The Composite Blocking List (CBL) is a very effective DNSBL that blocks email from exploited computers. The CBL takes its source data from very large spam traps and mail infrastructures, and only lists IP addresses that exhibit characteristics, which are specific to open proxies, viruses, stealth spamware applications loaded on a computer without the user’s knowledge, etc.

The CBL operates in an entirely automated way designed to avoid listings of spam trap hits due to bounces of forged spam, virus bounces, and “real” mail servers emitting the occasional spam (unless the server itself appears to be infected). It tries very hard to avoid listing legitimate mail sources. It does not attempt to list every possible spam source.

The CBL also lists certain portions of SpamBot infrastructure, such as virus infector download web sites and other web sites or name servers exclusively dedicated to the use of SpamBots. Considerable care is taken to avoid listing IP addresses that have, are or are likely to be shared with legitimate use, except in the case of infector download websites.

There is no supporting data or “evidence” record available for any given listing, and no mechanism to ask why any given listing took place. To counteract this, there is an automated no-questions-asked removals procedure allowing any affected party to delist a specific IP address rapidly. However, delisted IPs are relisted if new evidence of spam activity is subsequently detected.

Entries automatically expire after a period of time. The approximate detection time of a specific entry can be obtained from the web interface.



DNS look-up: