Blacklists Compared, 20-Nov-04

Blacklists Compared

20 November 2004

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the exemptions.ahbl.org and query.bondedsender.org zones because they are not blacklists.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

33560 (total number of IP addresses whose names were tested, including 469 at SDSC)
14191 (union of all domain zones)
10272 abuse.rfc-ignorant.org
7339 rddn.dnsbl.net.au
5333 dynamic.rhs.mailpolice.com
4259 whois.rfc-ignorant.org (union of all results)
3295 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
1541 webmail.rhs.mailpolice.com
964 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
562 rhsbl.ahbl.org
539 bulk.rhs.mailpolice.com
443 adv.rhs.mailpolice.com
316 bl.deadbeef.com
16 postmaster.rfc-ignorant.org
14 dsn.rfc-ignorant.org (zone not intended for this use)
7 porn.rhs.mailpolice.com
2 blackhole.securitysage.com
1 bogusmx.rfc-ignorant.org

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

28364 (total number of domains tested, including 345 at SDSC)
8665 (union of all domain zones)
3449 whois.rfc-ignorant.org (union of all results)
2980 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2509 abuse.rfc-ignorant.org
1161 postmaster.rfc-ignorant.org
1160 bulk.rhs.mailpolice.com
1122 webmail.rhs.mailpolice.com
1091 rhsbl.ahbl.org
966 dsn.rfc-ignorant.org
469 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
352 blackhole.securitysage.com
337 bogusmx.rfc-ignorant.org
256 bl.deadbeef.com
226 adv.rhs.mailpolice.com
76 rddn.dnsbl.net.au (zone not intended for this use)
73 porn.rhs.mailpolice.com
54 rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
54 rhsbl.sorbs.net (union of all results)
35 dynamic.rhs.mailpolice.com
19 ex.dnsbl.org
1 cart00ney.surriel.com

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 2 December 2004.

