CBL Index
The CBL Index is a ratio between the number of IP addresses in a given IP subnet (Subnetwork) to the number of CBL (Composite Blocking List) listings in the subnet. It may be used to measure how "clean" (of compromised computers) a given subnet is.[1]
The higher the number is, the "cleaner" the subnet.
The CBL index may be represented in Decibels (dB) or as CIDR suffix (*/xx).
Note: other spam researchers prefer to use a percentage of IPs that are listed in a subnet. Using percentages is better suited for "unclean" subnets because "clean" nets have significantly less than 1% of addresses listed.
Rationale
The CBL DNSBL (Composite Blocking List) lists IP addresses that are compromised by a virus or spam sending infection (computer worm, computer virus, or spamware).
The CBL's full zone (data) is available publicly via rsync for download.[2]
The CBL Index is a reasonably good tool for getting estimates of subnet "outgoing spam reputation". It should be treated with caution - subnets often contain IPs with radically different purposes. Assuming all IPs within a subnet represent the same risk/reputation is potentially dangerous.
The CBL Index may be used for estimation of overall anti-spam performance of ISP or AS operator.
Example
In CBL zone dated 2007-07-07T21:03+00:00 there was 166_086 IP addresses listed from 83.0.0.0/11 network.
The CBL Index for the net was: 2_097_152/166_086 = 12.6 (*/28.3 ; 11.0 dB)
2_097_152 - number of IP addresses in */11 network (2**(32-11))
Literature
- Giovane César Moura (2013). Internet Bad Neighborhoods. Enschede: Ipskamp Drukkers. p. 25. doi:10.3990/1.9789036534604. ISBN 978-9036534604.
External links
References
- "What is the CBL?".
- "The CBL". cbl.abuseat.org. Archived from the original on 16 July 2007. Retrieved 13 January 2022.