Blacklists Compared, 31-Jan-04

Blacklists Compared

31 January 2004

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the exemptions.ahbl.org and query.bondedsender.org zones because they are not blacklists, and because it is too aggressive to be widely useful the block.blars.org zone is also excluded.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

26279 (total number of IP addresses whose names were tested, including 389 at SDSC)
11879 (union of all domain zones)
8222 abuse.rfc-ignorant.org
6420 rddn.dnsbl.net.au
2900 whois.rfc-ignorant.org (union of all results)
1735 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
1165 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
639 bulk.rhs.mailpolice.com
438 blackhole.securitysage.com
269 rhsbl.ahbl.org
206 bl.deadbeef.com
63 porn.rhs.mailpolice.com
18 postmaster.rfc-ignorant.org
18 dsn.rfc-ignorant.org (zone not intended for this use)
18 bogusmx.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

26306 (total number of domains tested, including 241 at SDSC)
7000 (union of all domain zones)
2903 whois.rfc-ignorant.org (union of all results)
2475 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2110 abuse.rfc-ignorant.org
1549 bulk.rhs.mailpolice.com
924 postmaster.rfc-ignorant.org
763 dsn.rfc-ignorant.org
683 blackhole.securitysage.com
643 rhsbl.ahbl.org
428 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
195 bogusmx.rfc-ignorant.org
126 porn.rhs.mailpolice.com
125 bl.deadbeef.com
41 rddn.dnsbl.net.au (zone not intended for this use)
12 rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
12 rhsbl.sorbs.net (union of all results)
2 rhsbl.sorbs.net (result 127.0.0.12 = domain does not send mail)
2 cart00ney.surriel.com

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 15 February 2004.

