Overview
The Composite Blocking List (CBL) is a Domain Name System (DNS)-based blocklist. It includes email services suspected of sending spam as a result of a virus or malware infection. The CBL gets its data from large Simple Mail Transfer Protocol (SMTP) mail server installations, some of which are spam trap servers.
- Listings occur at the IP address level.
- The impact on deliverability is high.
- This blocklist is used globally.
Reasons for getting listed
IP addresses are listed for:
- Sending spam from dedicated bots
- Having worms or viruses that complete their own direct-mail transmission
- Being compromised by a trojan horse or stealth spamware
- An open proxy: a non-email server tricked into sending spam
Being listed on the CBL usually happens from contracting a virus or botnet, which typically occurs through a malware-infected webpage. The malware or virus creates a small SMTP server that is used to hijack account information, and then send bulk email to recipients in the user’s email address book.
The malware can also affect the actual machine that is housing the email server platform as well as local PCs. Local PCs are allowed to connect to the email server IP address on SMTP port 25.
How to get off this blocklist
The CBL accepts manual requests to remove IP addresses. However, if you don’t fix the underlying issue that caused the listing, then your IP address will likely be listed again. And if you continue to request delisting without resolving the cause, then you run the risk of your IP address being permanently blocklisted.
Tips for staying off this list
- Conduct infrastructure reviews to check for open proxies
- Regularly follow a list hygiene process to reduce sending to spam traps
- Consistently run security scans on your systems to ensure they are not infected with botnets or viruses used to send spam
