Blacklists Compared, 19-Jun-04

Blacklists Compared

19 June 2004

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the exemptions.ahbl.org and query.bondedsender.org zones because they are not blacklists, and because it is too aggressive to be widely useful the block.blars.org zone is also excluded.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

26393 (total number of IP addresses whose names were tested, including 394 at SDSC)
11945 (union of all domain zones)
8694 abuse.rfc-ignorant.org
6686 rddn.dnsbl.net.au
3620 whois.rfc-ignorant.org (union of all results)
2426 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
1194 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
881 bulk.rhs.mailpolice.com
519 rhsbl.ahbl.org
244 bl.deadbeef.com
207 blackhole.securitysage.com
29 porn.rhs.mailpolice.com
19 postmaster.rfc-ignorant.org
16 dsn.rfc-ignorant.org (zone not intended for this use)
3 bogusmx.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

21592 (total number of domains tested, including 279 at SDSC)
6587 (union of all domain zones)
2813 whois.rfc-ignorant.org (union of all results)
2373 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2276 abuse.rfc-ignorant.org
1218 bulk.rhs.mailpolice.com
931 postmaster.rfc-ignorant.org
820 rhsbl.ahbl.org
643 dsn.rfc-ignorant.org
440 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
406 blackhole.securitysage.com
289 bogusmx.rfc-ignorant.org
158 bl.deadbeef.com
64 porn.rhs.mailpolice.com
52 ex.dnsbl.org (union of all results)
45 ex.dnsbl.org (result 127.0.0.2 = spamsites)
44 rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
44 rhsbl.sorbs.net (union of all results)
32 rddn.dnsbl.net.au (zone not intended for this use)
7 ex.dnsbl.org (result 127.0.0.3 = spam source)
1 rhsbl.sorbs.net (result 127.0.0.12 = domain does not send mail)
1 cart00ney.surriel.com

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 5 July 2004.

