Blacklists Compared, 5-Jun-04

Blacklists Compared

5 June 2004

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the exemptions.ahbl.org and query.bondedsender.org zones because they are not blacklists, and because it is too aggressive to be widely useful the block.blars.org zone is also excluded.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

26245 (total number of IP addresses whose names were tested, including 390 at SDSC)
11816 (union of all domain zones)
8537 abuse.rfc-ignorant.org
6604 rddn.dnsbl.net.au
3759 whois.rfc-ignorant.org (union of all results)
2540 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
1219 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
973 bulk.rhs.mailpolice.com
569 rhsbl.ahbl.org
269 blackhole.securitysage.com
204 bl.deadbeef.com
39 porn.rhs.mailpolice.com
21 postmaster.rfc-ignorant.org
21 dsn.rfc-ignorant.org (zone not intended for this use)
1 bogusmx.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

22104 (total number of domains tested, including 263 at SDSC)
7096 (union of all domain zones)
3166 whois.rfc-ignorant.org (union of all results)
2729 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2273 abuse.rfc-ignorant.org
1361 bulk.rhs.mailpolice.com
968 postmaster.rfc-ignorant.org
940 rhsbl.ahbl.org
611 dsn.rfc-ignorant.org
527 blackhole.securitysage.com
437 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
281 bogusmx.rfc-ignorant.org
173 bl.deadbeef.com
60 porn.rhs.mailpolice.com
55 ex.dnsbl.org (union of all results)
54 rddn.dnsbl.net.au (zone not intended for this use)
52 ex.dnsbl.org (result 127.0.0.2 = spamsites)
38 rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
38 rhsbl.sorbs.net (union of all results)
3 ex.dnsbl.org (result 127.0.0.3 = spam source)
2 rhsbl.sorbs.net (result 127.0.0.12 = domain does not send mail)
2 cart00ney.surriel.com

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 20 June 2004.

