Blacklists Compared, 15-Jan-05

Blacklists Compared

15 January 2005

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the exemptions.ahbl.org and query.bondedsender.org zones because they are not blacklists, and because it is too aggressive to be widely useful the block.blars.org zone is also excluded.

The blackholes.intersil.net zone "lists entrenched spammers, mainsleaze and mainsleaze wannabes who have pestered users at Intersil." The flowgoaway.com zone lists FloNetwork systems.

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

36039 (total number of IP addresses whose names were tested, including 422 at SDSC)
13096 (union of all domain zones)
9753 abuse.rfc-ignorant.org
6992 rddn.dnsbl.net.au
3391 whois.rfc-ignorant.org (union of all results)
2803 dynamic.rhs.mailpolice.com
2376 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
1432 webmail.rhs.mailpolice.com
1017 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
409 bulk.rhs.mailpolice.com
408 rhsbl.ahbl.org
329 adv.rhs.mailpolice.com
239 bl.deadbeef.com
22 postmaster.rfc-ignorant.org
17 dsn.rfc-ignorant.org (zone not intended for this use)
6 fraud.rhs.mailpolice.com
5 porn.rhs.mailpolice.com
2 cart00ney.surriel.com
1 blackhole.securitysage.com

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

26690 (total number of domains tested, including 305 at SDSC)
7758 (union of all domain zones)
3266 whois.rfc-ignorant.org (union of all results)
2797 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2382 abuse.rfc-ignorant.org
1241 postmaster.rfc-ignorant.org
970 webmail.rhs.mailpolice.com
938 dsn.rfc-ignorant.org
701 rhsbl.ahbl.org
668 bulk.rhs.mailpolice.com
469 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
373 bogusmx.rfc-ignorant.org
255 bl.deadbeef.com
221 blackhole.securitysage.com
206 adv.rhs.mailpolice.com
73 rddn.dnsbl.net.au (zone not intended for this use)
65 rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
65 rhsbl.sorbs.net (union of all results)
60 porn.rhs.mailpolice.com
43 dynamic.rhs.mailpolice.com
17 ex.dnsbl.org
3 cart00ney.surriel.com
1 fraud.rhs.mailpolice.com

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 28 January 2005.