Hits	DNS Zone
26393	(total number of IP addresses tested, including 394 at SDSC)
20808	(union of most IP zones)
15115	t1.dnsbl.net.au
14156	block.blars.org
12610	blackholes.five-ten-sg.com (union of all results)
11873	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
11284	sbl-xbl.spamhaus.org (union of all results)
10532	dnsbl.sorbs.net (union of all results)
9886	xbl.spamhaus.org (union of all results)
9877	cbl.abuseat.org
9871	sbl-xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
9870	xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
7570	dynablock.njabl.org
7168	dnsbl.sorbs.net (result 127.0.0.10 = dialup)
6849	unconfirmed.dsbl.org
6726	list.dsbl.org
6725	dsbl.dnsbl.net.au
6438	no-more-funn.moensted.dk (union of all results)
4789	cn-kr.blackholes.us (union of all results)
4051	sbl.csma.biz
3575	ipwhois.rfc-ignorant.org
3528	dnsbl.njabl.org (union of all results)
3067	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
2891	l2.spews.dnsbl.sorbs.net
2846	bl.spamcop.net
2643	dnsbl.ahbl.org (union of all results)
2520	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
2520	korea.blackholes.us
2509	l1.spews.dnsbl.sorbs.net
2508	wpbl.dnsbl.net.au
2493	spews.dnsbl.net.au
2471	rmst.dnsbl.net.au
2426	psbl.surriel.com
2351	korea.services.net
2269	cn-kr.blackholes.us (result 127.0.0.2 = China)
2269	china.blackholes.us
1978	blacklist.spambag.org
1874	dnsbl.njabl.org (result 127.0.0.9 = open proxy)
1799	pdl.blackholes.us
1755	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
1578	bl.csma.biz
1535	sbl-xbl.spamhaus.org (result 127.0.0.2 = Spamhaus SBL)
1535	sbl.spamhaus.org
1440	dnsbl.ahbl.org (result 127.0.0.3 = open proxy)
1418	dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
1377	spamsources.fabel.dk
1187	dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
1168	spam.wytnij.to
1156	dnsbl.njabl.org (result 127.0.0.3 = dialup)
1086	dnsbl.ahbl.org (result 127.0.0.4 = spam source)
948	dnsbl.sorbs.net (result 127.0.0.6 = spam source)
941	ricn.dnsbl.net.au
817	comcast.blackholes.us
733	no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
728	opm.blitzed.org
726	xbl.spamhaus.org (result 127.0.0.6 = Blitzed Open Proxy Monitor List)
726	sbl-xbl.spamhaus.org (result 127.0.0.6 = Blitzed Open Proxy Monitor List)
692	dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
675	work.drbl.croco.net
661	brazil.blackholes.us
644	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
607	spamguard.leadmon.net (union of all results)
602	sbbl.they.com
593	dun.dnsrbl.net
587	probes.dnsbl.net.au
563	spamguard.leadmon.net (result 127.0.0.2 = dialup)
558	unsure.nether.net
538	level3.blackholes.us
519	cw.blackholes.us
512	japan.blackholes.us
456	taiwan.blackholes.us
441	relays.visi.com
414	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
361	rr.blackholes.us
320	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
299	blackholes.intersil.net
292	ybl.megacity.org
280	relays.ordb.org
271	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
259	dnsbl.antispam.or.id
235	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
221	charter.blackholes.us
221	rbl.rangers.eu.org (union of all results)
210	russia.blackholes.us
206	qwest.blackholes.us
201	mexico.blackholes.us
196	turkey.blackholes.us
196	tr.countries.nerd.dk
186	dnsbl.njabl.org (result 127.0.0.4 = spam source)
177	wanadoo-fr.blackholes.us
168	infolink.blackholes.us
163	hongkong.blackholes.us
146	verio.blackholes.us
144	rbl.rangers.eu.org (result 127.0.0.4 = dialup)
143	3y.spam.mrs.kithrup.com
141	interbusiness.blackholes.us
133	flowgoaway.com
132	argentina.blackholes.us
128	spamsources.yamta.org (result 127.0.0.2 = spam source)
126	dnsbl.ahbl.org (result 127.0.0.19 = open proxy test zone)
120	osps.dnsbl.net.au
116	singapore.blackholes.us
116	ohps.dnsbl.net.au
111	dnsbl.sorbs.net (result 127.0.0.7 = open formmail.cgi)
109	multihop.dsbl.org
100	osrs.dnsbl.net.au
98	dnsbl.sorbs.net (result 127.0.0.5 = open relay)
96	dialup.blacklist.jippg.org (union of all results)
95	xo.blackholes.us
94	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
85	malaysia.blackholes.us
75	relays.nether.net
72	internap.blackholes.us
67	he.blackholes.us
64	thailand.blackholes.us
61	mail-abuse.blacklist.jippg.org
59	bellsouth.blackholes.us
49	hil.habeas.com
48	inflow.blackholes.us
46	above.blackholes.us
45	ph.rbl.cluecentral.net
44	telstra.blackholes.us
44	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
38	rbl.rangers.eu.org (result 127.0.0.2 = spam source)
37	cybercon.blackholes.us
37	covad.blackholes.us
36	dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
36	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
36	blackholes.brainerd.net
31	broadwing.blackholes.us
30	swbell.blackholes.us
30	rogers.blackholes.us
29	blackholes.uceb.org (union of all results)
28	yipes.blackholes.us
28	rdts.dnsbl.net.au
23	rackspace.blackholes.us
23	nigeria.blackholes.us
23	eli.blackholes.us
23	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
22	a2000.blackholes.us
20	blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
19	query.bondedsender.org (not a blacklist!)
18	rbl.rangers.eu.org (result 127.0.0.1 = misc)
16	rbl.rangers.eu.org (result 127.0.0.10 = virus notices)
16	exemptions.ahbl.org (not a blacklist!)
14	blackholes.uceb.org (result 127.0.0.2 = open relay)
14	satos.rbl.cluecentral.net
13	blackholes.uceb.org (result 127.0.0.3 = spam source)
12	affinity.blackholes.us
12	dnsbl.ahbl.org (result 127.0.0.7 = spam haven)
10	olm.blackholes.us
8	pajo.blackholes.us
8	bl.deadbeef.com
7	navisite.blackholes.us
7	epoch.blackholes.us
7	blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
6	dnsbl.ahbl.org (result 127.0.0.11 = no postmaster or abuse e-mail)
5	maxim.blackholes.us
5	spam.dnsrbl.net
5	dnsbl.ahbl.org (result 127.0.0.15 = open relay)
4	burst.blackholes.us
4	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
3	owps.dnsbl.net.au
3	dnsbl.ahbl.org (result 127.0.0.14 = denial-of-service attacker)
2	ciberlynx.blackholes.us
2	rbl.rangers.eu.org (result 127.0.0.5 = relay output)
2	rbl.rangers.eu.org (result 127.0.0.3 = spam haven)
2	omrs.dnsbl.net.au
2	relays.bl.kundenserver.de
2	dialup.blacklist.jippg.org (result 127.0.0.4 = dialup in Japan)
1	blackholes.uceb.org (result 127.0.0.4 = spam source network)
1	blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
1	rbl.rangers.eu.org (result 127.0.0.9 = worm source)
1	spamsites.dnsbl.net.au
1	dev.null.dk
1	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
1	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)
1	dnsbl.ahbl.org (result 127.0.0.18 = virus source)
1	dnsbl.ahbl.org (result 127.0.0.10 = shoot on sight spammer)

Hits	DNS Zone
21592	(total number of domains tested, including 279 at SDSC)
6587	(union of all domain zones)
2813	whois.rfc-ignorant.org (union of all results)
2373	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2276	abuse.rfc-ignorant.org
1218	bulk.rhs.mailpolice.com
931	postmaster.rfc-ignorant.org
820	rhsbl.ahbl.org
643	dsn.rfc-ignorant.org
440	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
406	blackhole.securitysage.com
289	bogusmx.rfc-ignorant.org
158	bl.deadbeef.com
64	porn.rhs.mailpolice.com
52	ex.dnsbl.org (union of all results)
45	ex.dnsbl.org (result 127.0.0.2 = spamsites)
44	rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
44	rhsbl.sorbs.net (union of all results)
32	rddn.dnsbl.net.au (zone not intended for this use)
7	ex.dnsbl.org (result 127.0.0.3 = spam source)
1	rhsbl.sorbs.net (result 127.0.0.12 = domain does not send mail)
1	cart00ney.surriel.com