Blacklists Compared

30 November 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

HitsDNS Zone
8351(total number of IP addresses tested, including 403 at SDSC)
5482(union of most IP zones)
3960xbl.selwerd.cx
3056blackholes.five-ten-sg.com (union of all results)
1689relays.osirusoft.com (union of all results)
1573no-more-funn.moensted.dk (union of all results)
1432bl.spamcop.net
1410block.blars.org
1338blackholes.wirehub.net
1173blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
1035unconfirmed.dsbl.org
968ztl.dorkslayers.com
914cn-kr.blackholes.us (union of all results)
895ipwhois.rfc-ignorant.org
884relays.osirusoft.com (result 127.0.0.4 = spam source)
875no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
810blackholes.intersil.net
798dnsbl.njabl.org (union of all results)
785list.dsbl.org
721blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
706blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
652spam.dnsrbl.net
618blocktest.relays.osirusoft.com (not a blacklist!)
598cw.blackholes.us
591cn-kr.blackholes.us (result 127.0.0.3 = Korea)
591korea.blackholes.us
587korea.services.net
574spews.relays.osirusoft.com
523sbl.spamhaus.org
492t1.bl.reynolds.net.au
477assholes.madscience.nl
470spamhaus.relays.osirusoft.com
465relays.osirusoft.com (result 127.0.0.6 = spamsites)
443blackholes.uceb.org (union of all results)
432vox.schpider.com
420spamsources.relays.osirusoft.com (union of all results)
407spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
406ybl.megacity.org
372dnsbl.njabl.org (result 127.0.0.2 = source or relay)
359no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
352dnsbl.njabl.org (result 127.0.0.4 = spam source)
352blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
351relays.osirusoft.com (result 127.0.0.9 = open proxy)
348socks.relays.osirusoft.com
325spamsources.fabel.dk
323cn-kr.blackholes.us (result 127.0.0.2 = China)
323china.blackholes.us
286blacklist.spambag.org
275work.drbl.croco.net
273mail-abuse.blacklist.jippg.org
270no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
268relays.osirusoft.com (result 127.0.0.2 = relay)
268inputs.relays.osirusoft.com
258spam.wytnij.to
256blackholes.uceb.org (result 127.0.0.4 = spam organization)
255dnsbl.delink.net
254opm.blitzed.org
229multihop.dsbl.org
223flowgoaway.com
209http.opm.blitzed.org
209relays.bl.kundenserver.de
205relays.ordb.org
193relays.visi.com
166verio.blackholes.us
1453y.spam.mrs.kithrup.com
138blackholes.uceb.org (result 127.0.0.3 = spam source)
133blackhole.compu.net
129brazil.blackholes.us
121spamguard.leadmon.net (union of all results)
117internap.blackholes.us
110dialups.visi.com
104rackspace.blackholes.us
103spamguard.leadmon.net (result 127.0.0.2 = dialup)
101dun.dnsrbl.net
93rr.blackholes.us
93socks.opm.blitzed.org
91taiwan.blackholes.us
87orbs.dorkslayers.com
86blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
84level3.blackholes.us
68dialups.relays.osirusoft.com (union of all results)
65blackholes.uceb.org (result 127.0.0.2 = relay)
64dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
62dynablock.wirehub.net (result 127.0.0.2 = dialup)
62dynablock.wirehub.net (union of all results)
61relays.osirusoft.com (result 127.0.0.3 = dialup)
60dnsbl.njabl.org (result 127.0.0.3 = dialup)
59xo.blackholes.us
54japan.blackholes.us
48dev.null.dk
47argentina.blackholes.us
42formmail.relays.monkeys.com
36cybercon.blackholes.us
34russia.blackholes.us
33inflow.blackholes.us
33inflow.noflow.org
32hongkong.blackholes.us
30no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
28singapore.blackholes.us
26ciberlynx.blackholes.us
24nigeria.blackholes.us
24broadwing.blackholes.us
24above.blackholes.us
23spammers.v6net.org
21no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
21spam.exsilia.net (result 127.0.0.2 = spam source)
21spam.exsilia.net (union of all results)
20eli.blackholes.us
17spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
14yipes.blackholes.us
14valuenet.blackholes.us
14interbusiness.blackholes.us
14covad.blackholes.us
14relays.dorkslayers.com
13blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
12pajo.blackholes.us
12epoch.blackholes.us
12spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
12dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
12no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
12dialup.blacklist.jippg.org (union of all results)
11he.blackholes.us
10thailand.blackholes.us
9malaysia.blackholes.us
8wanadoo-fr.blackholes.us
8dnsbl.njabl.org (result 127.0.0.9 = open proxy)
5wingate.opm.blitzed.org
5dnsbl.njabl.org (result 127.0.0.5 = relay output)
4dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
4no-more-funn.moensted.dk (result 127.0.0.9 = misc)
4blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
3valueweb.blackholes.us
3proxies.relays.osirusoft.com
2spamsites.relays.osirusoft.com (result 127.0.0.6)
2no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
2spamsites.relays.osirusoft.com (union of all results)
1spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
1relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
1dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
1spamguard.leadmon.net (result 127.0.0.3 = spam source)
1blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
1proxies.exsilia.net

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
8351(total number of IP addresses whose names were tested, including 403 at SDSC)
1593(union of all domain zones)
1229abuse.rfc-ignorant.org
500whois.rfc-ignorant.org (union of all results)
311whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
189whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
12postmaster.rfc-ignorant.org
7dsn.rfc-ignorant.org (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
5351(total number of domains tested, including 184 at SDSC)
941(union of all domain zones)
458abuse.rfc-ignorant.org
347whois.rfc-ignorant.org (union of all results)
266whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
242postmaster.rfc-ignorant.org
145dsn.rfc-ignorant.org
81whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
34ex.dnsbl.org (union of all results)
29ex.dnsbl.org (result 127.0.0.2 = spamsites)
9bandwidth-pigs.monkeys.com
5ex.dnsbl.org (result 127.0.0.3 = spam source)
3in.dnsbl.org (union of all results)
2in.dnsbl.org (result 127.0.0.2 = spam source)
1in.dnsbl.org (result 127.0.0.6 = unconfirmed opt-in)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 2 December 2002.