Blacklists Compared, 23-Aug-03

Blacklists Compared

23 August 2003

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the xbl.selwerd.cx and block.blars.org zones zone because they are too aggressive to be widely useful, and the blocktest.relays.osirusoft.com and query.bondedsender.org zones are also excluded because they are not blacklists.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems. The blackhole.compu.net zone "is primarily for hosts which were not blocked by other blackhole sites and spammed compu.net."

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

14298 (total number of IP addresses whose names were tested, including 425 at SDSC)
4924 (union of all domain zones)
2628 abuse.rfc-ignorant.org
1842 rddn.bl.reynolds.net.au
873 whois.rfc-ignorant.org (union of all results)
607 endn.bl.reynolds.net.au
606 spamdomains.blackholes.easynet.nl
553 bulk.rhs.mailpolice.com
501 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
372 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
109 bl.deadbeef.com
89 porn.rhs.mailpolice.com
33 dsn.rfc-ignorant.org (zone not intended for this use)
19 postmaster.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

15273 (total number of domains tested, including 231 at SDSC)
3864 (union of all domain zones)
1269 whois.rfc-ignorant.org (union of all results)
1139 abuse.rfc-ignorant.org
1063 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
926 bulk.rhs.mailpolice.com
880 endn.bl.reynolds.net.au
828 spamdomains.blackholes.easynet.nl
498 postmaster.rfc-ignorant.org
434 dsn.rfc-ignorant.org
206 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
108 bl.deadbeef.com
105 porn.rhs.mailpolice.com
25 rddn.bl.reynolds.net.au (zone not intended for this use)
10 bandwidth-pigs.monkeys.com

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 31 August 2003.

