The CBL is committed to respecting your online privacy,
and recognizes your need for appropriate protection
and management of any personally identifiable information (PII)
you may share with us.
The CBL is a division of Spamhaus.
The CBL strives to comply with applicable laws around the globe.
These laws can vary from country to country, but we fully
intend to adhere to the principles set out below as a minimum,
regardless of country whereever possible.
Given the nature of our work, the CBL may from time to time be
subject to attacks on the Internet attempting to damage CBL
operation or reveal confidential information.
We take that potential risk very seriously, and take extraordinary
steps to prevent it.
Accuracy and Legal Disclaimer
While the CBL
endeavours to keep the information in this website up to
date, correct and as accurate as possible, we make no
representations or warranties
of any kind, express or implied, about the completeness,
accuracy, reliability, timeliness, suitability or
availability with respect to the website or the information
The CBL is part of Spamhaus, and does no
direct marketing or sales whatsoever of any products or services.
The CBL charges no fees and has no need for financial information
of any kind.
Anything anywhere indicating otherwise is false and should be considered
Assistance to help remediate a listing is free, subject to availablity.
Information that may be collected our site will not be used for
any marketing purpose, and will not be sold or otherwise disclosed
to any third party for marketing purposes.
of some of our web pages, and to operate the captcha on the lookup page.
the web pages should still function as normal, except that
translation will not be available.
The CBL does not use nor subscribe to any tracking or advertising
Except for the aforementioned translation facility, and explicit third
party links, the CBL web pages are entirely stand-alone and perform
no invisible/implicit redirects/links of any kind and do not implement
any form of third party tracking/metrics.
The CBL web pages does have links to third party web pages
for the purposes of assisting in the analysis and remediation of CBL listings.
These web pages are not under our control, and their privacy policies should
be consulted if you have concerns.
Web site access logging is the usual: originating IP address, timestamp,
browser type, operating system and requested link.
If you register for a rsync transfer of the CBL zone, the originating
IP address, current reverse DNS value, timestamp and file transferred are
logged for each transfer.
The CBL web pages do not collect any personal information whatsoever,
except for the rsync transfer registration page.
You can use the CBL web pages without revealing any personal information
about yourself, unless you voluntarily choose to sign up for rsync transfers.
Therefore, the only information collected via use of our web pages
is the aforementioned basic web logging, plus the voluntary rsync registration.
Rsync zone transfer information collected includes what you enter
in on the form: your name, organization,
request source IP address, timestamp, and IP address that will be doing
Email, Other Documents
Essentially all CBL communications are via email. As these are of
an operational nature related to current issues or discussions
with malware research partners, we do not have a formal
The CBL does not store any other documents containing information
collected by the web site or email.
The CBL, as a course of implementing its primary function, retains
a full audit trail for each listing, including IP address, timestamp
and other diagnostic information, and (some) web logging
information related to listing removals.
The database does not contain PII data other than what may be
deemed PII in the above paragraph in various jurisdictions.
We do not believe that the CBL listing database contains any personally
identifiable information, in a legal sense or otherwise, and no attempt
to attribute an IP to an individual is ever made, except as you may
volunteer yourself in email contact with us.
Therefore, a listing of an IP address is not a privacy infringement.
If some legal jurisdiction may disagree,
protecting our users from malicious spam, fraud and malware is in
the public interest and supersedes it.
If you believe a listing is a violation of privacy, correction is simple -
find and remediate the infection causing the listing, and the issue goes away.
Our mandate is to assist you doing so.
If you deliberately run a network of compromised computers running malware
or other malicious software and believe our listings are harming your privacy or
business, we'll be happy to delist on request. However, such requests
must be accompanied by your real name, age, nationality, details of the criminal
charges laid against you, which prison you currently reside in, and be notorized
by competent legal jurisdiction. Such information will be verified by independent
If you are not currently in prison, please let us know so we can rectify the situation.
The contents of the database are not made public, only divulged
as we (and only we) deem necessary to assist someone contacting
the CBL to resolve individual listings.
As such, we will only reveal this information to the listee (person affected
by listing) and those they may designate (such as their service provider[s]).
Use of Collected Data
Data collected for rsync registration is used to determine your eligibility
for a rsync download and facilitating the setup of rsync to permit your
download, as well as contacting you if changes will be made to the rsync
All other data is used to facilitate the basic operation of the CBL,
diagnose problems, assist in the resolution of a listing,
capacity planning, and
enhance your experience with the CBL web site.
Data Retention Policies
Generally speaking, logging and database information are kept indefinitely
to provide a historical view of the CBL's operation and metrics related
From time to time, as disk space requires, older data may be archived
and placed into second-level storage.
Third-Party Data Disclosure
The CBL may divulge information it holds to our partners (which include
law enforcement, malware researchers and ISPs) where required by law or
regulation, or as we deem fit to protect ourselves, our partners,
our users or the public.
We require that any third party given such information holds
the information under policies at least equivalent to ours.
The published CBL DNSBL zone contains only IP addresses of listings and
no other information.
Children under the age of 13
We do not believe that Children's Online Privacy Protection Act
of 1998 (COPPA) applies in our case, due to the fact
that the CBL is non-commercial/non-profit, does not solicit PII for
routine interactions, that any PII collected is for internal (rsync
registration) use only and not for marketing or other similar purposes.
It seems implausible that any child under the age of 13
years of age would ever be likely to interact with the CBL.
That said, some young children with a technical/scientific inclination are
doing some surprising things, and we don't want to discourage such
We will not knowingly accept rsync registrations or email
from under 13 year olds, please have your parents contact
us instead to provide permission.
The CBL and web pages are copyright ©
2003-2016, all unauthorized copying is prohibited