SURBL Links

 

Mirroring zone files locally

 

SpamAssassin version 3 has built-in support for SURBLs

 

Applications which use SpamAssassin and support SURBLs

 

Windows applications supporting SURBLs

  • Mail Server Content Filter filters mail in Merak Mail, Microsoft Exchange 2000 and Communigate Pro (Windows version) using regular expressions matching RBL, domain, user or IP addresses against any part of message. Configurations are written in XML.
  • ORFilter is a free-ware Exchange plug in which supports SURBLs. ORFilter is reported to work with Exchange 2007.
  • Policy Patrol by Red Earth Software adds SURBL support to their commercial anti-spam add-on for Exchange.
  • XWall for Microsoft Exchange supports SURBLs.
  • GFI MailEssentials v11 adds SURBL support to Exchange, Lotus Notes and other popular SMTP/POP3 servers.
  • Vamsoft's ORF Enterprise Edition adds SURBL support to Windows 2000 and 2003 versions of Exchange and IIS SMTP Service (IIS 5 or 6).
  • STAT AntiSpam has open-source SURBL support in antispam filter set for the freeware Windows mail server Mercury/32.
  • NEMX Power Tools for Exchange Server supports SURBLs.
  • Sunbelt Software's Ninja Email Security adds SURBL support to its integrated plug-in architecture for antispam, antivirus, disclaimers, and attachment filtering in Microsoft Exchange environments.
  • ASTPS adds SURBL support to Clearswift MIMEsweeper, MailMarshal, and other Windows mail scanners which support external programs.
  • eWall is a Microsoft Windows based SMTP gateway by Server Side Solutions which offers SURBL support to any mail server as an open source filter.
  • Yasu is an open source Win32 or Windows 2000 program to check URIs against SURBLs in Clearswift Mailsweeper and other Windows mail systems that can run external scripts.
  • SmarterMail is a Windows mail server with SURBL support.
  • hMailServer is a free email server for Windows. It supports SURBLs and may make use of SpamAssassin.
  • Invariant Systems' URI extraction tool invURIBL is a Windows program to check message body URIs against SURBLs for example, from Declude for Imail. It can be used as a standalone program or as a general plug in to Windows mail servers.
  • SURBL_filter.zip is a command script checks SURBL sites against message bodies in Declude JunkMail, which is an add-on to the Windows mail server Ipswitch IMail.
  • MTS Professional is a low cost, full-featured SMTP/POP3 based email server for Windows NT4/2000/XP. MTS Professional now supports SURBLs.
  • Trash Finder is a plugin for the free IMS mail server on Windows. The subscription version of Trash Finder supports SURBLs.
  • ALOAHA is a transparent SMTP Proxy for Windows which supports SURBLs.
  • (See also how to use SpamAssassin with Windows above.)

 

MTA filters supporting SURBLs

  • milter-link for Sendmail (and postfix) checks message body URIs against SURBLs, or after domain resolution against RBLs. Written in C, milter-link does on-the-fly MIME decoding without using temporary files. milter-link now works with Postfix 2.3 via its new Sendmail 8 milter support.
  • milter-uri.pl is a basic Sendmail (and postfix) milter written in Perl using Sendmail::PMilter and SpamAssassin libraries.
  • j-chkmail Sendmail (and postfix) milter for detecting viruses and spam. A standalone C program
  • PTSMail Utilities are designed to manage sendmail under Unix. Uses a web interface to manage virus and spam filtering, quotas, etc. Now supports SURBLs.
  • Using SURBLs with the Exim MTA provides a perl routine that can be used with "any other MTA that can call an external process to scan a message."
  • qmail and qmail-ldap patches to use SURBLs. Here are local copies of the Regular patch, Qmail-ldap patch and Documentation.
  • uribl plugin for SURBLs in qpsmtpd, a perl smtpd with MTA function and plugin capability, announcement
  • MailMarshal for Exchange and general SMTP servers protects enterprise mail against viruses and spam and now supports SURBLs. (Here's their Knowledge Base article about using SURBLs.)
  • GWAVA version 3.5 adds SURBL support to the GroupWise MTA under Novell Netware.
  • Message Partners' MPP multi-platform mail filter and archival system supports SURBLs with MTAs "Postfix, Exim, Sendmail, Qmail, Communigate Pro, Surgemail, Sun Java System Messaging Server and email platforms with a generic SMTP/LMTP filter interface."