Hits	DNS Zone
36039	(total number of IP addresses tested, including 422 at SDSC)
31169	(union of most IP zones)
25876	t1.dnsbl.net.au
22700	blackholes.five-ten-sg.com (union of all results)
21872	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
18037	dnsbl.sorbs.net (union of all results)
14525	sbl-xbl.spamhaus.org (union of all results)
13814	cn-kr.blackholes.us (union of all results)
13553	no-more-funn.moensted.dk (union of all results)
13427	xbl.spamhaus.org (union of all results)
12669	cbl.abuseat.org
12621	xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
12617	sbl-xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
12445	dnsbl.sorbs.net (result 127.0.0.10 = dialup)
11061	cn-kr.blackholes.us (result 127.0.0.3 = Korea)
11061	korea.blackholes.us
11053	korea.services.net
10566	dynablock.njabl.org
10227	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
10084	unconfirmed.dsbl.org
9965	list.dsbl.org
9951	dsbl.dnsbl.net.au
8321	combined-hib.dnsiplists.completewhois.com (union of all results)
8304	combined-hib.dnsiplists.completewhois.com (result 127.0.0.4 = bad whois data)
8226	rmst.dnsbl.net.au
7376	sbl.csma.biz
4907	psbl.surriel.com
4863	bl.csma.biz
3970	dnsbl.njabl.org (union of all results)
3862	bl.spamcop.net
3828	blacklist.spambag.org
3505	dnsbl.sorbs.net (result 127.0.0.7 = open formmail.cgi)
3369	wpbl.dnsbl.net.au
2862	dnsbl.njabl.org (result 127.0.0.9 = open proxy)
2753	cn-kr.blackholes.us (result 127.0.0.2 = China)
2753	china.blackholes.us
2678	dnsbl.ahbl.org (union of all results)
2621	spamsources.fabel.dk
2607	ricn.dnsbl.net.au
2390	l2.spews.dnsbl.sorbs.net
2384	opm.blitzed.org
2367	xbl.spamhaus.org (result 127.0.0.6 = Blitzed Open Proxy Monitor List)
2366	sbl-xbl.spamhaus.org (result 127.0.0.6 = Blitzed Open Proxy Monitor List)
2130	spews.dnsbl.net.au
2118	dnsbl.sorbs.net (result 127.0.0.6 = spam source)
2022	l1.spews.dnsbl.sorbs.net
1949	pdl.blackholes.us
1897	block.blars.org
1875	dnsbl.ahbl.org (result 127.0.0.3 = open proxy)
1676	spam.wytnij.to
1557	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
1448	dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
1402	dnsbl.regedit64.net
1270	sbl.spamhaus.org
1250	sbl-xbl.spamhaus.org (result 127.0.0.2 = Spamhaus SBL)
1176	dnsbl.rangers.eu.org (union of all results)
1169	unsure.nether.net
1125	dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
1083	probes.dnsbl.net.au
1020	bl.spamcannibal.org
974	no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
960	dnsbl.rangers.eu.org (result 127.0.0.2 = dialup)
890	dnsbl.antispam.or.id
863	dnsbl.njabl.org (result 127.0.0.3 = dialup)
772	work.drbl.croco.net
760	dnsbl.ahbl.org (result 127.0.0.4 = spam source)
729	brazil.blackholes.us
586	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
543	ybl.megacity.org
535	level3.blackholes.us
489	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
471	japan.blackholes.us
441	taiwan.blackholes.us
378	comcast.blackholes.us
342	rr.blackholes.us
284	cw.blackholes.us
267	charter.blackholes.us
256	interbusiness.blackholes.us
230	mexico.blackholes.us
227	russia.blackholes.us
225	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
225	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
201	blackholes.intersil.net
200	argentina.blackholes.us
196	mail-abuse.blacklist.jippg.org
177	qwest.blackholes.us
161	turkey.blackholes.us
157	hongkong.blackholes.us
156	dnsbl.njabl.org (result 127.0.0.4 = spam source)
154	wanadoo-fr.blackholes.us
148	ohps.dnsbl.net.au
141	tr.countries.nerd.dk
134	query.bondedsender.org (not a blacklist!)
127	malaysia.blackholes.us
123	xo.blackholes.us
122	verio.blackholes.us
122	dnsbl.rangers.eu.org (result 127.0.0.16 = spam haven)
108	dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
108	dialup.blacklist.jippg.org (union of all results)
105	dialup.blacklist.jippg.org (result 127.0.0.3 = dialup outside Japan)
102	multihop.dsbl.org
99	dnsbl.njabl.org (result 127.0.0.2 = source or relay)
95	relays.ordb.org
88	internap.blackholes.us
88	flowgoaway.com
86	singapore.blackholes.us
74	above.blackholes.us
74	dnsbl.rangers.eu.org (result 127.0.0.8 = spam source)
73	cybercon.blackholes.us
66	bellsouth.blackholes.us
65	thailand.blackholes.us
63	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
59	nigeria.blackholes.us
52	osps.dnsbl.net.au
47	rogers.blackholes.us
44	inflow.blackholes.us
42	dnsbl.ahbl.org (result 127.0.0.19 = open proxy test zone)
40	telstra.blackholes.us
39	ph.rbl.cluecentral.net
37	he.blackholes.us
36	covad.blackholes.us
35	relays.nether.net
30	dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
29	osrs.dnsbl.net.au
29	blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
28	a2000.blackholes.us
27	blackholes.uceb.org (union of all results)
26	eli.blackholes.us
25	rdts.dnsbl.net.au
23	dnsbl.ahbl.org (result 127.0.0.7 = spam haven)
19	dnsbl.rangers.eu.org (result 127.0.0.4 = virus notices)
18	blackholes.uceb.org (result 127.0.0.3 = spam source)
17	combined-hib.dnsiplists.completewhois.com (result 127.0.0.2 = unallocated IP address)
16	yipes.blackholes.us
16	dnsbl.sorbs.net (result 127.0.0.5 = open relay)
16	blackholes.brainerd.net
16	exemptions.ahbl.org (not a blacklist!)
15	swbell.blackholes.us
13	rackspace.blackholes.us
13	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
13	satos.rbl.cluecentral.net
12	dnsbl.ahbl.org (result 127.0.0.15 = open relay)
11	broadwing.blackholes.us
10	infolink.blackholes.us
10	affinity.blackholes.us
10	hil.habeas.com
9	blackholes.uceb.org (result 127.0.0.2 = open relay)
9	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
9	spamguard.leadmon.net (union of all results)
8	navisite.blackholes.us
8	maxim.blackholes.us
7	epoch.blackholes.us
7	bl.deadbeef.com
6	olm.blackholes.us
6	relaywatcher.n13mbl.com
5	blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
4	pajo.blackholes.us
4	burst.blackholes.us
4	omrs.dnsbl.net.au
3	dialup.blacklist.jippg.org (result 127.0.0.4 = dialup in Japan)
3	no-more-funn.moensted.dk (result 127.0.0.11 = repeated probes)
2	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
1	ciberlynx.blackholes.us
1	dnsbl.rangers.eu.org (result 127.0.0.32 = worm source)
1	owps.dnsbl.net.au
1	spamsites.dnsbl.net.au
1	dev.null.dk
1	dnsbl.njabl.org (result 127.0.0.8 = open formmail.cgi)
1	relays.bl.kundenserver.de
1	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
1	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
1	blackholes.five-ten-sg.com (result 127.0.0.11 = TCPA violator)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)
1	dnsbl.ahbl.org (result 127.0.0.14 = denial-of-service attacker)

Hits	DNS Zone
26690	(total number of domains tested, including 305 at SDSC)
7758	(union of all domain zones)
3266	whois.rfc-ignorant.org (union of all results)
2797	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
2382	abuse.rfc-ignorant.org
1241	postmaster.rfc-ignorant.org
970	webmail.rhs.mailpolice.com
938	dsn.rfc-ignorant.org
701	rhsbl.ahbl.org
668	bulk.rhs.mailpolice.com
469	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
373	bogusmx.rfc-ignorant.org
255	bl.deadbeef.com
221	blackhole.securitysage.com
206	adv.rhs.mailpolice.com
73	rddn.dnsbl.net.au (zone not intended for this use)
65	rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
65	rhsbl.sorbs.net (union of all results)
60	porn.rhs.mailpolice.com
43	dynamic.rhs.mailpolice.com
17	ex.dnsbl.org
3	cart00ney.surriel.com
1	fraud.rhs.mailpolice.com