Blacklists Compared

23 November 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

HitsDNS Zone
9294(total number of IP addresses tested, including 401 at SDSC)
5993(union of most IP zones)
4273xbl.selwerd.cx
3138blackholes.five-ten-sg.com (union of all results)
1617no-more-funn.moensted.dk (union of all results)
1576relays.osirusoft.com (union of all results)
1548bl.spamcop.net
1532blackholes.wirehub.net
1521block.blars.org
1103blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
1019unconfirmed.dsbl.org
1018work.drbl.croco.net
966ztl.dorkslayers.com
874cn-kr.blackholes.us (union of all results)
871blackholes.intersil.net
855relays.osirusoft.com (result 127.0.0.4 = spam source)
853ipwhois.rfc-ignorant.org
848blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
834no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
797dnsbl.njabl.org (union of all results)
758cw.blackholes.us
730list.dsbl.org
713blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
642spam.dnsrbl.net
577cn-kr.blackholes.us (result 127.0.0.3 = Korea)
577korea.blackholes.us
571korea.services.net
525spews.relays.osirusoft.com
501ybl.megacity.org
496sbl.spamhaus.org
454spamhaus.relays.osirusoft.com
453relays.osirusoft.com (result 127.0.0.6 = spamsites)
448spamsources.relays.osirusoft.com (union of all results)
447vox.schpider.com
430t1.bl.reynolds.net.au
426spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
425blackholes.uceb.org (union of all results)
394assholes.madscience.nl
386no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
381blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
368dnsbl.njabl.org (result 127.0.0.2 = source or relay)
349dnsbl.njabl.org (result 127.0.0.4 = spam source)
342no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
297cn-kr.blackholes.us (result 127.0.0.2 = China)
297china.blackholes.us
285spamsources.fabel.dk
259spam.wytnij.to
258dnsbl.delink.net
255blackholes.uceb.org (result 127.0.0.4 = spam organization)
254mail-abuse.blacklist.jippg.org
254multihop.dsbl.org
250opm.blitzed.org
244relays.osirusoft.com (result 127.0.0.9 = open proxy)
238socks.relays.osirusoft.com
234blacklist.spambag.org
227relays.osirusoft.com (result 127.0.0.2 = relay)
227inputs.relays.osirusoft.com
226relays.bl.kundenserver.de
225verio.blackholes.us
224flowgoaway.com
209relays.ordb.org
194relays.visi.com
1883y.spam.mrs.kithrup.com
181http.opm.blitzed.org
164blackhole.compu.net
154blocktest.relays.osirusoft.com (not a blacklist!)
141brazil.blackholes.us
126rackspace.blackholes.us
126internap.blackholes.us
115blackholes.uceb.org (result 127.0.0.3 = spam source)
109dun.dnsrbl.net
104dialups.visi.com
102orbs.dorkslayers.com
101rr.blackholes.us
92spamguard.leadmon.net (union of all results)
90level3.blackholes.us
88taiwan.blackholes.us
83spamguard.leadmon.net (result 127.0.0.2 = dialup)
77xo.blackholes.us
77blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
75socks.opm.blitzed.org
74blackholes.uceb.org (result 127.0.0.2 = relay)
65dnsbl.njabl.org (result 127.0.0.3 = dialup)
64dynablock.wirehub.net (result 127.0.0.2 = dialup)
64dynablock.wirehub.net (union of all results)
52dev.null.dk
52dialups.relays.osirusoft.com (union of all results)
46japan.blackholes.us
46dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
44argentina.blackholes.us
44formmail.relays.monkeys.com
43relays.osirusoft.com (result 127.0.0.3 = dialup)
39inflow.blackholes.us
39hongkong.blackholes.us
39inflow.noflow.org
35russia.blackholes.us
34cybercon.blackholes.us
33singapore.blackholes.us
31no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
27eli.blackholes.us
26above.blackholes.us
26spam.exsilia.net (result 127.0.0.2 = spam source)
26spam.exsilia.net (union of all results)
24nigeria.blackholes.us
24interbusiness.blackholes.us
22relays.dorkslayers.com
21ciberlynx.blackholes.us
21broadwing.blackholes.us
20spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
16spammers.v6net.org
16yipes.blackholes.us
14thailand.blackholes.us
13epoch.blackholes.us
11no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
10valuenet.blackholes.us
10pajo.blackholes.us
9he.blackholes.us
9dnsbl.njabl.org (result 127.0.0.9 = open proxy)
8wanadoo-fr.blackholes.us
8covad.blackholes.us
8no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
8blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
7spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
7dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
7blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
7dialup.blacklist.jippg.org (union of all results)
6malaysia.blackholes.us
6dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
5dnsbl.njabl.org (result 127.0.0.5 = relay output)
5no-more-funn.moensted.dk (result 127.0.0.9 = misc)
3valueweb.blackholes.us
3proxies.relays.osirusoft.com
2skynetweb.blackholes.us
2wingate.opm.blitzed.org
2spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
2spamguard.leadmon.net (result 127.0.0.3 = spam source)
1spamsources.relays.osirusoft.com (result 127.0.0.9 = unconfirmed opt-in)
1relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
1dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
1blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
1proxies.exsilia.net

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
9294(total number of IP addresses whose names were tested, including 401 at SDSC)
1794(union of all domain zones)
1368abuse.rfc-ignorant.org
552whois.rfc-ignorant.org (union of all results)
334whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
218whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
15dsn.rfc-ignorant.org (zone not intended for this use)
14postmaster.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
6186(total number of domains tested, including 183 at SDSC)
1001(union of all domain zones)
484abuse.rfc-ignorant.org
384whois.rfc-ignorant.org (union of all results)
295whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
224postmaster.rfc-ignorant.org
131dsn.rfc-ignorant.org
89whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
30ex.dnsbl.org (union of all results)
25ex.dnsbl.org (result 127.0.0.2 = spamsites)
5bandwidth-pigs.monkeys.com
5ex.dnsbl.org (result 127.0.0.3 = spam source)
3in.dnsbl.org (union of all results)
2in.dnsbl.org (result 127.0.0.6 = unconfirmed opt-in)
1in.dnsbl.org (result 127.0.0.2 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 26 November 2002.