 

Other programs and services using SURBLs

  • "The Anti-Spam-SMTP-Proxy (ASSP) server project is an Open Source, Perl based, platform-independent transparent SMTP proxy server that leverages numerous methodologies and technologies to both rigidly and adaptively identify e-mail spam." ASSP uses SURBL by default.
  • MailStripper by Eridani Star System is an MTA independent, UNIX SMTP spam filter with anti-virus capability that now supports SURBLs.
  • MEFilter, a bolt-on for the MailEnable mail server, adds beta SURBL support. Test results are very favorable.
  • Kaspersky Anti-Spam adds SURBL support starting with Open Beta 3.0. Operates as a standalone filter or with sendmail, qmail, CommuniGate Pro, Postfix or Exim.
  • Guardian Digital, a Linux security company, uses SURBLs in their Secure Mail Suite. Here's the press release about it.
  • NetWin adds SURBL support to their multi-platform email, groupware and instant messaging server, SurgeMail.
  • Hexamail adds SURBL support to the latest version of their Windows/Linux server-side spam blocker Hexamail Guard.
  • MicroWorld includes SURBL support in their eScan and MailScan products.
  • SimpleFilter is a POP3 proxy and SMTP service offering pre-filtering of mail and marking of spam subject lines. Uses SURBLs and other techniques.
  • LogSat's SPAMFilter ISP spam and virus mail filtering service now has SURBL support.
  • SurGATE, Endersys' antispam and antivirus gateway, now has SURBL support.
  • Camel's Eye, a GPL'd client-side Java POP3/SMTP proxy, now has support for SURBL."
  • SpamPal, a client-side filter, now has SURBL support via Alain de Camps' version of the URLBody plugin.
  • Drupal CMS, a web Content Management System now has SURBL support via Jeremy Andrews' spam_surbl module, which is written in PHP. Here is his announcement about it. Drupal allows users to publish web content, organize discussion communities, run blogs, collaborate on projects, etc.
  • FirstClass, a messaging and groupware system for schools and businesses, adds SURBL support starting with version 8.1.
  • IndiMail, an open source mail server and qmail replacement, added SURBL support as of version 1.8.3.
  • Net::Blacklist::Client is a perl module which queries multiple BLs or URIBLs in parallel.
  • surblhost is a simple C command line program to query SURBLs, written by Christian Stigen Larsen. surblhost is used by memurl.com to deny redirection services to spammers.
  • "Spamcheetah is a spam filter based on OpenBSD employing traffic shaping (tarpit), greylisting, Vipul's razor and friends that employs SURBL effectively for combating URL based phishing attacks."
  • Tom Shaw has created a PHP5 object for checking SURBLs called URI Reputation Client.
  • Martijn Grooten has published a DNS-based method to check redirectors quickly.
  • Suri does SURBL checks on mail stored in files, adapted from Devin Carraway's plugin to qpsmtp. General-purpose program usable with amavisd and others.
  • rxwhois.cmd OS/2 whois client whois client for anti-spam use includes SURBL checks

 

Other URI blacklists

 

Other resources

 

Best Current Practices (BCP) for Email Marketing

 

Recommendations for Email Service Providers (ESPs)

 

Organizations that can help with mail practices

 

Free malware and vulnerability tools

 

Acknowledgements

Thanks

People (in no particular order)

SupraNet
MultiKabel N.V.
Prolocation
Sonic.net
Google.org
Internet Systems Consortium, Inc.
Eric Kolve, Raymond Dijkxhoorn, Justin Mason, Daniel Quinlan, Julian Haight, Sidney Markowitz, Kelsey Cummings, Jacob Davida, Erik O'Connor, Bill Stearns, Chris Santerre, all the folks and organizations providing data and name service, and the many other people without whom this project would not be possible. You know who you are! :-) Our thanks to all!

