Composite Blacklist which is a part of Spamhaus (also an IP blacklisting service), is a DNSBL blacklist. CBL lists the IP addresses that show activities such as being a spambot, being an open proxy SMTP server, or being a spam server.
How CBL does the listing
Things CBL check for Blacklist
- The CBL populates its source data from several different mail server (SMTP) installations. These include pure spam trap servers.
- IP addresses that show characteristics of open proxies.
- Servers that are hosting services such as Spam-BOTs used to send spam, viruses, trojan-horse, or spyware.
- Bots/virus hosting machines.
- Machines performing DDOS attacks are listed.
- The botnet detection is based on the findings of spam activity based on direct or indirect spamming activity from the server.
- CBL only lists the servers that have made email connections to one of their servers. That shows server IPs with spam activities, viruses, and open proxies.
- Regardless of IP being Static or Dynamic, if it is detected to be malicious, it is listed.
Things CBL do not check for Blacklist
- They do not list based upon the volume of email from a given IP address.
- The CBL does not check for open SMTP relays.
- The CBL only lists single IPs. It doesn't list IP ranges for the blacklisted IP address.
- CBL does not associate the listed IP with specific associations or organizations.
- No one can directly add or request the blacklisting of any IP addresses to the CBL. They do not allow that since that can be used as a tool with an intent of unbiased listing of anyone's IP addresses.
- CBL operates automatically and avoids listing any servers that send bounced emails or that occasionally send some spam emails. They do not merely list every spam source.
What are the CBL listing criteria?
We can assume that it should be similar to other popular DNSBL services since like some other blacklisting services. CBL listing criteria is undisclosed by CBL.
CBL delisting Steps
- If you are searching for the blacklist removal of your IP, you might have received a bounce email from the CBL stating the reason for the bounce. You can use this first to fix the problem that caused the blacklisting in the first place.
- Second, go to the blacklist removal page https://www.abuseat.org/lookup.cgi and enter your IP address and click on lookup.
- If you are listed, you will see a page like this.
- In our case, the IP we listed for testing was infected with a Trojan. It shows that the IP was detected and listed 17 times in 28 days.
- Read the points listed on this page, from this you will get more information about the problems in your system.
- In this case, running a proper malware scan and removing the trojan from the system cleanup can fix the issue, as stated by CBL recommendations.
- Lastly, if you check at the end of the page, you will see the Self-removal section with a remove button.
- Click on the remove button only after fixing all the issues in your system mentioned in the CBL lookup report.
- With this, you are done with the removal steps suggested by the CBL.
If you are still facing the issues with the IP removal after following the above steps, you can check these steps.
- If your IP address is that of a Network Address Translation (NAT), or Port Address Translation (PAT) firewall, router, or gateway, click here and follow the steps suggested. The insecure NAT can be the issue.
- If the listed address is the IP of your personal computer, then you need to remove the malware such as worms, viruses, trojans from your system. More information on scanning
- If your listed IP is dynamic, click here
- For ones with the wireless connection hub, check out the NAT list policy as above.
- If this IP address is that of your mail server, click here.
I hope you can now able to delist your site from the CBL blacklist. In case you have any queries related to your domain blacklisting, then please feel free to comment below or reach out to the Pepipost Deliverability Expert Team at dx(at)pepipost(dot)com.