholes.us
27argentina.blackholes.us
27above.blackholes.us
27spam.exsilia.net (result 127.0.0.2 = spam source)
27spam.exsilia.net (union of all results)
25yipes.blackholes.us
24interbusiness.blackholes.us
24relays.dorkslayers.com
22eli.blackholes.us
19nigeria.blackholes.us
18thailand.blackholes.us
16he.blackholes.us
16spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
15spammers.v6net.org
15dnsbl.njabl.org (result 127.0.0.9 = open proxy)
15spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
13valuenet.blackholes.us
12broadwing.blackholes.us
12blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
11malaysia.blackholes.us
11no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
8pajo.blackholes.us
8covad.blackholes.us
8dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
7no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
7blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
6wanadoo-fr.blackholes.us
6epoch.blackholes.us
6proxies.relays.osirusoft.com
6dnsbl.njabl.org (result 127.0.0.5 = relay output)
5wingate.opm.blitzed.org
3spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
3relays.osirusoft.com (result 127.0.0.5 = relay output)
2valueweb.blackholes.us
2relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
2dialup.blacklist.jippg.org (union of all results)
1spamsources.relays.osirusoft.com (result 127.0.0.9 = unconfirmed opt-in)
1spamsites.relays.osirusoft.com (result 127.0.0.6)
1dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
1dialup.blacklist.jippg.org (result 127.0.0.4 = dialup in Japan)
1dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
1no-more-funn.moensted.dk (result 127.0.0.9 = misc)
1blackholes.five-ten-sg.com (result 127.0.0.6 = relay)
1spamsites.relays.osirusoft.com (union of all results)

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
9434(total number of IP addresses whose names were tested, including 447 at SDSC)
1766(union of all domain zones)
1352abuse.rfc-ignorant.org
540whois.rfc-ignorant.org (union of all results)
339whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
201whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
12postmaster.rfc-ignorant.org
11dsn.rfc-ignorant.org (zone not intended for this use)
1helo-domain.sjesl.monkeys.com (zone not intended for this use)
1client-domain.sjesl.monkeys.com

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
6084(total number of domains tested, including 226 at SDSC)
942(union of all domain zones)
443abuse.rfc-ignorant.org
382whois.rfc-ignorant.org (union of all results)
292whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
211postmaster.rfc-ignorant.org
110dsn.rfc-ignorant.org
90whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
25ex.dnsbl.org (union of all results)
19ex.dnsbl.org (result 127.0.0.2 = spamsites)
6bandwidth-pigs.monkeys.com
6ex.dnsbl.org (result 127.0.0.3 = spam source)
1in.dnsbl.org (result 127.0.0.2 = spam source)
1in.dnsbl.org (union of all results)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 19 November 2002.