CBL Index

The CBL Index is a ratio between the number of IP addresses in a given IP subnet (Subnetwork) to the number of CBL (Composite Blocking List) listings in the subnet. It may be used to measure how "clean" (of compromised computers) a given subnet is.^[1]

The higher the number is, the "cleaner" the subnet.

The CBL index may be represented in Decibels (dB) or as CIDR suffix (*/xx).

Note: other spam researchers prefer to use a percentage of IPs that are listed in a subnet. Using percentages is better suited for "unclean" subnets because "clean" nets have significantly less than 1% of addresses listed.

Rationale

The CBL DNSBL (Composite Blocking List) lists IP addresses that are compromised by a virus or spam sending infection (computer worm, computer virus, or spamware).

The CBL's full zone (data) is available publicly via rsync for download.^[2]

The CBL Index is a reasonably good tool for getting estimates of subnet "outgoing spam reputation". It should be treated with caution – subnets often contain IPs with radically different purposes. Assuming all IPs within a subnet represent the same risk/reputation is potentially dangerous.

The CBL Index may be used for estimation of overall anti-spam performance of ISP or AS operator.

Example

In the CBL zone dated 2007-07-07T21:03+00:00, there were 166,086 IP addresses listed from the 83.0.0.0/11 network.

The CBL Index for this net was: 2,097,152 / 166,086 = 12.6 (*/28.3; 11.0 dB)

2,097,152 – number of IP addresses in a /11 network (calculated as 2^(32−11))

Literature

• Giovane César Moura (2013). Internet Bad Neighborhoods. Enschede: Ipskamp Drukkers. p. 25. doi:10.3990/1.9789036534604. ISBN 978-90-365-3460-4.

External links

• "The CBL".