Blacklists Compared, 2-Dec-06

Blacklists Compared

2 December 2006

[ Fighting Spam | Dialup Zones | Blacklists Compared | Current Blacklist Comparison | Sendmail Configuration ]

Survey results for all known public IP-based DNS blacklists. Lookups were done on connecting IP addresses. The "union of most IP zones" line excludes the exemptions.ahbl.org and query.bondedsender.org zones because they are not blacklists, and because it is too aggressive to be widely useful the block.blars.org zone is also excluded.

Hits DNS Zone

169835 (total number of IP addresses tested, including 505 at SDSC)
157087 (union of most IP zones)
128934 t1.dnsbl.net.au
96672 block.blars.org
93462 sbl-xbl.spamhaus.org (union of all results)
93375 zen.spamhaus.org (union of all results)
92893 xbl.spamhaus.org (union of all results)
91849 sbl-xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
91802 xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
91762 zen.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
91475 cbl.abuseat.org
89860 dnsbl.sorbs.net (union of all results)
81863 no-more-funn.moensted.dk (union of all results)
80254 blackholes.five-ten-sg.com (union of all results)
80051 dnsbl.sorbs.net (result 127.0.0.10 = dialup)
78567 blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
70326 dnsbl.tqmcube.com (union of all results)
61850 dnsbl-1.uceprotect.net
59112 psbl.surriel.com
55822 dynablock.njabl.org
55395 no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
51380 dnsbl-2.uceprotect.net
34580 dnsbl.tqmcube.com (result 127.0.0.2 = dialup)
25760 bl.spamcop.net
23794 dnsbl-3.uceprotect.net
19908 no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
17702 ubl.unsubscore.com
16462 cn-kr.blackholes.us (result 127.0.0.2 = China)
16462 cn-kr.blackholes.us (union of all results)
15684 unconfirmed.dsbl.org
15485 list.dsbl.org
15459 dsbl.dnsbl.net.au
14521 dnsbl.tqmcube.com (result 127.0.0.3 = spam source)
13851 bl.csma.biz
12994 dnsbl.tqmcube.com (result 127.0.0.5 = China)
11491 blacklist.spambag.org
10868 china.blackholes.us
9113 korea.services.net
8806 dnsbl.njabl.org (union of all results)
8623 dnsbl.sorbs.net (result 127.0.0.7 = hacked/vulnerable)
8232 dnsbl.tqmcube.com (result 127.0.0.4 = South Korea)
7580 wpbl.dnsbl.net.au
6767 rmst.dnsbl.net.au
6121 korea.blackholes.us
5978 no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
5739 dnsbl.njabl.org (result 127.0.0.9 = open proxy)
5550 mail-abuse.blacklist.jippg.org
5248 unsure.nether.net
4416 tr.countries.nerd.dk
3912 dnsbl.sorbs.net (result 127.0.0.6 = spam source)
3810 spamsources.fabel.dk
3785 dnsbl.ahbl.org (union of all results)
3394 dnsbl.ahbl.org (result 127.0.0.3 = open proxy)
3385 zen.spamhaus.org (result 127.0.0.5 = time-expired NJABL open proxy)
3385 sbl-xbl.spamhaus.org (result 127.0.0.5 = time-expired NJABL open proxy)
3384 xbl.spamhaus.org (result 127.0.0.5 = time-expired NJABL open proxy)
3075 turkey.blackholes.us
2868 brazil.blackholes.us
2846 bl.spamcannibal.org
2779 dnsbl.njabl.org (result 127.0.0.3 = dialup)
2403 spews.dnsbl.net.au
2339 probes.dnsbl.net.au
1790 taiwan.blackholes.us
1717 russia.blackholes.us
1664 japan.blackholes.us
1508 dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
1244 argentina.blackholes.us
1054 malaysia.blackholes.us
958 dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
881 blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
850 thailand.blackholes.us
693 zen.spamhaus.org (result 127.0.0.2 = Spamhaus SBL)
693 sbl-xbl.spamhaus.org (result 127.0.0.2 = Spamhaus SBL)
693 sbl.spamhaus.org
628 ricn.dnsbl.net.au
580 hongkong.blackholes.us
513 blackholes.uceb.org (union of all results)
489 l1.spews.dnsbl.sorbs.net
474 mexico.blackholes.us
446 singapore.blackholes.us
432 no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
418 blackholes.uceb.org (result 127.0.0.6 = spam haven)
411 blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
408 no-more-funn.moensted.dk (result 127.0.0.9 = misc)
386 l2.spews.dnsbl.sorbs.net
364 dnsbl.ahbl.org (result 127.0.0.4 = spam source)
311 blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
272 work.drbl.croco.net
227 sbl.csma.biz
223 blackholes.uceb.org (result 127.0.0.3 = spam source)
151 dnsbl.njabl.org (result 127.0.0.2 = open relay)
144 multihop.dsbl.org
140 dnsbl.njabl.org (result 127.0.0.4 = spam source)
139 query.bondedsender.org (not a blacklist!)
93 dnsbl.antispam.or.id
78 relays.ordb.org
77 flowgoaway.com
76 blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
68 spam.wytnij.to
68 dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
67 relays.nether.net
61 dnsbl.ahbl.org (result 127.0.0.7 = spam haven)
58 blackholes.uceb.org (result 127.0.0.5 = dialup)
32 ohps.dnsbl.net.au
28 dnsbl.ahbl.org (result 127.0.0.15 = open relay)
27 tor.dnsbl.sectoor.de (result 127.0.0.2 = /24 contains a Tor server)
27 tor.dnsbl.sectoor.de (union of all results)
26 exemptions.ahbl.org (not a blacklist!)
25 multi.surbl.org
21 no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
20 osps.dnsbl.net.au
18 spamguard.leadmon.net (union of all results)
17 rdts.dnsbl.net.au
15 spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
14 blackholes.uceb.org (result 127.0.0.2 = open relay)
13 bl.deadbeef.com
11 blackholes.brainerd.net
11 dnsbl.ahbl.org (result 127.0.0.10 = shoot on sight spammer)
7 dnsbl.sorbs.net (result 127.0.0.5 = open relay)
7 osrs.dnsbl.net.au
6 nigeria.blackholes.us
6 dnsbl.ahbl.org (result 127.0.0.19 = open proxy test zone)
3 owps.dnsbl.net.au
3 spamguard.leadmon.net (result 127.0.0.3 = spam source)
3 blackholes.five-ten-sg.com (result 127.0.0.11 = TCPA violator)
2 no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
2 blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
1 blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
1 dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
1 blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
1 blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)
1 blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
1 dnsbl.ahbl.org (result 127.0.0.14 = denial-of-service attacker)

