CBL Index
From Wikipedia, the free encyclopedia
The CBL Index is a ratio between the number of IP addresses in a given IP subnet (Subnetwork) to the number of CBL (Composite Blocking List) listings in the subnet. It may be used to measure how "clean" (of compromised computers) a given subnet is.
The higher the number is, the "cleaner" the subnet.
The CBL index may be represented in Decibels (dB) or as CIDR suffix (*/xx).
Note: other spam researchers prefer to use a percentage of IPs that are listed in a subnet. Using percentages is better suited for "unclean" subnets because "clean" nets have significantly less than 1% of addresses listed.
[edit] Rationale
The CBL DNSBL (Composite Blocking List) lists IP addresses that are compromised by a virus or spam sending infection (computer worm, computer virus, or spamware).
The CBL's full zone (data) is available publicly via rsync for download, you are encouraged to register for it - see http://cbl.abuseat.org for more detail.
The CBL Index is a reasonably good tool for getting estimates of subnet "outgoing spam reputation".
The CBL Index should be treated with caution - subnets often contain IPs with radically different purposes. Assuming all IPs within a subnet represent the same risk/reputation is potentially dangerous.
The CBL Index may be used for estimation of overall anti-spam performance of ISP or AS operator.
[edit] Example
In CBL zone dated 2007-07-07T21:03+00:00 there was 166_086 IP addresses listed from 83.0.0.0/11 network.
The CBL Index for the net was: 2_097_152/166_086 = 12.6 (*/28.3 ; 11.0 dB)
2_097_152 - number of IP addresses in */11 network (2**(32-11))