Blacklists Compared

19 July 2003

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx and block.blars.org zones zone because they are too aggressive to be widely useful, and the blocktest.relays.osirusoft.com and query.bondedsender.org zones are also excluded because they are not blacklists.

HitsDNS Zone
13043(total number of IP addresses tested, including 424 at SDSC)
9259(union of most IP zones)
7383xbl.selwerd.cx
5258t1.bl.reynolds.net.au
4263blackholes.five-ten-sg.com (union of all results)
4230blackholes.easynet.nl
4184block.blars.org
4061wpb.bl.reynolds.net.au
3448unconfirmed.dsbl.org
3409no-more-funn.moensted.dk (union of all results)
3287psbl.surriel.com
3199dsbl.bl.reynolds.net.au
3199list.dsbl.org
3166blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
3116dnsbl.sorbs.net (union of all results)
2956dnsbl.njabl.org (union of all results)
2917proxies.blackholes.easynet.nl
2798relays.osirusoft.com (union of all results)
2351dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
2319dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
2095cn-kr.blackholes.us (union of all results)
2062bl.spamcop.net
1991no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
1952dnsbl.njabl.org (result 127.0.0.9 = open proxy)
1918proxies.relays.monkeys.com (result 127.0.0.2 = open proxy)
1918proxies.relays.monkeys.com (union of all results)
1571blackhole.compu.net
1417relays.osirusoft.com (result 127.0.0.9 = open proxy)
1403socks.relays.osirusoft.com
1323ipwhois.rfc-ignorant.org
1208opm.blitzed.org
1102cn-kr.blackholes.us (result 127.0.0.3 = Korea)
1102korea.blackholes.us
1094korea.services.net
993cn-kr.blackholes.us (result 127.0.0.2 = China)
993china.blackholes.us
990spews.bl.reynolds.net.au
899unsure.nether.net
894no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
875sbl.spamhaus.org
806blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
792spamsources.fabel.dk
782spamhaus.relays.osirusoft.com
711relays.osirusoft.com (result 127.0.0.6 = spamsites)
709spews.relays.osirusoft.com
682relays.osirusoft.com (result 127.0.0.4 = spam source)
617relaywatcher.n13mbl.com
609wdl.bl.reynolds.net.au
608dynablock.easynet.nl (result 127.0.0.2 = dialup)
608dynablock.easynet.nl (union of all results)
603blocktest.relays.osirusoft.com (not a blacklist!)
563ybl.megacity.org
561pdl.bl.reynolds.net.au
515cw.blackholes.us
500blacklist.spambag.org
495blackholes.intersil.net
490dnsbl.njabl.org (result 127.0.0.4 = spam source)
430dnsbl.delink.net
390dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
366work.drbl.croco.net
329level3.blackholes.us
311spam.wytnij.to
277spamguard.leadmon.net (union of all results)
261dnsbl.njabl.org (result 127.0.0.3 = dialup)
259spamguard.leadmon.net (result 127.0.0.2 = dialup)
256brazil.blackholes.us
256dnsbl.njabl.org (result 127.0.0.2 = source or relay)
247dnsbl.sorbs.net (result 127.0.0.6 = spam source)
244no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
242relays.osirusoft.com (result 127.0.0.2 = open relay)
240inputs.relays.osirusoft.com
225blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
215comcast.blackholes.us
214multihop.dsbl.org
211dnsbl.antispam.or.id
209taiwan.blackholes.us
203lbl.lagengymnastik.dk
201dialups.visi.com
199dialups.relays.osirusoft.com (union of all results)
192dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
171relays.ordb.org
171no-more-funn.moensted.dk (result 127.0.0.9 = misc)
165mail-abuse.blacklist.jippg.org
154rr.blackholes.us
152qwest.blackholes.us
150spamsources.relays.osirusoft.com (union of all results)
148probes.bl.reynolds.net.au
147relays.osirusoft.com (result 127.0.0.3 = dialup)
142verio.blackholes.us
139spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
131sbbl.they.com
130ohps.bl.reynolds.net.au
125query.bondedsender.org (not a blacklist!)
1243y.spam.mrs.kithrup.com
121spam.shri.net
117japan.blackholes.us
111osps.bl.reynolds.net.au
110osrs.bl.reynolds.net.au
106blackholes.uceb.org (union of all results)
103hongkong.blackholes.us
103argentina.blackholes.us
97internap.blackholes.us
94relays.nether.net
83relays.bl.kundenserver.de
78charter.blackholes.us
75rmst.bl.reynolds.net.au
72no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