Hits	DNS Zone
33560	(total number of IP addresses tested, including 469 at SDSC)
28038	(union of most IP zones)
22256	t1.dnsbl.net.au
19133	blackholes.five-ten-sg.com (union of all results)
18282	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
15872	dnsbl.sorbs.net (union of all results)
14161	sbl-xbl.spamhaus.org (union of all results)
12796	xbl.spamhaus.org (union of all results)
12739	cbl.abuseat.org
12716	sbl-xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
12715	xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
10514	dnsbl.sorbs.net (result 127.0.0.10 = dialup)
9545	no-more-funn.moensted.dk (union of all results)
9541	unconfirmed.dsbl.org
9430	list.dsbl.org
9339	dynablock.njabl.org
9312	dsbl.dnsbl.net.au
9112	cn-kr.blackholes.us (union of all results)
6674	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
6674	korea.blackholes.us
6668	korea.services.net
6425	sbl.csma.biz
6150	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
5996	rmst.dnsbl.net.au
5697	combined-hib.dnsiplists.completewhois.com (union of all results)
5684	combined-hib.dnsiplists.completewhois.com (result 127.0.0.4 = bad whois data)
4906	psbl.surriel.com
4071	dnsbl.njabl.org (union of all results)
3942	bl.csma.biz
3905	blacklist.spambag.org
3488	bl.spamcop.net
3377	dnsbl.sorbs.net (result 127.0.0.7 = open formmail.cgi)
3016	wpbl.dnsbl.net.au
2905	l2.spews.dnsbl.sorbs.net
2730	dnsbl.njabl.org (result 127.0.0.9 = open proxy)
2478	spews.dnsbl.net.au
2438	cn-kr.blackholes.us (result 127.0.0.2 = China)
2438	china.blackholes.us
2424	l1.spews.dnsbl.sorbs.net
2252	ricn.dnsbl.net.au
2252	spamsources.fabel.dk
2201	dnsbl.ahbl.org (union of all results)
1952	dnsbl.sorbs.net (result 127.0.0.6 = spam source)
1875	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
1730	pdl.blackholes.us
1612	sbl.spamhaus.org
1596	sbl-xbl.spamhaus.org (result 127.0.0.2 = Spamhaus SBL)
1429	unsure.nether.net
1372	dnsbl.ahbl.org (result 127.0.0.3 = open proxy)
1151	dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
1135	spam.wytnij.to
1098	bl.spamcannibal.org
1052	dnsbl.rangers.eu.org (union of all results)
1042	work.drbl.croco.net
1039	dnsbl.njabl.org (result 127.0.0.3 = dialup)
1029	dnsbl.antispam.or.id
945	brazil.blackholes.us
877	dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
809	dnsbl.rangers.eu.org (result 127.0.0.2 = dialup)
771	dnsbl.ahbl.org (result 127.0.0.4 = spam source)
744	no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
730	sbl-xbl.spamhaus.org (result 127.0.0.6 = Blitzed Open Proxy Monitor List)
729	xbl.spamhaus.org (result 127.0.0.6 = Blitzed Open Proxy Monitor List)
725	opm.blitzed.org
703	probes.dnsbl.net.au
652	level3.blackholes.us
617	japan.blackholes.us
561	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
536	taiwan.blackholes.us
522	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
493	comcast.blackholes.us
486	ybl.megacity.org
346	mexico.blackholes.us
334	charter.blackholes.us
330	rr.blackholes.us
305	cw.blackholes.us
236	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
231	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
230	russia.blackholes.us
227	blackholes.intersil.net
221	qwest.blackholes.us
217	hongkong.blackholes.us
198	argentina.blackholes.us
187	interbusiness.blackholes.us
167	wanadoo-fr.blackholes.us
166	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
151	dnsbl.njabl.org (result 127.0.0.4 = spam source)
145	dnsbl.rangers.eu.org (result 127.0.0.16 = spam haven)
143	query.bondedsender.org (not a blacklist!)
126	flowgoaway.com
125	verio.blackholes.us
115	xo.blackholes.us
113	above.blackholes.us
113	tr.countries.nerd.dk
112	dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
111	singapore.blackholes.us
100	turkey.blackholes.us
100	osps.dnsbl.net.au
97	ohps.dnsbl.net.au
92	multihop.dsbl.org
86	relays.ordb.org
85	internap.blackholes.us
80	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
80	spamguard.leadmon.net (union of all results)
76	dnsbl.rangers.eu.org (result 127.0.0.8 = spam source)
75	relaywatcher.n13mbl.com
73	yipes.blackholes.us
73	dialup.blacklist.jippg.org (union of all results)
71	malaysia.blackholes.us
71	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
69	cybercon.blackholes.us
55	dnsbl.ahbl.org (result 127.0.0.19 = open proxy test zone)
53	thailand.blackholes.us
51	dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
49	bellsouth.blackholes.us
48	osrs.dnsbl.net.au
47	he.blackholes.us
47	ph.rbl.cluecentral.net
46	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
42	inflow.blackholes.us
41	relays.nether.net
40	mail-abuse.blacklist.jippg.org
38	nigeria.blackholes.us
33	telstra.blackholes.us
33	blackholes.brainerd.net
32	covad.blackholes.us
31	rdts.dnsbl.net.au
30	blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
27	eli.blackholes.us
27	blackholes.uceb.org (union of all results)
23	rogers.blackholes.us
21	infolink.blackholes.us
21	dnsbl.rangers.eu.org (result 127.0.0.4 = virus notices)
20	swbell.blackholes.us
19	a2000.blackholes.us
18	dnsbl.sorbs.net (result 127.0.0.5 = open relay)
18	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
17	rackspace.blackholes.us
17	blackholes.uceb.org (result 127.0.0.3 = spam source)
17	exemptions.ahbl.org (not a blacklist!)
16	epoch.blackholes.us
16	broadwing.blackholes.us
14	dnsbl.ahbl.org (result 127.0.0.7 = spam haven)
13	combined-hib.dnsiplists.completewhois.com (result 127.0.0.2 = unallocated IP address)
11	navisite.blackholes.us
11	maxim.blackholes.us
10	hil.habeas.com
10	satos.rbl.cluecentral.net
10	dnsbl.ahbl.org (result 127.0.0.15 = open relay)
9	affinity.blackholes.us
8	burst.blackholes.us
5	olm.blackholes.us
5	blackholes.uceb.org (result 127.0.0.2 = open relay)
4	pajo.blackholes.us
4	blackholes.uceb.org (result 127.0.0.6 = spam haven)
4	owps.dnsbl.net.au
4	bl.deadbeef.com
3	dnsbl.ahbl.org (result 127.0.0.14 = denial-of-service attacker)
2	ciberlynx.blackholes.us
2	dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
2	relays.bl.kundenserver.de
2	dialup.blacklist.jippg.org (result 127.0.0.4 = dialup in Japan)
2	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
1	valuenet.blackholes.us
1	blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
1	dnsbl.rangers.eu.org (result 127.0.0.32 = worm source)
1	omrs.dnsbl.net.au
1	dev.null.dk
1	no-more-funn.moensted.dk (result 127.0.0.8 = open web form)
1	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
1	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)
1	blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
1	dnsbl.ahbl.org (result 127.0.0.10 = shoot on sight spammer)

Hits	DNS Zone
28364	(total number of domains tested, including 345 at SDSC)
8665	(union of all domain zones)
3449	whois.rfc-ignorant.org (union of all results)
2980	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2509	abuse.rfc-ignorant.org
1161	postmaster.rfc-ignorant.org
1160	bulk.rhs.mailpolice.com
1122	webmail.rhs.mailpolice.com
1091	rhsbl.ahbl.org
966	dsn.rfc-ignorant.org
469	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
352	blackhole.securitysage.com
337	bogusmx.rfc-ignorant.org
256	bl.deadbeef.com
226	adv.rhs.mailpolice.com
76	rddn.dnsbl.net.au (zone not intended for this use)
73	porn.rhs.mailpolice.com
54	rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
54	rhsbl.sorbs.net (union of all results)
35	dynamic.rhs.mailpolice.com
19	ex.dnsbl.org
1	cart00ney.surriel.com