Blacklists Compared

7 December 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

HitsDNS Zone
9558(total number of IP addresses tested, including 432 at SDSC)
6126(union of most IP zones)
4539xbl.selwerd.cx
3313blackholes.five-ten-sg.com (union of all results)
1842relays.osirusoft.com (union of all results)
1701blackholes.wirehub.net
1678no-more-funn.moensted.dk (union of all results)
1650bl.spamcop.net
1482block.blars.org
1317ztl.dorkslayers.com
1196blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
1164unconfirmed.dsbl.org
1018ipwhois.rfc-ignorant.org
996blackholes.intersil.net
981relays.osirusoft.com (result 127.0.0.4 = spam source)
949assholes.madscience.nl
948dnsbl.njabl.org (union of all results)
940cn-kr.blackholes.us (union of all results)
916no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
910list.dsbl.org
850blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
783blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
775sbl.spamhaus.org
711spews.relays.osirusoft.com
666cw.blackholes.us
630spam.dnsrbl.net
614cn-kr.blackholes.us (result 127.0.0.3 = Korea)
614korea.blackholes.us
607korea.services.net
589t1.bl.reynolds.net.au
481blackholes.uceb.org (union of all results)
474relays.osirusoft.com (result 127.0.0.6 = spamsites)
465spamsources.fabel.dk
458spamhaus.relays.osirusoft.com
442dnsbl.njabl.org (result 127.0.0.4 = spam source)
416ybl.megacity.org
415dnsbl.njabl.org (result 127.0.0.2 = source or relay)
409relays.osirusoft.com (result 127.0.0.9 = open proxy)
408socks.relays.osirusoft.com
382blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
365blocktest.relays.osirusoft.com (not a blacklist!)
352spamsources.relays.osirusoft.com (union of all results)
339spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
328no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
326cn-kr.blackholes.us (result 127.0.0.2 = China)
326china.blackholes.us
315work.drbl.croco.net
311spam.wytnij.to
304no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
299blacklist.spambag.org
294relays.osirusoft.com (result 127.0.0.2 = relay)
294inputs.relays.osirusoft.com
294mail-abuse.blacklist.jippg.org
291opm.blitzed.org
287blackholes.uceb.org (result 127.0.0.4 = spam organization)
266dnsbl.delink.net
255vox.schpider.com
253relays.bl.kundenserver.de
223multihop.dsbl.org
222flowgoaway.com
211http.opm.blitzed.org
194verio.blackholes.us
186relays.ordb.org
1843y.spam.mrs.kithrup.com
166relays.visi.com
151blackhole.compu.net
146internap.blackholes.us
145rackspace.blackholes.us
142blackholes.uceb.org (result 127.0.0.3 = spam source)
140brazil.blackholes.us
116spamguard.leadmon.net (union of all results)
103rr.blackholes.us
103socks.opm.blitzed.org
98level3.blackholes.us
97spamguard.leadmon.net (result 127.0.0.2 = dialup)
88xo.blackholes.us
87orbs.dorkslayers.com
84no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
81taiwan.blackholes.us
73dialups.visi.com
73blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
72dun.dnsrbl.net
70blackholes.uceb.org (result 127.0.0.2 = relay)
70dnsbl.njabl.org (result 127.0.0.3 = dialup)
64dynablock.wirehub.net (result 127.0.0.2 = dialup)
64dynablock.wirehub.net (union of all results)
60japan.blackholes.us
54dialups.relays.osirusoft.com (union of all results)
51argentina.blackholes.us
50dev.null.dk
48dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
45relays.osirusoft.com (result 127.0.0.3 = dialup)
41formmail.relays.monkeys.com
39russia.blackholes.us
35inflow.blackholes.us
35hongkong.blackholes.us
35inflow.noflow.org
32cybercon.blackholes.us
28above.blackholes.us
27ciberlynx.blackholes.us
26nigeria.blackholes.us
26eli.blackholes.us
25singapore.blackholes.us
23spam.exsilia.net (result 127.0.0.2 = spam source)
23spam.exsilia.net (union of all results)
22yipes.blackholes.us
21broadwing.blackholes.us
20no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
17spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
17blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
16he.blackholes.us
15interbusiness.blackholes.us
15dnsbl.njabl.org (result 127.0.0.9 = open proxy)
14spammers.v6net.org
13wanadoo-fr.blackholes.us
13relays.dorkslayers.com
12valuenet.blackholes.us
12epoch.blackholes.us
12no-more-funn.moensted.dk (result 127.0.0.9 = misc)
12no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
12blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
10thailand.blackholes.us
10pajo.blackholes.us
10spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
8malaysia.blackholes.us
8covad.blackholes.us
6valueweb.blackholes.us
6dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
6dnsbl.njabl.org (result 127.0.0.5 = relay output)
6dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
6dialup.blacklist.jippg.org (union of all results)
3wingate.opm.blitzed.org
3spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
2skynetweb.blackholes.us
2proxies.relays.osirusoft.com
2relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
2spamguard.leadmon.net (result 127.0.0.3 = spam source)
2no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
1spamsources.relays.osirusoft.com (result 127.0.0.9 = unconfirmed opt-in)
1spamsites.relays.osirusoft.com (result 127.0.0.6)
1spamsites.relays.osirusoft.com (union of all results)

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
9558(total number of IP addresses whose names were tested, including 432 at SDSC)
1717(union of all domain zones)
1335abuse.rfc-ignorant.org
503whois.rfc-ignorant.org (union of all results)
311whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
192whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
19postmaster.rfc-ignorant.org
19dsn.rfc-ignorant.org (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
6265(total number of domains tested, including 206 at SDSC)
1027(union of all domain zones)
543abuse.rfc-ignorant.org
358whois.rfc-ignorant.org (union of all results)
272whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
269postmaster.rfc-ignorant.org
169dsn.rfc-ignorant.org
86whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
30ex.dnsbl.org (union of all results)
24ex.dnsbl.org (result 127.0.0.2 = spamsites)
6bandwidth-pigs.monkeys.com
6ex.dnsbl.org (result 127.0.0.3 = spam source)
4in.dnsbl.org (union of all results)
2in.dnsbl.org (result 127.0.0.2 = spam source)
2in.dnsbl.org (result 127.0.0.6 = unconfirmed opt-in)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 9 December 2002.