Blacklists Compared

28 December 2002

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx zone because it is too aggressive to be widely useful, and excludes the blocktest.relays.osirusoft.com zone because it is not a blacklist.

HitsDNS Zone
7104(total number of IP addresses tested, including 320 at SDSC)
4979(union of most IP zones)
3542xbl.selwerd.cx
2915blackholes.five-ten-sg.com (union of all results)
1853blackholes.wirehub.net
1643relays.osirusoft.com (union of all results)
1576no-more-funn.moensted.dk (union of all results)
1460bl.spamcop.net
1131assholes.madscience.nl
1127block.blars.org
1080unconfirmed.dsbl.org
1055relays.osirusoft.com (result 127.0.0.4 = spam source)
1053blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
993blackholes.intersil.net
981ztl.dorkslayers.com
914list.dsbl.org
864cn-kr.blackholes.us (union of all results)
856no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
836blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
820spews.relays.osirusoft.com
814sbl.spamhaus.org
809dnsbl.njabl.org (union of all results)
697ipwhois.rfc-ignorant.org
690blackholes.five-ten-sg.com (result 127.0.0.3 = dialup)
648dnsbl.sorbs.net (union of all results)
547spam.dnsrbl.net
536cn-kr.blackholes.us (result 127.0.0.3 = Korea)
536korea.blackholes.us
533korea.services.net
527t1.bl.reynolds.net.au
482dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
469dnsbl.njabl.org (result 127.0.0.4 = spam source)
468work.drbl.croco.net
443cw.blackholes.us
413spamsources.fabel.dk
383blackholes.uceb.org (union of all results)
382opm.blitzed.org
372relays.osirusoft.com (result 127.0.0.9 = open proxy)
370socks.relays.osirusoft.com
328cn-kr.blackholes.us (result 127.0.0.2 = China)
328china.blackholes.us
307spamsources.relays.osirusoft.com (union of all results)
306http.opm.blitzed.org
300no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
294spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
276ybl.megacity.org
275blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
271dnsbl.njabl.org (result 127.0.0.2 = source or relay)
251spam.wytnij.to
245relays.osirusoft.com (result 127.0.0.2 = relay)
245inputs.relays.osirusoft.com
236no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
230dnsbl.delink.net
220dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
209blackholes.uceb.org (result 127.0.0.4 = spam organization)
209mail-abuse.blacklist.jippg.org
204blacklist.spambag.org
190rackspace.blackholes.us
188flowgoaway.com
164relays.bl.kundenserver.de
1623y.spam.mrs.kithrup.com
155multihop.dsbl.org
137blocktest.relays.osirusoft.com (not a blacklist!)
133blackholes.uceb.org (result 127.0.0.3 = spam source)
129verio.blackholes.us
124relays.ordb.org
120internap.blackholes.us
111brazil.blackholes.us
106no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
102blackhole.compu.net
95socks.opm.blitzed.org
91spamguard.leadmon.net (union of all results)
88vox.schpider.com
87dun.dnsrbl.net
83rr.blackholes.us
80taiwan.blackholes.us
79spamguard.leadmon.net (result 127.0.0.2 = dialup)
73level3.blackholes.us
69dialups.visi.com
66orbs.dorkslayers.com
62dnsbl.njabl.org (result 127.0.0.3 = dialup)
53dynablock.wirehub.net (result 127.0.0.2 = dialup)
53blackholes.uceb.org (result 127.0.0.2 = relay)
53dynablock.wirehub.net (union of all results)
50xo.blackholes.us
49japan.blackholes.us
46russia.blackholes.us
46tr.countries.nerd.dk
46blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
44argentina.blackholes.us
41no-more-funn.moensted.dk (result 127.0.0.9 = misc)
41dialups.relays.osirusoft.com (union of all results)
37dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
32spammers.v6net.org
31formmail.relays.monkeys.com
30relays.osirusoft.com (result 127.0.0.3 = dialup)
26hongkong.blackholes.us
25interbusiness.blackholes.us
25cybercon.blackholes.us
25broadwing.blackholes.us
24singapore.blackholes.us
24inflow.blackholes.us
24inflow.noflow.org
23dnsbl.sorbs.net (result 127.0.0.6 = spam source)
21dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
21spam.exsilia.net (result 127.0.0.2 = spam source)
21spam.exsilia.net (union of all results)
18above.blackholes.us
18no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
17he.blackholes.us
16dev.null.dk
15eli.blackholes.us
13no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
12spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
12spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
11yipes.blackholes.us
11relays.osirusoft.com (result 127.0.0.6 = spamsites)
11blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
10wanadoo-fr.blackholes.us
9covad.blackholes.us
9ph.rbl.cluecentral.net
8valuenet.blackholes.us
8thailand.blackholes.us
8relays.dorkslayers.com
7pajo.blackholes.us
7dnsbl.njabl.org (result 127.0.0.9 = open proxy)
6epoch.blackholes.us
6affinity.blackholes.us
5malaysia.blackholes.us
5ciberlynx.blackholes.us
4nigeria.blackholes.us
4wingate.opm.blitzed.org
4proxies.relays.osirusoft.com
4dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
4blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
3valueweb.blackholes.us
3spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
3dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
3no-more-funn.moensted.dk (result 127.0.0.11 = repeated probes)
3no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
3dialup.blacklist.jippg.org (union of all results)
2spamsites.relays.osirusoft.com (result 127.0.0.6)
2relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
2spamsites.relays.osirusoft.com (union of all results)
1skynetweb.blackholes.us
1proxies.exsilia.net

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
7104(total number of IP addresses whose names were tested, including 320 at SDSC)
1276(union of all domain zones)
1042abuse.rfc-ignorant.org
337whois.rfc-ignorant.org (union of all results)
197whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
140whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
11postmaster.rfc-ignorant.org
10dsn.rfc-ignorant.org (zone not intended for this use)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
4521(total number of domains tested, including 158 at SDSC)
849(union of all domain zones)
432abuse.rfc-ignorant.org
280whois.rfc-ignorant.org (union of all results)
239postmaster.rfc-ignorant.org
201whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
174dsn.rfc-ignorant.org
79whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
25ex.dnsbl.org (union of all results)
19ex.dnsbl.org (result 127.0.0.2 = spamsites)
7bandwidth-pigs.monkeys.com
6ex.dnsbl.org (result 127.0.0.3 = spam source)
3in.dnsbl.org (union of all results)
2in.dnsbl.org (result 127.0.0.2 = spam source)
1in.dnsbl.org (result 127.0.0.6 = unconfirmed opt-in)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 30 December 2002.