We used several levels of aggregation to simplify and clarify the data for these charts. For client IP addresses that run multiple tests with conflicting results, we only use the most recent valid test, ignoring tests that could not determine whether spoofing was possible.
We mapped each IP address to its network prefix as seen in Route Views BGP tables (manually collected from the route-views.routeviews.org text dumps), and use the most recent 12 months of tests from IP addresses within any given prefix. Prefixes in which all tested client addresses result in the same status are labeled as "spoofable" or "unspoofable"; prefixes with conflicting results from different IP addresses are labeled "inconsistent". We extrapolate our results to the entire announced address space by assigning each prefix's status to every IP address covered by that prefix.
To infer the status of ASes, we count the status of each network prefix a given AS announces into the BGP table, and compute the fraction of prefixes that permit spoofing versus total tested prefixes from the AS in question. The inconsistent ASes are subdivided into those with less than half their nets considered spoofable (which are labeled "partly spoofable") and those with at least half spoofable (which are labeled "mostly spoofable").