CBL Privacy Policy, updated May 24, 2018

The CBL is committed to respecting your online privacy, and recognizes your need for appropriate protection and management of any personally identifiable information (PII) you may share with us.

The CBL is a division of Spamhaus.

The CBL strives to comply with applicable laws around the globe. These laws can vary from country to country, but we fully intend to adhere to the principles set out below as a minimum, regardless of country whereever possible.

Given the nature of our work, the CBL may from time to time be subject to attacks on the Internet attempting to damage CBL operation or reveal confidential information. We take that potential risk very seriously, and take extraordinary steps to prevent it.

Accuracy and Legal Disclaimer

While the CBL endeavours to keep the information in this website up to date, correct and as accurate as possible, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, timeliness, suitability or availability with respect to the website or the information contained herein.


The CBL is part of Spamhaus, and does no direct marketing or sales whatsoever of any products or services.

The CBL charges no fees and has no need for financial information of any kind. Anything anywhere indicating otherwise is false and should be considered fraudulent.

Assistance to help remediate a listing is free, subject to availablity.

Information that may be collected our site will not be used for any marketing purpose, and will not be sold or otherwise disclosed to any third party for marketing purposes.

CBL Cookie policy

The abuseat.org website does not set/use cookies itself. The one cookie at present is the Cloudflare security cookie (_cfduid), see here for more detail.

Tracking/External Links/Logging

The CBL web pages do not use Java, flash or other "fancy" features. The only use of javascript is to facilitate multi-lingual translation on our web pages, and to operate the captcha on the lookup page. If you choose to have Javascript turned off in your browser, the Captcha will not work, so, you won't be able to do IP address lookups.

The CBL does not use nor subscribe to any tracking or advertising methodologies. Except for the aforementioned translation facility, and explicit third party links, the CBL web pages are entirely stand-alone and perform no invisible/implicit redirects/links of any kind and do not implement any form of third party tracking/metrics.

The CBL web pages does have links to third party web pages for the purposes of assisting in the analysis and remediation of CBL listings. These web pages are not under our control, and their privacy policies should be consulted if you have concerns.

Web site access logging is the usual: originating IP address, timestamp, browser type, operating system, referral link (if any) and requested link.

Data Collection

The CBL web pages do not collect any personal information whatsoever.

Therefore, the only information collected via use of our web pages is the aforementioned basic web logging.

Email, Other Documents

Essentially all CBL communications are via email. As these are of an operational nature related to current issues or discussions with malware research partners, we do not have a formal archiving mechanism.

The CBL does not store any other documents containing information collected by the web site or email.

CBL Database

The CBL, as a course of implementing its primary function, retains a full audit trail for each listing, including IP address, timestamp and other diagnostic information, and (some) web logging information related to listing removals.

The database does not contain PII data other than what may be deemed PII in the above paragraph in various jurisdictions.

We do not believe that the CBL listing database contains any personally identifiable information, in a legal sense or otherwise, and no attempt to attribute an IP to an individual is ever made, except as you may volunteer yourself in email contact with us.

If you believe a listing is a violation of privacy, correction is simple - find and remediate the infection causing the listing, and the issue goes away. Our mandate is to assist you doing so.

The contents of the database are not made public, only divulged as we (and only we) deem necessary to assist someone contacting the CBL to resolve individual listings. As such, we will only reveal this information to the listee (person affected by listing) and those they may designate (such as their service provider[s]).

Use of Collected Data

All data is used to facilitate the basic operation of the CBL, diagnose problems, assist in the resolution of a listing, capacity planning, and enhance your experience with the CBL web site.

Data Retention Policies

Generally speaking, logging and database information are kept indefinitely to provide a historical view of the CBL's operation and metrics related to that.

From time to time, as disk space requires, older data may be archived and placed into second-level storage.

Third-Party Data Disclosure

The CBL may divulge information it holds to our partners (which include law enforcement, malware researchers and ISPs) where required by law or regulation, or as we deem fit to protect ourselves, our partners, our users or the public. We require that any third party given such information holds the information under policies at least equivalent to ours.

The published CBL DNSBL zone contains only IP addresses of listings and no other information.

Children under the age of 13

We do not believe that Children's Online Privacy Protection Act of 1998 (COPPA) applies in our case, due to the fact that the CBL is non-commercial/non-profit, and does not solicit or obtain PII for routine interactions. It seems implausible that any child under the age of 13 years of age would ever be likely to interact with the CBL.

That said, some young children with a technical/scientific inclination are doing some surprising things, and we don't want to discourage such learning. We will not knowingly accept email from under 13 year olds, please have your parents contact us instead to provide permission.