Blacklists Compared

2 August 2003

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx and block.blars.org zones zone because they are too aggressive to be widely useful, and the blocktest.relays.osirusoft.com and query.bondedsender.org zones are also excluded because they are not blacklists.

HitsDNS Zone
11834(total number of IP addresses tested, including 418 at SDSC)
8356(union of most IP zones)
6534xbl.selwerd.cx
4186t1.bl.reynolds.net.au
3782blackholes.five-ten-sg.com (union of all results)
3764block.blars.org
3428dnsbl.sorbs.net (union of all results)
3379blackholes.easynet.nl
3055wpb.bl.reynolds.net.au
2982psbl.surriel.com
2964dnsbl.njabl.org (union of all results)
2786unconfirmed.dsbl.org
2719blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
2712no-more-funn.moensted.dk (union of all results)
2555list.dsbl.org
2446dsbl.bl.reynolds.net.au
2296proxies.blackholes.easynet.nl
2032cbl.abuseat.org
1919dnsbl.njabl.org (result 127.0.0.9 = open proxy)
1866dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
1737dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
1582bl.spamcop.net
1565blackhole.compu.net
1560cn-kr.blackholes.us (union of all results)
1548proxies.relays.monkeys.com (result 127.0.0.2 = open proxy)
1548proxies.relays.monkeys.com (union of all results)
1403no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
1090l2.spews.dnsbl.sorbs.net
1034ipwhois.rfc-ignorant.org
938cn-kr.blackholes.us (result 127.0.0.2 = China)
938china.blackholes.us
880relays.osirusoft.com (union of all results)
843spews.bl.reynolds.net.au
815no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
800unsure.nether.net
786l1.spews.dnsbl.sorbs.net
778blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
746sbl.spamhaus.org
736opm.blitzed.org
716dynablock.easynet.nl (result 127.0.0.2 = dialup)
716dynablock.easynet.nl (union of all results)
677pdl.bl.reynolds.net.au
622cn-kr.blackholes.us (result 127.0.0.3 = Korea)
622korea.blackholes.us
615korea.services.net
591wdl.bl.reynolds.net.au
534ybl.megacity.org
531dnsbl.njabl.org (result 127.0.0.4 = spam source)
528relaywatcher.n13mbl.com
507cw.blackholes.us
466dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
455blackholes.intersil.net
452spamsources.fabel.dk
450blacklist.spambag.org
397spews.relays.osirusoft.com
387spamhaus.relays.osirusoft.com
372dnsbl.delink.net
367relays.osirusoft.com (result 127.0.0.4 = spam source)
364relays.osirusoft.com (result 127.0.0.6 = spamsites)
339socks.relays.osirusoft.com
339relays.osirusoft.com (result 127.0.0.9 = open proxy)
316spam.wytnij.to
307dnsbl.njabl.org (result 127.0.0.3 = dialup)
304work.drbl.croco.net
278spam.shri.net
269level3.blackholes.us
244spamguard.leadmon.net (union of all results)
240no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
233spamguard.leadmon.net (result 127.0.0.2 = dialup)
222dialups.visi.com
222lbl.lagengymnastik.dk
221blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
219dnsbl.sorbs.net (result 127.0.0.10 = dialup)
213dnsbl.njabl.org (result 127.0.0.2 = source or relay)
210comcast.blackholes.us
206multihop.dsbl.org
199brazil.blackholes.us
199dnsbl.sorbs.net (result 127.0.0.6 = spam source)
193taiwan.blackholes.us
169mail-abuse.blacklist.jippg.org
148relays.ordb.org
142no-more-funn.moensted.dk (result 127.0.0.9 = misc)
136hongkong.blackholes.us
135verio.blackholes.us
131qwest.blackholes.us
128rr.blackholes.us
119query.bondedsender.org (not a blacklist!)
1123y.spam.mrs.kithrup.com
110japan.blackholes.us
108dnsbl.antispam.or.id
103sbbl.they.com
102ohps.bl.reynolds.net.au
101osrs.bl.reynolds.net.au
98argentina.blackholes.us
88relays.bl.kundenserver.de
86mexico.blackholes.us
83xo.blackholes.us
82internap.blackholes.us
82charter.blackholes.us
81relays.nether.net
76no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
75blackholes.uceb.org (union of all results)
70osps.bl.reynolds.net.au
69vox.schpider.com
64blackholes.brainerd.net
63rmst.bl.reynolds.net.au
60dialups.relays.osirusoft.com (union of all results)
56flowgoaway.com
53wanadoo-fr.blackholes.us
52interbusiness.blackholes.us
52tr.countries.nerd.dk
51turkey.blackholes.us
50russia.blackholes.us
47relays.osirusoft.com (result 127.0.0.2 = open relay)
47inputs.relays.osirusoft.com
47dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
46dun.dnsrbl.net
44infolink.blackholes.us
41relays.visi.com
41dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
41dialup.blacklist.jippg.org (union of all results)
39bellsouth.blackholes.us
38inflow.blackholes.us
34relays.osirusoft.com (result 127.0.0.3 = dialup)
34spamsources.relays.osirusoft.com (union of all results)
33spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
32blackholes.uceb.org (result 127.0.0.3 = spam source)
32blackholes.uceb.org (result 127.0.0.2 = open relay)
32blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
31above.blackholes.us
28singapore.blackholes.us
28bl.deadbeef.com
28ph.rbl.cluecentral.net
27he.blackholes.us
27spam.exsilia.net (union of all results)
26nigeria.blackholes.us
24rogers.blackholes.us
22rackspace.blackholes.us
22blocktest.relays.osirusoft.com (not a blacklist!)
21probes.bl.reynolds.net.au
20spam.exsilia.net (result 127.0.0.2 = spam source)
19cybercon.blackholes.us
18no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
17malaysia.blackholes.us
17eli.blackholes.us
16covad.blackholes.us
16blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
15yipes.blackholes.us
13broadwing.blackholes.us
13dialups.relays.osirusoft.com (result 127.0.0.4 = no reverse DNS)
12telstra.blackholes.us
12a2000.blackholes.us
12blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
11thailand.blackholes.us
11no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
8epoch.blackholes.us
8affinity.blackholes.us
8owps.bl.reynolds.net.au
8spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
7maxim.blackholes.us
7blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
7spam.exsilia.net (result 127.0.0.3 = virus source)
6pajo.blackholes.us
6no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
5blackholes.uceb.org (result 127.0.0.4 = spam source network)
5proxy.relays.osirusoft.com
4olm.blackholes.us
3dnsbl.sorbs.net (result 127.0.0.5 = open relay)
3spamguard.leadmon.net (result 127.0.0.3 = spam source)
2burst.blackholes.us
2dnsbl.sorbs.net (result 127.0.0.7 = open formmail.cgi)
2t3direct.bl.reynolds.net.au
2dev.null.dk
2blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
2blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
1navisite.blackholes.us
1spamsites.bl.reynolds.net.au
1spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
1relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
1dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
1no-more-funn.moensted.dk (result 127.0.0.11 = repeated probes)