71xo.blackholes.us
71mexico.blackholes.us
69flowgoaway.com
63blackholes.brainerd.net
61dnsbl.sorbs.net (result 127.0.0.10 = dialup)
60dun.dnsrbl.net
56infolink.blackholes.us
53blackholes.uceb.org (result 127.0.0.3 = spam source)
51russia.blackholes.us
49turkey.blackholes.us
49tr.countries.nerd.dk
47interbusiness.blackholes.us
45vox.schpider.com
42bellsouth.blackholes.us
38spam.exsilia.net (union of all results)
37nigeria.blackholes.us
37bl.deadbeef.com
33wanadoo-fr.blackholes.us
33spam.exsilia.net (result 127.0.0.2 = spam source)
32inflow.blackholes.us
32above.blackholes.us
31he.blackholes.us
29blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
27singapore.blackholes.us
27blackholes.uceb.org (result 127.0.0.2 = open relay)
24cybercon.blackholes.us
23rogers.blackholes.us
23ph.rbl.cluecentral.net
22rackspace.blackholes.us
22a2000.blackholes.us
22dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
22dialup.blacklist.jippg.org (union of all results)
20blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
18blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
18proxy.relays.osirusoft.com
17telstra.blackholes.us
17eli.blackholes.us
17covad.blackholes.us
17spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
17no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
15pajo.blackholes.us
15malaysia.blackholes.us
15broadwing.blackholes.us
12thailand.blackholes.us
12owps.bl.reynolds.net.au
11yipes.blackholes.us
11no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
11blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
9affinity.blackholes.us
9blackholes.uceb.org (result 127.0.0.4 = spam source network)
8maxim.blackholes.us
8epoch.blackholes.us
7burst.blackholes.us
7t3direct.bl.reynolds.net.au
7dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
7no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
6dnsbl.sorbs.net (result 127.0.0.5 = open relay)
6spamsources.relays.osirusoft.com (result 127.0.0.6 = spamhaus)
5spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
5relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
5dev.null.dk
5spam.exsilia.net (result 127.0.0.3 = virus source)
4olm.blackholes.us
4navisite.blackholes.us
3dnsbl.sorbs.net (result 127.0.0.7 = open formmail.cgi)
3omrs.bl.reynolds.net.au
3blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
2dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
2spamsites.bl.reynolds.net.au
2spamsites.relays.osirusoft.com
2dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
2no-more-funn.moensted.dk (result 127.0.0.11 = repeated probes)
2blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
1spamguard.leadmon.net (result 127.0.0.3 = spam source)
1blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
13043(total number of IP addresses whose names were tested, including 424 at SDSC)
4188(union of all domain zones)
2526abuse.rfc-ignorant.org
1185rddn.bl.reynolds.net.au
754whois.rfc-ignorant.org (union of all results)
665endn.bl.reynolds.net.au
661spamdomains.blackholes.easynet.nl
381whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
373whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
102bl.deadbeef.com
73bulk.rhs.mailpolice.com
30dsn.rfc-ignorant.org (zone not intended for this use)
19porn.rhs.mailpolice.com
13postmaster.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
7594(total number of domains tested, including 224 at SDSC)
2233(union of all domain zones)
813endn.bl.reynolds.net.au
790spamdomains.blackholes.easynet.nl
679abuse.rfc-ignorant.org
551whois.rfc-ignorant.org (union of all results)
438whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
399dsn.rfc-ignorant.org
369postmaster.rfc-ignorant.org
113whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
40rddn.bl.reynolds.net.au (zone not intended for this use)
36porn.rhs.mailpolice.com
33bl.deadbeef.com
33ex.dnsbl.org (union of all results)
31ex.dnsbl.org (result 127.0.0.2 = spamsites)
18bulk.rhs.mailpolice.com
6bandwidth-pigs.monkeys.com
6in.dnsbl.org (union of all results)
4in.dnsbl.org (result 127.0.0.6 = unconfirmed opt-in)
2in.dnsbl.org (result 127.0.0.2 = spam source)
2ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 26 July 2003.