Hits	DNS Zone
14298	(total number of IP addresses tested, including 425 at SDSC)
9176	(union of most IP zones)
7512	xbl.selwerd.cx
4015	blackholes.five-ten-sg.com (union of all results)
3934	block.blars.org
3862	t1.bl.reynolds.net.au
3103	dnsbl.sorbs.net (union of all results)
2943	blackholes.easynet.nl
2943	wpb.bl.reynolds.net.au
2937	no-more-funn.moensted.dk (union of all results)
2933	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
2712	dnsbl.njabl.org (union of all results)
2633	psbl.surriel.com
2425	unconfirmed.dsbl.org
2321	cbl.abuseat.org
2123	dsbl.bl.reynolds.net.au
2123	list.dsbl.org
1865	proxies.blackholes.easynet.nl
1613	cn-kr.blackholes.us (union of all results)
1553	dnsbl.njabl.org (result 127.0.0.9 = open proxy)
1527	blackhole.compu.net
1519	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
1468	dynablock.easynet.nl (result 127.0.0.2 = dialup)
1468	dynablock.easynet.nl (union of all results)
1432	dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
1362	bl.spamcop.net
1330	dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
1186	l2.spews.dnsbl.sorbs.net
1155	proxies.relays.monkeys.com (result 127.0.0.2 = open proxy)
1155	proxies.relays.monkeys.com (union of all results)
1003	ipwhois.rfc-ignorant.org
898	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
886	l1.spews.dnsbl.sorbs.net
858	cn-kr.blackholes.us (result 127.0.0.2 = China)
858	china.blackholes.us
851	sbl.spamhaus.org
840	unsure.nether.net
773	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
755	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
755	korea.blackholes.us
751	korea.services.net
665	opm.blitzed.org
576	relays.visi.com
570	spews.bl.reynolds.net.au
563	dnsbl.njabl.org (result 127.0.0.4 = spam source)
557	pdl.bl.reynolds.net.au
536	ybl.megacity.org
497	blacklist.spambag.org
481	blackholes.intersil.net
472	cw.blackholes.us
411	dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
391	dnsbl.delink.net
356	dialups.visi.com
331	dnsbl.sorbs.net (result 127.0.0.10 = dialup)
318	dnsbl.njabl.org (result 127.0.0.3 = dialup)
298	spamguard.leadmon.net (union of all results)
293	spam.wytnij.to
282	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
281	spamguard.leadmon.net (result 127.0.0.2 = dialup)
281	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
277	relaywatcher.n13mbl.com
267	rr.blackholes.us
266	multihop.dsbl.org
240	level3.blackholes.us
235	dnsbl.sorbs.net (result 127.0.0.6 = spam source)
234	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
227	lbl.lagengymnastik.dk
214	comcast.blackholes.us
213	relays.osirusoft.com (union of all results)
205	brazil.blackholes.us
185	relays.ordb.org
182	relays.osirusoft.com (result 127.0.0.4 = spam source)
180	sbbl.they.com
171	work.drbl.croco.net
167	spews.relays.osirusoft.com
164	taiwan.blackholes.us
162	verio.blackholes.us
155	spamsources.fabel.dk
150	relays.bl.kundenserver.de
147	qwest.blackholes.us
142	osrs.bl.reynolds.net.au
142	mail-abuse.blacklist.jippg.org
141	3y.spam.mrs.kithrup.com
131	internap.blackholes.us
128	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
120	japan.blackholes.us
117	query.bondedsender.org (not a blacklist!)
100	charter.blackholes.us
95	blackholes.brainerd.net
93	rmst.bl.reynolds.net.au
91	relays.nether.net
90	dnsbl.antispam.or.id
86	hongkong.blackholes.us
79	xo.blackholes.us
78	bellsouth.blackholes.us
76	argentina.blackholes.us
75	mexico.blackholes.us
74	blackholes.uceb.org (union of all results)
69	osps.bl.reynolds.net.au
69	ohps.bl.reynolds.net.au
65	russia.blackholes.us
63	singapore.blackholes.us
59	infolink.blackholes.us
57	flowgoaway.com
53	tr.countries.nerd.dk
53	no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
52	turkey.blackholes.us
49	vox.schpider.com
48	dev.null.dk
46	rogers.blackholes.us
42	he.blackholes.us
40	dun.dnsrbl.net
40	satos.rbl.cluecentral.net
37	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
36	inflow.blackholes.us
35	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
34	blackholes.uceb.org (result 127.0.0.3 = spam source)
34	blackholes.uceb.org (result 127.0.0.2 = open relay)
34	spam.shri.net
31	rackspace.blackholes.us
30	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
30	dialup.blacklist.jippg.org (union of all results)
29	probes.bl.reynolds.net.au
28	nigeria.blackholes.us
27	malaysia.blackholes.us
26	above.blackholes.us
24	interbusiness.blackholes.us
24	covad.blackholes.us
24	spam.exsilia.net (union of all results)
23	cybercon.blackholes.us
21	eli.blackholes.us
21	socks.relays.osirusoft.com
21	relays.osirusoft.com (result 127.0.0.9 = open proxy)
21	ph.rbl.cluecentral.net
20	spam.exsilia.net (result 127.0.0.2 = spam source)
20	bl.deadbeef.com
19	broadwing.blackholes.us
17	thailand.blackholes.us
17	telstra.blackholes.us
17	dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
17	spamsources.relays.osirusoft.com (union of all results)
15	yipes.blackholes.us
15	spamsources.relays.osirusoft.com (result 127.0.0.4 = spam source)
15	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
15	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
15	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
12	pajo.blackholes.us
12	blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
11	wanadoo-fr.blackholes.us
11	maxim.blackholes.us
8	affinity.blackholes.us
8	a2000.blackholes.us
8	owps.bl.reynolds.net.au
8	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
7	burst.blackholes.us
7	spamsites.bl.reynolds.net.au
6	lauderdale.blackholes.us
6	relays.osirusoft.com (result 127.0.0.2 = open relay)
6	inputs.relays.osirusoft.com
5	olm.blackholes.us
5	navisite.blackholes.us
5	blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
5	blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
4	epoch.blackholes.us
4	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
4	spam.exsilia.net (result 127.0.0.3 = virus source)
3	t3direct.bl.reynolds.net.au
3	dialups.relays.osirusoft.com (result 127.0.0.3 = dialup)
3	relays.osirusoft.com (result 127.0.0.3 = dialup)
3	dialups.relays.osirusoft.com (union of all results)
2	spamsources.relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
2	relays.osirusoft.com (result 127.0.0.7 = unconfirmed opt-in)
2	spamguard.leadmon.net (result 127.0.0.3 = spam source)
2	blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)
1	ciberlynx.blackholes.us
1	blackholes.uceb.org (result 127.0.0.4 = spam source network)
1	dnsbl.sorbs.net (result 127.0.0.5 = open relay)
1	dnsbl.sorbs.net (result 127.0.0.7 = open formmail.cgi)
1	omrs.bl.reynolds.net.au
1	blocktest.relays.osirusoft.com (not a blacklist!)
1	dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)

Hits	DNS Zone
15273	(total number of domains tested, including 231 at SDSC)
3864	(union of all domain zones)
1269	whois.rfc-ignorant.org (union of all results)
1139	abuse.rfc-ignorant.org
1063	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
926	bulk.rhs.mailpolice.com
880	endn.bl.reynolds.net.au
828	spamdomains.blackholes.easynet.nl
498	postmaster.rfc-ignorant.org
434	dsn.rfc-ignorant.org
206	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
108	bl.deadbeef.com
105	porn.rhs.mailpolice.com
25	rddn.bl.reynolds.net.au (zone not intended for this use)
10	bandwidth-pigs.monkeys.com