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

HitsDNS Zone
11834(total number of IP addresses whose names were tested, including 418 at SDSC)
4162(union of all domain zones)
2412abuse.rfc-ignorant.org
1461rddn.bl.reynolds.net.au
669whois.rfc-ignorant.org (union of all results)
575spamdomains.blackholes.easynet.nl
536endn.bl.reynolds.net.au
414bulk.rhs.mailpolice.com
358whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
311whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
107bl.deadbeef.com
63porn.rhs.mailpolice.com
17dsn.rfc-ignorant.org (zone not intended for this use)
9postmaster.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

HitsDNS Zone
7313(total number of domains tested, including 207 at SDSC)
2361(union of all domain zones)
847endn.bl.reynolds.net.au
835bulk.rhs.mailpolice.com
821spamdomains.blackholes.easynet.nl
628abuse.rfc-ignorant.org
448whois.rfc-ignorant.org (union of all results)
418dsn.rfc-ignorant.org
371postmaster.rfc-ignorant.org
353whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
95whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
64porn.rhs.mailpolice.com
38rddn.bl.reynolds.net.au (zone not intended for this use)
29ex.dnsbl.org (union of all results)
28bl.deadbeef.com
27ex.dnsbl.org (result 127.0.0.2 = spamsites)
8bandwidth-pigs.monkeys.com
5in.dnsbl.org (union of all results)
3in.dnsbl.org (result 127.0.0.6 = unconfirmed opt-in)
2in.dnsbl.org (result 127.0.0.2 = spam source)
2ex.dnsbl.org (result 127.0.0.3 = spam source)

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 9 August 2003.