| || |
Recalculate the rankings based on custom criteria:
|Blacklist explicitly specifies open proxies as part of its content. Informational value only.|
|Matching hit ratio for randomly chosen proxies (HTTP CONNECT, SOCKS4 and SOCKS5 only) at time of detection. Higher value is better.|
|Recheck 24h - Live proxy sample set retested 24 hours later. Higher value is better.|
|Recheck 48h - Live proxy sample set retested 48 hours later. Higher value is better.|
|Recheck 96h - Live proxy sample set retested 96 hours later. Higher value is better.|
|False Positives 10d - Sample of 1000 inactive open proxy IPs (HTTP CONNECT, SOCKS4 and SOCKS5 only) tested 10 days after final detection event. Lower value is better.|
|False Positives 30d - Sample of 1000 inactive open proxy IPs (HTTP CONNECT, SOCKS4 and SOCKS5 only) tested 30 days after final detection event. Lower value is better.|
|False Positives 90d - Sample of 1000 inactive open proxy IPs (HTTP CONNECT, SOCKS4 and SOCKS5 only) tested 90 days after final detection event. Lower value is better.|
|A blacklist ranking score dynamically calculated based on selected weight preferences. Formula weighs early detection of proxies as better than delayed detection, and long-term potential false positives as worse than recent. Higher value is better.|
It's not always immediately obvious which blacklists offer a good level of coverage and which do not. Even worse, a previously good blacklist could at any time experience technical issues resulting in degraded data, and the user may not have any way of noticing the decline until long after negative side-effects have started to manifest.
The author firmly believes that open proxies are - due to their elusive ubiquity - an underestimated and underreported factor in fingerprinting unwanted behaviour on the Internet (such as spam, fraud and ACL evasion). This page is an attempt to measure the comparative open proxy compositions of diverse blacklists and to hopefully also encourage more proactive policies as a result.
Blacklists which mainly track unwanted behaviour (e.g. spam) frequently end up listing open proxies (a specific vulnerability which may have enabled the unwanted behaviour) and therefore the efficiency of blacklists could arguably be improved by proactive fingerprinting of open proxy IPs before they have a chance to be abused. Furthermore, given the overall prevalence of open proxies in abuse-tracking datasets a comparatively low hit ratio may signal underperformance of a blacklist's current data collection efforts.
The methodology of testing blacklists against live proxies and (from the scanner's point of view) expired proxies is by no means perfect. The live tests and recheck tests are statements of fact in that they assess whether or not newly detected proxies are part of the blacklist zone dataset or not. The main potential weaknesses with this test is that DNS failures could occur, but the author attempts to mitigate this by querying blacklists redundantly - both through a private local DNS server and a public (Google) DNS server.
The significance of the "false positive" check is more dubious, as the author is merely testing if proxies that are no longer detectable are still listed by a blacklist. Just because a proxy is no longer there does not mean that the IP doesn't have other security issues, and it may still be actively used for abuse. It's also possible that a proxy server has simply firewalled the scanner and thus has the mere subjective appearance of no longer being active. Accordingly, the author is by default attaching less credence to the "false positive" results when calculating comparative scores for the blacklists. However, the "false positive" ratios may also display some interesting trends and differences between blacklists and their IP expiration policies.
The data checks are currently carried out purely in the IPv4 space. With blacklists increasingly starting to support IPv6 queries this will become a separate check category.
I want to help you improve your open proxy coverage! However, I would please ask you to also consider the following: