What
SURBLs are lists of web sites
that have appeared in unsolicited messages.
Unlike most lists,
SURBLs are not lists of
message senders.
Why
Web sites seen in unsolicited messages tend to be more stable
than the rapidly changing botnet IP addresses
used to send the vast majority of them.
Sender lists like zen.spamhaus.org can be used in a first stage filter to
help identify 80% to 90%
of unsolicited messages.
SURBLs can help find about
75% of the otherwise difficult,
remaining unsolicited messages in a second stage filter.
Used together with sender lists, SURBLs have proven to be
a highly-effective way to detect 95% of unsolicited messages.
How
Using SURBLs requires a mail filter that can extract web sites
from message bodies and check them against the lists.
Many applications support SURBLs, including SpamAssassin and filters
for most major MTAs including sendmail, postfix, qmail, exim, Exchange,
qpsmtpd and others.
For a partial list of dozens of applications supporting SURBLs,
please see the
Links page.
Note that direct blocking at the MTA level is not recommended.
It's generally better to use SURBLs along with multiple, weighted factors,
as
SpamAssassin does.
For new implentations, please see the
Implementation Guidelines.
Future
SURBLs continue to improve listing speed and coverage through a variety
of techniques.
Please see the rest of this site for more information.
home.html version 1.00 on 10/9/08