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on the domain names of connecting IP addresses.

Hits DNS Zone

169835 (total number of IP addresses whose names were tested, including 505 at SDSC)
103007 (union of all domain zones)
75541 rddn.dnsbl.net.au
72074 abuse.rfc-ignorant.org
51376 dynamic.rhs.mailpolice.com
46681 whois.rfc-ignorant.org (union of all results)
28870 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
17815 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
4384 webmail.rhs.mailpolice.com
904 postmaster.rfc-ignorant.org
540 adv.rhs.mailpolice.com
289 rhsbl.ahbl.org
221 multi.surbl.org
132 bulk.rhs.mailpolice.com
123 bl.deadbeef.com
105 dsn.rfc-ignorant.org (zone not intended for this use)
100 bogusmx.rfc-ignorant.org
8 porn.rhs.mailpolice.com
1 blackhole.securitysage.com

Survey results for all known public domain-name-based DNS blacklists. Lookups were done on SMTP sender domains.

Hits DNS Zone

108863 (total number of domains tested, including 463 at SDSC)
19326 (union of all domain zones)
9332 whois.rfc-ignorant.org (union of all results)
8496 whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
4722 abuse.rfc-ignorant.org
2408 webmail.rhs.mailpolice.com
2261 multi.surbl.org
1778 postmaster.rfc-ignorant.org
1123 bogusmx.rfc-ignorant.org
1051 dsn.rfc-ignorant.org
1025 rhsbl.ahbl.org
836 whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
458 porn.rhs.mailpolice.com
271 bulk.rhs.mailpolice.com
266 adv.rhs.mailpolice.com
183 blackhole.securitysage.com
70 rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
70 rhsbl.sorbs.net (union of all results)
32 rddn.dnsbl.net.au (zone not intended for this use)
16 ex.dnsbl.org
10 dynamic.rhs.mailpolice.com
1 fraud.rhs.mailpolice.com
1 bl.deadbeef.com
1 cart00ney.surriel.com

This document was last updated by Jeff Makey <jeff@sdsc.edu> on 8 December 2006.