Hits	DNS Zone
26279	(total number of IP addresses tested, including 389 at SDSC)
18571	(union of most IP zones)
11677	t1.dnsbl.net.au
10922	dnsbl.sorbs.net (union of all results)
10240	block.blars.org
9186	blackholes.five-ten-sg.com (union of all results)
8505	sbl-xbl.spamhaus.org (union of all results)
7993	unconfirmed.dsbl.org
7905	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
7757	list.dsbl.org
7756	dsbl.dnsbl.net.au
7134	cbl.abuseat.org
7120	xbl.spamhaus.org
7120	sbl-xbl.spamhaus.org (result 127.0.0.4 = Spamhaus XBL)
7016	dnsbl.sorbs.net (result 127.0.0.10 = dialup)
6901	dynablock.njabl.org
5395	dnsbl.njabl.org (union of all results)
4609	no-more-funn.moensted.dk (union of all results)
4284	sbl.csma.biz
4061	bl.spamcop.net
3319	dnsbl.njabl.org (result 127.0.0.9 = open proxy)
2936	l2.spews.dnsbl.sorbs.net
2739	cn-kr.blackholes.us (union of all results)
2623	ipwhois.rfc-ignorant.org
2513	l1.spews.dnsbl.sorbs.net
2513	spews.dnsbl.net.au
2508	dnsbl.ahbl.org (union of all results)
2395	spam.wytnij.to
2374	dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
2300	unsure.nether.net
2116	dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
2109	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
2088	dnsbl.ahbl.org (result 127.0.0.3 = open proxy)
1948	bl.csma.biz
1894	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
1725	psbl.surriel.com
1590	sbl-xbl.spamhaus.org (result 127.0.0.2 = Spamhaus SBL)
1590	sbl.spamhaus.org
1372	cn-kr.blackholes.us (result 127.0.0.2 = China)
1372	china.blackholes.us
1367	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
1367	korea.blackholes.us
1334	korea.services.net
1262	dnsbl.njabl.org (result 127.0.0.3 = dialup)
978	rmst.dnsbl.net.au
956	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
939	comcast.blackholes.us
810	spamsources.fabel.dk
746	ybl.megacity.org
715	dnsbl.sorbs.net (result 127.0.0.6 = spam source)
676	wpbl.dnsbl.net.au
662	opm.blitzed.org
641	spamguard.leadmon.net (union of all results)
624	spamguard.leadmon.net (result 127.0.0.2 = dialup)
577	probes.dnsbl.net.au
570	cw.blackholes.us
551	relays.visi.com
546	dnsbl.njabl.org (result 127.0.0.4 = spam source)
493	hil.habeas.com
467	brazil.blackholes.us
467	blacklist.spambag.org
464	level3.blackholes.us
447	rr.blackholes.us
444	pss.spambusters.org.ar
419	dnsbl.ahbl.org (result 127.0.0.4 = spam source)
412	work.drbl.croco.net
379	blackholes.intersil.net
324	taiwan.blackholes.us
318	japan.blackholes.us
309	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
278	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
270	no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
248	wanadoo-fr.blackholes.us
237	dnsbl.antispam.or.id
229	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
219	charter.blackholes.us
216	multihop.dsbl.org
207	relays.ordb.org
203	bellsouth.blackholes.us
200	relaywatcher.n13mbl.com
200	ricn.dnsbl.net.au
196	qwest.blackholes.us
195	dialup.blacklist.jippg.org (union of all results)
192	verio.blackholes.us
192	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
189	russia.blackholes.us
172	mexico.blackholes.us
168	infolink.blackholes.us
152	mail-abuse.blacklist.jippg.org
148	interbusiness.blackholes.us
142	xo.blackholes.us
130	dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
129	internap.blackholes.us
124	osrs.dnsbl.net.au
120	hongkong.blackholes.us
119	singapore.blackholes.us
104	relays.nether.net
102	dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
98	tr.countries.nerd.dk
97	turkey.blackholes.us
95	osps.dnsbl.net.au
93	3y.spam.mrs.kithrup.com
91	above.blackholes.us
88	dnsbl.sorbs.net (result 127.0.0.7 = open formmail.cgi)
88	dun.dnsrbl.net
85	query.bondedsender.org (not a blacklist!)
84	sbbl.they.com
83	argentina.blackholes.us
78	telstra.blackholes.us
78	flowgoaway.com
74	dnsbl.sorbs.net (result 127.0.0.5 = open relay)
73	ohps.dnsbl.net.au
66	yipes.blackholes.us
65	he.blackholes.us
61	rogers.blackholes.us
58	relays.bl.kundenserver.de
57	inflow.blackholes.us
55	rdts.dnsbl.net.au
53	ph.rbl.cluecentral.net
50	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
49	a2000.blackholes.us
41	exemptions.ahbl.org (not a blacklist!)
40	malaysia.blackholes.us
40	spam.exsilia.net (union of all results)
38	blackholes.uceb.org (union of all results)
37	nigeria.blackholes.us
36	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
36	blackholes.brainerd.net
35	covad.blackholes.us
33	rackspace.blackholes.us
31	cybercon.blackholes.us
30	swbell.blackholes.us
29	eli.blackholes.us
28	thailand.blackholes.us
28	spam.exsilia.net (result 127.0.0.2 = spam source)
25	blackholes.uceb.org (result 127.0.0.2 = open relay)
25	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
23	satos.rbl.cluecentral.net
18	maxim.blackholes.us
18	broadwing.blackholes.us
17	spamsources.yamta.org (result 127.0.0.2 = spam source)
17	affinity.blackholes.us
15	olm.blackholes.us
14	blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
13	pajo.blackholes.us
13	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
12	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
12	blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
12	spam.exsilia.net (result 127.0.0.3 = virus source)
11	epoch.blackholes.us
10	burst.blackholes.us
9	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
9	bl.deadbeef.com
8	blackholes.uceb.org (result 127.0.0.3 = spam source)
7	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
6	omrs.dnsbl.net.au
5	navisite.blackholes.us
5	ciberlynx.blackholes.us
4	owps.dnsbl.net.au
4	spamguard.leadmon.net (result 127.0.0.3 = spam source)
3	blackholes.uceb.org (result 127.0.0.4 = spam source network)
3	owfs.dnsbl.net.au
3	dialup.blacklist.jippg.org (result 127.0.0.4 = dialup in Japan)
2	blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
2	blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)
1	valuenet.blackholes.us
1	dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
1	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
1	dnsbl.ahbl.org (result 127.0.0.10 = shoot on sight spammer)

Hits	DNS Zone
26306	(total number of domains tested, including 241 at SDSC)
7000	(union of all domain zones)
2903	whois.rfc-ignorant.org (union of all results)
2475	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2110	abuse.rfc-ignorant.org
1549	bulk.rhs.mailpolice.com
924	postmaster.rfc-ignorant.org
763	dsn.rfc-ignorant.org
683	blackhole.securitysage.com
643	rhsbl.ahbl.org
428	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
195	bogusmx.rfc-ignorant.org
126	porn.rhs.mailpolice.com
125	bl.deadbeef.com
41	rddn.dnsbl.net.au (zone not intended for this use)
12	rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
12	rhsbl.sorbs.net (union of all results)
2	rhsbl.sorbs.net (result 127.0.0.12 = domain does not send mail)
2	cart00ney.surriel.com