The Composite Blocking List
The CBL, otherwise known as The Composite Blocking List is a DNS based blacklist similar to the majority of other DNS based blacklists. The CBL does not list URL’s or URI’s, and like other DNSBL’s lists large quantities of IP addresses. Current averages of number of IP addresses in the CBL are approximately 5 million. The CBL can be used as a scoring based blacklist, or as a immediate block blacklist, where the message is dropped early on in the SMTP conversation. Administrators of the CBL recommend that it be used as an immediate block type of blacklist, and are available at all times for support via email. However, they do recommend you first use the tools on their website to try to solve any problems you may have on your own.
The CBL receives its data from large spamtraps. The only IP addresses that are listed are those that have characteristics defined as open proxies. Some such characteristics are open proxies, HTTP Proxies, SOCKS Proxies, WinGate, AnalogX and dedicated custom spambots. Efforts are also taken to include email address harvesting machines, and machines that have been seen performing dictionary attacks. The only IP’s that are listed are those that have actively made a connection to one of the CBL listing machines. The CBL does not actively scan other machines looking for IP addresses to list.
Further, The CBL does not list open relays. It is important to understand the distinction of an open relay, and an open proxy. An open relay is a misconfigured email server that allows anonymous SMTP sending of third part email through a remote system. The CBL makes no effort to list such servers. An open proxy is generally a web server that will allow email sending to piggy back on a script that sends email. The CBL will notice and block such systems.
The CBL primarily exists to list infected and compromised machines. They do not list dynamic IP address space, ranges of IP addresses, known IP addresses owned by spammers, and certainly do not take suggestions for listings. As a result, it is not possible for the data in THE CBL to ever become compromised. Only CBL identified IP addresses that have been seen contacting CBL equipment, and noticed to be infected or compromised are ever listed.