Hits	DNS Zone
169835	(total number of IP addresses tested, including 505 at SDSC)
157087	(union of most IP zones)
128934	t1.dnsbl.net.au
96672	block.blars.org
93462	sbl-xbl.spamhaus.org (union of all results)
93375	zen.spamhaus.org (union of all results)
92893	xbl.spamhaus.org (union of all results)
91849	sbl-xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
91802	xbl.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
91762	zen.spamhaus.org (result 127.0.0.4 = Composite Blocking List)
91475	cbl.abuseat.org
89860	dnsbl.sorbs.net (union of all results)
81863	no-more-funn.moensted.dk (union of all results)
80254	blackholes.five-ten-sg.com (union of all results)
80051	dnsbl.sorbs.net (result 127.0.0.10 = dialup)
78567	blackholes.five-ten-sg.com (result 127.0.0.2 = spam source)
70326	dnsbl.tqmcube.com (union of all results)
61850	dnsbl-1.uceprotect.net
59112	psbl.surriel.com
55822	dynablock.njabl.org
55395	no-more-funn.moensted.dk (result 127.0.0.3 = dialup)
51380	dnsbl-2.uceprotect.net
34580	dnsbl.tqmcube.com (result 127.0.0.2 = dialup)
25760	bl.spamcop.net
23794	dnsbl-3.uceprotect.net
19908	no-more-funn.moensted.dk (result 127.0.0.2 = spam source)
17702	ubl.unsubscore.com
16462	cn-kr.blackholes.us (result 127.0.0.2 = China)
16462	cn-kr.blackholes.us (union of all results)
15684	unconfirmed.dsbl.org
15485	list.dsbl.org
15459	dsbl.dnsbl.net.au
14521	dnsbl.tqmcube.com (result 127.0.0.3 = spam source)
13851	bl.csma.biz
12994	dnsbl.tqmcube.com (result 127.0.0.5 = China)
11491	blacklist.spambag.org
10868	china.blackholes.us
9113	korea.services.net
8806	dnsbl.njabl.org (union of all results)
8623	dnsbl.sorbs.net (result 127.0.0.7 = hacked/vulnerable)
8232	dnsbl.tqmcube.com (result 127.0.0.4 = South Korea)
7580	wpbl.dnsbl.net.au
6767	rmst.dnsbl.net.au
6121	korea.blackholes.us
5978	no-more-funn.moensted.dk (result 127.0.0.10 = open proxy)
5739	dnsbl.njabl.org (result 127.0.0.9 = open proxy)
5550	mail-abuse.blacklist.jippg.org
5248	unsure.nether.net
4416	tr.countries.nerd.dk
3912	dnsbl.sorbs.net (result 127.0.0.6 = spam source)
3810	spamsources.fabel.dk
3785	dnsbl.ahbl.org (union of all results)
3394	dnsbl.ahbl.org (result 127.0.0.3 = open proxy)
3385	zen.spamhaus.org (result 127.0.0.5 = time-expired NJABL open proxy)
3385	sbl-xbl.spamhaus.org (result 127.0.0.5 = time-expired NJABL open proxy)
3384	xbl.spamhaus.org (result 127.0.0.5 = time-expired NJABL open proxy)
3075	turkey.blackholes.us
2868	brazil.blackholes.us
2846	bl.spamcannibal.org
2779	dnsbl.njabl.org (result 127.0.0.3 = dialup)
2403	spews.dnsbl.net.au
2339	probes.dnsbl.net.au
1790	taiwan.blackholes.us
1717	russia.blackholes.us
1664	japan.blackholes.us
1508	dnsbl.sorbs.net (result 127.0.0.2 = open http proxy)
1244	argentina.blackholes.us
1054	malaysia.blackholes.us
958	dnsbl.sorbs.net (result 127.0.0.3 = open socks proxy)
881	blackholes.five-ten-sg.com (result 127.0.0.4 = unconfirmed opt-in)
850	thailand.blackholes.us
693	zen.spamhaus.org (result 127.0.0.2 = Spamhaus SBL)
693	sbl-xbl.spamhaus.org (result 127.0.0.2 = Spamhaus SBL)
693	sbl.spamhaus.org
628	ricn.dnsbl.net.au
580	hongkong.blackholes.us
513	blackholes.uceb.org (union of all results)
489	l1.spews.dnsbl.sorbs.net
474	mexico.blackholes.us
446	singapore.blackholes.us
432	no-more-funn.moensted.dk (result 127.0.0.7 = spam haven)
