Composite Blocking List
The CBL takes its source data from very large spamtraps/mail infrastructures, and only lists IPs exhibiting characteristics such as:
- Open proxies of various sorts (HTTP, socks, AnalogX, wingate etc.)
- Worms/viruses/botnets that do their own direct mail transmission, or are otherwise participating in a botnet.
- Trojan horse or "stealth" spamware.
The CBL attempts to avoid listing real mail servers, but certain misconfigurations of mail servers can make the system appear infected (for example, servers that send HELO with 'localhost' or a similar incorrect domain.)
Entries automatically expire after a period of time.
The CBL does not provide public access to gathered evidence.
CBL data are used in Spamhaus XBL list.