SURBL Links

 

Mirroring zone files locally

 

SpamAssassin version 3 has built-in support for SURBL intelligence

  • SpamAssassin 3 includes a plugin with SURBL support enabled by default: URIDNSBL
  • SpamAssassin 4 (4.0.0-rc4) has support for full domain lookups and has many advantages when using SURBL datasets. Please upgrade to SA4 if possible
  • The SpamAssassin Rule QA site has current (weekly) scores of rule hits on spam and ham corpora. Spam hits are good, but ham hits are very bad. The goal is to maximize the former while minimizing the latter. Ham hits make a given rule much less useful so it's arguably most important to minimize those as a first priority.
  • If you'd like to generate local statistics for your SpamAssassin rules, there are several ways to do it. One way is to use spamd logs with Theo Van Dinter's sa-stats.pl. Many other stats programs are linked from the SpamAssassin wiki.

 

MTA filters supporting SURBL intelligence

  • milter-link for Sendmail (and postfix) checks message body URIs against SURBL intelligence, or after domain resolution against RBLs. Written in C, milter-link does on-the-fly MIME decoding without using temporary files. milter-link now works with Postfix 2.3 via its new Sendmail 8 milter support.
  • Fort Systems Limited milter-uri.pl is a basic Sendmail (and postfix) milter written in Perl using Sendmail::PMilter and SpamAssassin libraries.
  • PTSMail Utilities are designed to manage sendmail under Unix. Uses a web interface to manage virus and spam filtering, quotas, etc. Now supports SURBL intelligence.
  • Using SURBL intelligence with the Exim MTA provides a perl routine that can be used with "any other MTA that can call an external process to scan a message."
  • uribl plugin for SURBL intelligence in qpsmtpd, a perl smtpd with MTA function and plugin capability, announcement
  • MailMarshal for Exchange and general SMTP servers protects enterprise mail against viruses and spam and now supports SURBL intelligence. (Here's their Knowledge Base article about using SURBL intelligence.)
  • Message Partners' MPP multi-platform mail filter and archival system supports SURBL intelligence with MTAs "Postfix, Exim, Sendmail, Qmail, Communigate Pro, Surgemail, Sun Java System Messaging Server and email platforms with a generic SMTP/LMTP filter interface."

 

Other URI blacklists

 

Best Current Practices (BCP) for Email Marketing

 

Organisations that can help with email best practices

 

Acknowledgements

Thanks

People (in no particular order)

Jeff Chan, Raymond Dijkxhoorn, Eric Kolve, Joe Wein, Justin Mason, Daniel Quinlan, Julian Haight, Sidney Markowitz, Kelsey Cummings, Jacob Davida, Erik O'Connor, Bill Stearns, Chris Santerre, Thomas Shaw, Emanuelle Balla, Alex Bruns, all the folks and organizations providing data and name service, and the many other people without whom this project would not be possible. You know who you are! :-) Our thanks to all!

Some comments about SURBL intelligence

Catherine Hampton, spambouncer.org:
"The results have been nothing short of amazing; the only blocklists that come even close [to SURBL intelligence] in terms of quantities of spam stopped are the SBL and CBL. Given that you don't even need to look up host IPs to check the SURBL intelligence, it has to qualify as one of the most useful BLs I've ever tried."
 
Ben Poliakoff, Reed College:
"SURBL use has enhanced SpamAssassin's accuracy tremendously."
 
Bob Harbour, President, Harbour Communication:
"The improvements in the last 2 weeks has been amazing with the addition of the SURBL intelligence and the SpamAssassin 3. I am beginning to get calls from customers wondering if we are having problems with our mail server because they are not getting as much junk mail as they were."
 
Matt Yackley, Network Engineer, Perkins + Will, Inc.:
"SURBL is one of the best tools available to help SpamAssassin catch more spam than ever before."
 