418	blackholes.uceb.org (result 127.0.0.6 = spam haven)
411	blackholes.five-ten-sg.com (result 127.0.0.7 = spam haven)
408	no-more-funn.moensted.dk (result 127.0.0.9 = misc)
386	l2.spews.dnsbl.sorbs.net
364	dnsbl.ahbl.org (result 127.0.0.4 = spam source)
311	blackholes.five-ten-sg.com (result 127.0.0.9 = misc)
272	work.drbl.croco.net
227	sbl.csma.biz
223	blackholes.uceb.org (result 127.0.0.3 = spam source)
151	dnsbl.njabl.org (result 127.0.0.2 = open relay)
144	multihop.dsbl.org
140	dnsbl.njabl.org (result 127.0.0.4 = spam source)
139	query.bondedsender.org (not a blacklist!)
93	dnsbl.antispam.or.id
78	relays.ordb.org
77	flowgoaway.com
76	blackholes.five-ten-sg.com (result 127.0.0.12 = spam-friendly freemail provider)
68	spam.wytnij.to
68	dnsbl.sorbs.net (result 127.0.0.4 = open proxy)
67	relays.nether.net
61	dnsbl.ahbl.org (result 127.0.0.7 = spam haven)
58	blackholes.uceb.org (result 127.0.0.5 = dialup)
32	ohps.dnsbl.net.au
28	dnsbl.ahbl.org (result 127.0.0.15 = open relay)
27	tor.dnsbl.sectoor.de (result 127.0.0.2 = /24 contains a Tor server)
27	tor.dnsbl.sectoor.de (union of all results)
26	exemptions.ahbl.org (not a blacklist!)
25	multi.surbl.org
21	no-more-funn.moensted.dk (result 127.0.0.5 = relay output)
20	osps.dnsbl.net.au
18	spamguard.leadmon.net (union of all results)
17	rdts.dnsbl.net.au
15	spamguard.leadmon.net (result 127.0.0.7 = spam source netblock)
14	blackholes.uceb.org (result 127.0.0.2 = open relay)
13	bl.deadbeef.com
11	blackholes.brainerd.net
11	dnsbl.ahbl.org (result 127.0.0.10 = shoot on sight spammer)
7	dnsbl.sorbs.net (result 127.0.0.5 = open relay)
7	osrs.dnsbl.net.au
6	nigeria.blackholes.us
6	dnsbl.ahbl.org (result 127.0.0.19 = open proxy test zone)
3	owps.dnsbl.net.au
3	spamguard.leadmon.net (result 127.0.0.3 = spam source)
3	blackholes.five-ten-sg.com (result 127.0.0.11 = TCPA violator)
2	no-more-funn.moensted.dk (result 127.0.0.4 = unconfirmed opt-in)
2	blackholes.five-ten-sg.com (result 127.0.0.10 = virus notices)
1	blackholes.uceb.org (result 127.0.0.8 = spam source with fake sender)
1	dnsbl.sorbs.net (result 127.0.0.9 = zombie network)
1	blackholes.five-ten-sg.com (result 127.0.0.8 = open web form)
1	blackholes.five-ten-sg.com (result 127.0.0.6 = open relay)
1	blackholes.five-ten-sg.com (result 127.0.0.5 = relay output)
1	dnsbl.ahbl.org (result 127.0.0.14 = denial-of-service attacker)

Hits	DNS Zone
108863	(total number of domains tested, including 463 at SDSC)
19326	(union of all domain zones)
9332	whois.rfc-ignorant.org (union of all results)
8496	whois.rfc-ignorant.org (result 127.0.0.7 = no whois data at all)
4722	abuse.rfc-ignorant.org
2408	webmail.rhs.mailpolice.com
2261	multi.surbl.org
1778	postmaster.rfc-ignorant.org
1123	bogusmx.rfc-ignorant.org
1051	dsn.rfc-ignorant.org
1025	rhsbl.ahbl.org
836	whois.rfc-ignorant.org (result 127.0.0.5 = bad whois data)
458	porn.rhs.mailpolice.com
271	bulk.rhs.mailpolice.com
266	adv.rhs.mailpolice.com
183	blackhole.securitysage.com
70	rhsbl.sorbs.net (result 127.0.0.11 = domain uses bad address space)
70	rhsbl.sorbs.net (union of all results)
32	rddn.dnsbl.net.au (zone not intended for this use)
16	ex.dnsbl.org
10	dynamic.rhs.mailpolice.com
1	fraud.rhs.mailpolice.com
1	bl.deadbeef.com
1	cart00ney.surriel.com