Hits	DNS Zone
26245	(total number of IP addresses tested, including 390 at SDSC)
21291	(union of most IP zones)
15235	t1.dnsbl.net.au
13714	block.blars.org
12904	blackholes.five-ten-sg.com (union of all results)
12177	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
11447	sbl-xbl.spamhaus.org (union of all results)
11135	dnsbl.sorbs.net (union of all results)
9644	xbl.spamhaus.org (union of all results)
9619	cbl.abuseat.org
9612	xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
9612	sbl-xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
7641	dynablock.njabl.org
7256	dnsbl.sorbs.net (result 127.0.0.10 = dialup)
7206	unconfirmed.dsbl.org
7079	dsbl.dnsbl.net.au
7079	list.dsbl.org
6494	no-more-funn.moensted.dk (union of all results)
4707	cn-kr.blackholes.us (union of all results)
4516	sbl.csma.biz
4453	psbl.surriel.com
4013	dnsbl.njabl.org (union of all results)
3536	ipwhois.rfc-ignorant.org
3391	bl.spamcop.net
3314	l2.spews.dnsbl.sorbs.net
3039	dnsbl.ahbl.org (union of all results)
3034	wpbl.dnsbl.net.au
2940	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
2846	spews.dnsbl.net.au
2842	l1.spews.dnsbl.sorbs.net
2493	rmst.dnsbl.net.au
2378	cn-kr.blackholes.us (result 127.0.0.2 = China)
2378	china.blackholes.us
2348	dnsbl.njabl.org (result 127.0.0.9 = open proxy)
2329	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
2329	korea.blackholes.us
2169	korea.services.net
2141	bl.csma.biz
2064	blacklist.spambag.org
1961	sbl.spamhaus.org
1960	sbl-xbl.spamhaus.org (result 127.0.0.2 = Spamhaus SBL)
1826	pdl.blackholes.us
1807	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
1772	dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
1742	dnsbl.ahbl.org (result 127.0.0.3 = open proxy)
1483	dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
1429	spam.wytnij.to
1395	spamsources.fabel.dk
1280	dnsbl.ahbl.org (result 127.0.0.4 = spam source)
1140	dnsbl.njabl.org (result 127.0.0.3 = dialup)
1049	xbl.spamhaus.org (result 127.0.0.6 = Blitzed Open Proxy Monitor List)
1049	sbl-xbl.spamhaus.org (result 127.0.0.6 = Blitzed Open Proxy Monitor List)
1048	opm.blitzed.org
1046	dnsbl.sorbs.net (result 127.0.0.6 = spam source)
986	comcast.blackholes.us
964	ricn.dnsbl.net.au
831	dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
831	no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
809	sbbl.they.com
722	relays.visi.com
712	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
648	probes.dnsbl.net.au
635	dun.dnsrbl.net
619	ybl.megacity.org
609	unsure.nether.net
578	spamguard.leadmon.net (union of all results)
574	brazil.blackholes.us
571	spamguard.leadmon.net (result 127.0.0.2 = dialup)
536	work.drbl.croco.net
516	level3.blackholes.us
506	cw.blackholes.us
433	taiwan.blackholes.us
428	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
424	rr.blackholes.us
422	japan.blackholes.us
349	rbl.rangers.eu.org (union of all results)
335	dnsbl.njabl.org (result 127.0.0.4 = spam source)
273	blackholes.intersil.net
268	charter.blackholes.us
258	dnsbl.antispam.or.id
255	mexico.blackholes.us
236	russia.blackholes.us
232	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
224	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
206	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
204	turkey.blackholes.us
204	tr.countries.nerd.dk
184	rbl.rangers.eu.org (result 127.0.0.4 = dialup)
183	infolink.blackholes.us
180	wanadoo-fr.blackholes.us
172	relays.ordb.org
167	ohps.dnsbl.net.au
166	qwest.blackholes.us
157	hongkong.blackholes.us
154	osps.dnsbl.net.au
150	3y.spam.mrs.kithrup.com
141	argentina.blackholes.us
141	flowgoaway.com
139	verio.blackholes.us
138	interbusiness.blackholes.us
137	dnsbl.sorbs.net (result 127.0.0.7 = open formmail.cgi)
134	singapore.blackholes.us
116	spamsources.yamta.org (result 127.0.0.2 = spam source)
114	multihop.dsbl.org
102	yipes.blackholes.us
99	malaysia.blackholes.us
97	dialup.blacklist.jippg.org (union of all results)
96	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
90	xo.blackholes.us
84	dnsbl.sorbs.net (result 127.0.0.5 = open relay)
74	rbl.rangers.eu.org (result 127.0.0.3 = spam haven)
69	ph.rbl.cluecentral.net
67	mail-abuse.blacklist.jippg.org
62	bellsouth.blackholes.us
62	above.blackholes.us
62	relays.nether.net
60	osrs.dnsbl.net.au
59	internap.blackholes.us
59	he.blackholes.us
56	rbl.rangers.eu.org (result 127.0.0.2 = spam source)
55	hil.habeas.com
52	telstra.blackholes.us
45	dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
41	thailand.blackholes.us
41	inflow.blackholes.us
41	rdts.dnsbl.net.au
37	swbell.blackholes.us
35	cybercon.blackholes.us
35	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
33	covad.blackholes.us
31	nigeria.blackholes.us
30	rogers.blackholes.us
26	blackholes.uceb.org (union of all results)
21	exemptions.ahbl.org (not a blacklist!)
19	rackspace.blackholes.us
18	eli.blackholes.us
18	dnsbl.ahbl.org (result 127.0.0.15 = open relay)
17	blackholes.uceb.org (result 127.0.0.2 = open relay)
16	rbl.rangers.eu.org (result 127.0.0.10 = virus notices)
16	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
16	blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
16	query.bondedsender.org (not a blacklist!)
15	rbl.rangers.eu.org (result 127.0.0.1 = misc)
14	affinity.blackholes.us
12	olm.blackholes.us
12	broadwing.blackholes.us
12	satos.rbl.cluecentral.net
10	a2000.blackholes.us
10	bl.deadbeef.com
10	dnsbl.ahbl.org (result 127.0.0.7 = spam haven)
9	blackholes.brainerd.net
9	dnsbl.ahbl.org (result 127.0.0.11 = no postmaster or abuse e-mail)
8	blackholes.uceb.org (result 127.0.0.3 = spam source)
7	blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
6	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
5	burst.blackholes.us
5	relays.bl.kundenserver.de
4	pajo.blackholes.us
4	navisite.blackholes.us
4	epoch.blackholes.us
4	owps.dnsbl.net.au
4	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
3	maxim.blackholes.us
3	rbl.rangers.eu.org (result 127.0.0.5 = relay output)
3	omrs.dnsbl.net.au
2	ciberlynx.blackholes.us
2	dev.null.dk
2	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
2	spam.dnsrbl.net
2	dnsbl.ahbl.org (result 127.0.0.14 = denial-of-service attacker)
1	blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
1	rbl.rangers.eu.org (result 127.0.0.9 = worm source)
1	spamsites.dnsbl.net.au
1	dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
1	spamguard.leadmon.net (result 127.0.0.3 = spam source)
1	dialup.blacklist.jippg.org (result 127.0.0.4 = dialup in Japan)
1	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)

Hits	DNS Zone
22104	(total number of domains tested, including 263 at SDSC)
7096	(union of all domain zones)
3166	whois.rfc-ignorant.org (union of all results)
2729	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2273	abuse.rfc-ignorant.org
1361	bulk.rhs.mailpolice.com
968	postmaster.rfc-ignorant.org
940	rhsbl.ahbl.org
611	dsn.rfc-ignorant.org
527	blackhole.securitysage.com
437	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
281	bogusmx.rfc-ignorant.org
173	bl.deadbeef.com
60	porn.rhs.mailpolice.com
55	ex.dnsbl.org (union of all results)
54	rddn.dnsbl.net.au (zone not intended for this use)
52	ex.dnsbl.org (result 127.0.0.2 = spamsites)
38	rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
38	rhsbl.sorbs.net (union of all results)
3	ex.dnsbl.org (result 127.0.0.3 = spam source)
2	rhsbl.sorbs.net (result 127.0.0.12 = domain does not send mail)
2	cart00ney.surriel.com