Blacklists Compared, 12-Jul-03

Blacklists Compared

12 July 2003

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx and block.blars.org zones zone because they are too aggressive to be widely useful, and the blocktest.relays.osirusoft.com and query.bondedsender.org zones are also excluded because they are not blacklists.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

13119 (total number of IP addresses whose names were tested, including 397 at SDSC)
3912 (union of all domain zones)
2662 abuse.rfc-ignorant.org
1207 rddn.bl.reynolds.net.au
828 whois.rfc-ignorant.org (union of all results)
433 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
395 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
250 bulk.rhs.mailpolice.com
105 porn.rhs.mailpolice.com
98 bl.deadbeef.com
31 dsn.rfc-ignorant.org (zone not intended for this use)
14 postmaster.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

8123 (total number of domains tested, including 197 at SDSC)
1658 (union of all domain zones)
720 abuse.rfc-ignorant.org
611 whois.rfc-ignorant.org (union of all results)
502 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
410 postmaster.rfc-ignorant.org
374 dsn.rfc-ignorant.org
109 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
37 ex.dnsbl.org (union of all results)
35 ex.dnsbl.org (result 127.0.0.2 = spamsites)
34 bl.deadbeef.com
24 rddn.bl.reynolds.net.au (zone not intended for this use)
9 bandwidth-pigs.monkeys.com
5 in.dnsbl.org (union of all results)
4 in.dnsbl.org (result 127.0.0.6 = unconfirmed opt-in)
2 ex.dnsbl.org (result 127.0.0.3 = spam source)
1 in.dnsbl.org (result 127.0.0.2 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 19 July 2003.