Lindsay Snider, Cumberland Technologies Inc.:
"SURBL has been excellent for us. Before SURBL intelligence, we continued to add and update SpamAssassin rules to try and catch spam as it changed over time. Eventually, we began to see our false positive level gradually increase, hence lowering our trust in the system. We went back to basics using a stock SpamAssassin with the safe SARE rules. We then turned up SURBL and ever since then our scores have been a good deal more accurate. Our false positive rate is zero or very near, and very little spam gets through untagged anymore."
 
Ross Carlson, Metacraft Internet Services:
"I upgraded to the latest amavisd-new and SA, enabled the DNSBL checks and now the system is tagging about 40% of the incoming mail as spam, compared to about 5% before. I've had nearly 4,000 messages come through in the last 22 hours that had URIs in the SURBL intelligence dataset. Love it!"
 
Partial list of organizations using SURBL intelligence:
Easynet France, Tiscali Benelux, Wanadoo NL, SpamCop, XMission Internet, Excel.Net, Electric Mail Company, Sonic.net, Alice's Registry, Inc., MailGuard Pty. Limited, mail-cleaner.com, Superb Internet Corp., Pacific Internet Ltd, University of Bristol (UK), Shasta.com Internet, MailRoute, Inc., Cumberland Technologies Inc., mailbag.com, NetServices Plc, Hancock Telecom, Atlantech Online, Inc., Omnis Network, LLC, University of Colorado at Boulder, Eolas, Ruprecht-Karls-Universit?t Heidelberg, University of North Carolina at Wilmington, Reed College, Michigan Integrated Solutions, Alaska Communications Systems, Inc., Martek.Net, ImproWare AG (Switzerland), Conpoint.com, Perkins + Will, Inc., Metamark Shorten? Service, SnipURL, B2B2C.ca High Speed Internet, Univerity of Klagenfurt, University of Missouri - Rolla, Yale University School of Medicine, OnlyInternet.Net, Internet Xpress (Colville, WA), GO Concepts Inc., Harbour Communication, KC Online, Utility Line Italia, MWeb (South Africa), PE.net, Voicenet.com, SoftHome.net, adfinis, free.de, Research Machines plc, Ironic Design, Inc., LogIn & Solutions AG, Mycom Group, Inc., Borden Ladner Gervais LLP, Birch Telecom Inc., ena.com, CanadaEmails.com - MPRM Group Limited, SaskNow Technologies, American Home Mortgage, Blacknight Internet Solutions Ltd, Widexs / Ionip, MORPACE International, Inc., RTC Ltd. / MOBIKOM, Plushosting B.V., Peregrine Computer Consultants Corporation, localaccess.com, InterActive Systems Designs (Pty) Ltd, Sentex Communications, BMC Software, Delmarva Online, Inc., FrogNet, Inc., Zoznam s.r.o., University of Ghent (Belgium), AxisInternet, Inc., iSupportISP LLC, San Mateo Regional Network, Inc., cetlink internetworks, Oklahoma Christian University, Cyberindo Aditama, Memorial University of Newfoundland, Grande Communications, Inc., Host -it LTD, Eze Castle Integration, Inc., Lynx Informatica, Metacraft Internet Services, ChiliTech Internet Solutions, Terra Networks (Spain), Hush Communications, CWNET - Communications world network, Riverside Internet, Argentina.Com, Best Software, Ecole des Mines de Paris, Clemson University, Spin srl, LawBase Technologies

links.html version 4.00 on 03/01/2023

SURBL Data Feed Request

SURBL Data Feeds offer higher performance for professional users through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.

The main data set is available in different formats:

Rsync and DNS are typically used for mail filtering and RPZ for web filtering. High-volume systems and non-filter uses such as security research should use rsync.

For more information, please contact your SURBL reseller or see the references in Links.

Sign up for SURBL Data Feed Access.

  • Sign up for data feed access

    Direct data feed access offers better filtering performance with fresher data than is available on the public mirrors. Sign up for SURBL Data Feed Access.

  • Applications supporting SURBL

  • Learn about SURBL lists