The CBL takes its source data from very large mail server (SMTP) installations. Some of these are pure spamtrap servers, and some are not.
The CBL only lists IPs exhibiting characteristics which are specific to open proxies of various sorts (HTTP, socks, AnalogX, wingate, Bagle call-back proxies etc) and dedicated Spam BOTs (such as Cutwail, Rustock, Lethic etc) which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or "stealth" spamware, dictionary mail harvesters etc.
The CBL does not list based upon the volume of email from a given IP address.
The CBL also lists certain portions of botnet infrastructure, such as Spam BOT/virus infector download web sites, botnet infected machines, and other web sites or name servers primarily dedicated to the use of botnets. Considerable care is taken to avoid listing IP addresses that are shared or are likely to be shared with legitimate use, except in the case of infector download websites or phish emission.
Our botnet detections may not necessarily directly involve the observation of spam emission, but most botnets are at least occasionally involved in email spam, in addition to infostealing, DDOS attacks etc.
In other words, the CBL only lists IPs that have attempted email connections to one of our servers in such a way as to indicate that the sending IP is infected with a spam-sending virus or worm, acting as a open proxy for the sending of spam, OR, IPs primarily used in the operation of botnets
Is the information on our site wrong or incomplete? You don't want us to monitor your blacklist? Or do you operate a similar blacklist? We would like to hear from you!
We keep some statistics on blacklists. Below is the graph for cbl.abuseat.org. We test blacklists by asking them to respond to known IP's that are blacklisted and known IP's that can't be blacklisted. Not every blacklist has such IP's, we test them with what is possible. We keep if we get any response or error messages and the response duration. Lower response times are better. These statistics may be useful for email server administrators to pick which blacklist to use.
© 2019 Uskur, LLC. All rights reserved.