Hits	DNS Zone
13119	(total number of IP addresses tested, including 397 at SDSC)
9395	(union of most IP zones)
7495	xbl.selwerd.cx
5384	t1.bl.reynolds.net.au
4184	blackholes.easynet.nl
4147	block.blars.org
4092	blackholes.five-ten-sg.com (union of all results)
3997	wpb.bl.reynolds.net.au
3632	dnsbl.njabl.org (union of all results)
3598	no-more-funn.moensted.dk (union of all results)
3594	unconfirmed.dsbl.org
3470	psbl.surriel.com
3341	list.dsbl.org
3339	dsbl.bl.reynolds.net.au
3114	dnsbl.sorbs.net (union of all results)
3065	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
3057	proxies.blackholes.easynet.nl
2618	dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
2572	dnsbl.njabl.org (result 127.0.0.9 = open proxy)
2450	dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
2227	proxies.relays.monkeys.com (union of all results)
2226	proxies.relays.monkeys.com (result 127.0.0.2 = open proxy)
2115	cn-kr.blackholes.us (union of all results)
2068	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
2059	bl.spamcop.net
1811	relays.osirusoft.com (union of all results)
1590	blackhole.compu.net
1405	ipwhois.rfc-ignorant.org
1079	cn-kr.blackholes.us (result 127.0.0.2 = China)
1079	china.blackholes.us
1071	relays.osirusoft.com (result 127.0.0.9 = open proxy)
1069	socks.relays.osirusoft.com
1036	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
1036	korea.blackholes.us
1025	korea.services.net
1024	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
953	spews.bl.reynolds.net.au
933	unsure.nether.net
815	spamsources.fabel.dk
743	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
735	sbl.spamhaus.org
723	dynablock.easynet.nl (result 127.0.0.2 = dialup)
723	wdl.bl.reynolds.net.au
723	dynablock.easynet.nl (union of all results)
714	opm.blitzed.org
587	pdl.bl.reynolds.net.au
548	blocktest.relays.osirusoft.com (not a blacklist!)
541	ybl.megacity.org
530	cw.blackholes.us
501	dnsbl.njabl.org (result 127.0.0.4 = spam source)
480	blacklist.spambag.org
472	blackholes.intersil.net
423	spews.relays.osirusoft.com
422	dnsbl.delink.net
405	work.drbl.croco.net
391	dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
388	relays.osirusoft.com (result 127.0.0.4 = spam source)
377	spam.wytnij.to
369	relaywatcher.n13mbl.com
317	spamhaus.relays.osirusoft.com
314	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
298	spamguard.leadmon.net (union of all results)
283	spamguard.leadmon.net (result 127.0.0.2 = dialup)
268	brazil.blackholes.us
249	dnsbl.njabl.org (result 127.0.0.3 = dialup)
247	level3.blackholes.us
240	relays.osirusoft.com (result 127.0.0.6 = spamsites)
229	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
227	dialups.visi.com
215	dnsbl.antispam.or.id
214	multihop.dsbl.org
213	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
209	taiwan.blackholes.us
199	mail-abuse.blacklist.jippg.org
194	comcast.blackholes.us
188	lbl.lagengymnastik.dk
180	inputs.relays.osirusoft.com
177	relays.osirusoft.com (result 127.0.0.2 = open relay)
173	dnsbl.sorbs.net (result 127.0.0.6 = spam source)
173	relays.ordb.org
168	rr.blackholes.us
168	osrs.bl.reynolds.net.au
157	sbbl.they.com
143	japan.blackholes.us
142	ohps.bl.reynolds.net.au
141	verio.blackholes.us
140	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
138	3y.spam.mrs.kithrup.com
134	qwest.blackholes.us
122	dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
122	dialups.relays.osirusoft.com (union of all results)
121	relays.bl.kundenserver.de
115	query.bondedsender.org (not a blacklist!)
108	blackholes.uceb.org (union of all results)
104	osps.bl.reynolds.net.au
98	relays.osirusoft.com (result 127.0.0.3 = dialup)
97	no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
94	russia.blackholes.us
94	spamsources.relays.osirusoft.com (union of all results)
90	relays.nether.net
86	hongkong.blackholes.us
86	charter.blackholes.us
85	spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
84	argentina.blackholes.us
78	mexico.blackholes.us
76	rmst.bl.reynolds.net.au
66	xo.blackholes.us
63	flowgoaway.com
62	internap.blackholes.us
62	blackholes.brainerd.net
61	vox.schpider.com
54	turkey.blackholes.us
51	tr.countries.nerd.dk
50	dun.dnsrbl.net
49	rogers.blackholes.us
49	blackholes.uceb.org (result 127.0.0.3 = spam source)
47	dnsbl.sorbs.net (result 127.0.0.10 = dialup)
44	bellsouth.blackholes.us
42	infolink.blackholes.us
39	inflow.blackholes.us
37	blackholes.uceb.org (result 127.0.0.2 = open relay)
36	interbusiness.blackholes.us
35	he.blackholes.us
35	bl.deadbeef.com
34	proxy.relays.osirusoft.com
34	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
30	wanadoo-fr.blackholes.us
30	eli.blackholes.us
27	singapore.blackholes.us
27	malaysia.blackholes.us
26	above.blackholes.us
26	dialup.blacklist.jippg.org (union of all results)
25	cybercon.blackholes.us
24	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
22	nigeria.blackholes.us
22	spam.exsilia.net (union of all results)
21	rackspace.blackholes.us
21	a2000.blackholes.us
21	probes.bl.reynolds.net.au
20	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
20	spam.exsilia.net (result 127.0.0.2 = spam source)
18	covad.blackholes.us
17	blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
16	thailand.blackholes.us
16	broadwing.blackholes.us
16	spam.shri.net
15	blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
15	ph.rbl.cluecentral.net
14	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
14	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
12	maxim.blackholes.us
10	yipes.blackholes.us
10	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
9	telstra.blackholes.us
9	spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
8	owps.bl.reynolds.net.au
8	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
7	pajo.blackholes.us
6	dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
5	olm.blackholes.us
5	burst.blackholes.us
5	affinity.blackholes.us
5	blackholes.uceb.org (result 127.0.0.4 = spam source network)
5	dnsbl.sorbs.net (result 127.0.0.7 = open formmail.cgi)
5	dev.null.dk
5	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
4	omrs.bl.reynolds.net.au
3	navisite.blackholes.us
3	epoch.blackholes.us
3	dnsbl.sorbs.net (result 127.0.0.5 = open relay)
2	t3direct.bl.reynolds.net.au
2	dialup.blacklist.jippg.org (result 127.0.0.4 = dialup in Japan)
2	no-more-funn.moensted.dk (result 127.0.0.11 = repeated probes)
2	blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)
2	spam.exsilia.net (result 127.0.0.3 = virus source)
1	ciberlynx.blackholes.us
1	spamsites.bl.reynolds.net.au
1	owfs.bl.reynolds.net.au
1	dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
1	proxies.relays.monkeys.com (result 127.0.0.3 = proxy output)
1	spamguard.leadmon.net (result 127.0.0.3 = spam source)
1	blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
1	proxies.exsilia.net

Hits	DNS Zone
8123	(total number of domains tested, including 197 at SDSC)
1658	(union of all domain zones)
720	abuse.rfc-ignorant.org
611	whois.rfc-ignorant.org (union of all results)
502	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
410	postmaster.rfc-ignorant.org
374	dsn.rfc-ignorant.org
109	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
37	ex.dnsbl.org (union of all results)
35	ex.dnsbl.org (result 127.0.0.2 = spamsites)
34	bl.deadbeef.com
24	rddn.bl.reynolds.net.au (zone not intended for this use)
9	bandwidth-pigs.monkeys.com
5	in.dnsbl.org (union of all results)
4	in.dnsbl.org (result 127.0.0.6 = unconfirmed opt-in)
2	ex.dnsbl.org (result 127.0.0.3 = spam source)
1	in.dnsbl.org (result 127.0.0.2 = spam source)