Some comments about SURBLs

Catherine Hampton, spambouncer.org:
"The results have been nothing short of amazing; the only blocklists that come even close [to SURBLs] in terms of quantities of spam stopped are the SBL and CBL. Given that you don't even need to look up host IPs to check the SURBL, it has to qualify as one of the most useful BLs I've ever tried."
Ben Poliakoff, Reed College:
"SURBL use has enhanced SpamAssassin's accuracy tremendously."
Bob Harbour, President, Harbour Communication:
"The improvements in the last 2 weeks has been amazing with the addition of the SURBLs and the SpamAssassin 3. I am beginning to get calls from customers wondering if we are having problems with our mail server because they are not getting as much junk mail as they were."
Matt Yackley, Network Engineer, Perkins + Will, Inc.:
"SURBL is one of the best tools available to help SpamAssassin catch more spam than ever before."
Lindsay Snider, Cumberland Technologies Inc.:
"SURBL has been excellent for us. Before SURBL, we continued to add and update SpamAssassin rules to try and catch spam as it changed over time. Eventually, we began to see our false positive level gradually increase, hence lowering our trust in the system. We went back to basics using a stock SpamAssassin with the safe SARE rules. We then turned up SURBL and ever since then our scores have been a good deal more accurate. Our false positive rate is zero or very near, and very little spam gets through untagged anymore."
Ross Carlson, Metacraft Internet Services:
"I upgraded to the latest amavisd-new and SA, enabled the DNSBL checks and now the system is tagging about 40% of the incoming mail as spam, compared to about 5% before. I've had nearly 4,000 messages come through in the last 22 hours that had URIs in the SURBL. Love it!"
Partial list of organizations using SURBLs:
Easynet France, Tiscali Benelux, Wanadoo NL, SpamCop, XMission Internet, Excel.Net, Electric Mail Company, Sonic.net, Alice's Registry, Inc., MailGuard Pty. Limited, mail-cleaner.com, Superb Internet Corp., Pacific Internet Ltd, University of Bristol (UK), Shasta.com Internet, MailRoute, Inc., Cumberland Technologies Inc., mailbag.com, NetServices Plc, Hancock Telecom, Atlantech Online, Inc., Omnis Network, LLC, University of Colorado at Boulder, Eolas, Ruprecht-Karls-Universit?t Heidelberg, University of North Carolina at Wilmington, Reed College, Michigan Integrated Solutions, Alaska Communications Systems, Inc., Martek.Net, ImproWare AG (Switzerland), Conpoint.com, Perkins + Will, Inc., Metamark Shorten? Service, SnipURL, B2B2C.ca High Speed Internet, Univerity of Klagenfurt, University of Missouri - Rolla, Yale University School of Medicine, OnlyInternet.Net, Internet Xpress (Colville, WA), GO Concepts Inc., Harbour Communication, KC Online, Utility Line Italia, MWeb (South Africa), PE.net, Voicenet.com, SoftHome.net, adfinis, free.de, Research Machines plc, Ironic Design, Inc., LogIn & Solutions AG, Mycom Group, Inc., Borden Ladner Gervais LLP, Birch Telecom Inc., ena.com, CanadaEmails.com - MPRM Group Limited, SaskNow Technologies, American Home Mortgage, Blacknight Internet Solutions Ltd, Widexs / Ionip, MORPACE International, Inc., RTC Ltd. / MOBIKOM, Plushosting B.V., Peregrine Computer Consultants Corporation, localaccess.com, InterActive Systems Designs (Pty) Ltd, Sentex Communications, BMC Software, Delmarva Online, Inc., FrogNet, Inc., Zoznam s.r.o., University of Ghent (Belgium), AxisInternet, Inc., iSupportISP LLC, San Mateo Regional Network, Inc., cetlink internetworks, Oklahoma Christian University, Cyberindo Aditama, Memorial University of Newfoundland, Grande Communications, Inc., Host -it LTD, Eze Castle Integration, Inc., Lynx Informatica, Metacraft Internet Services, ChiliTech Internet Solutions, Terra Networks (Spain), Hush Communications, CWNET - Communications world network, Riverside Internet, Argentina.Com, Best Software, Ecole des Mines de Paris, Clemson University, Spin srl, LawBase Technologies

links.html version 3.15 on 4/6/10

SURBL Data Feed Request

SURBL Data Feeds offer higher performance for professional users through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.

Data feeds are available in three formats:

Rsync and DNS are typically used for mail filtering and RPZ for web filtering. High-volume systems and non-filter uses such as security research should use rsync.

For more information, please contact your SURBL reseller or see the references in Links.

Sign up for SURBL Data Feed Access.

  • Sign up for data feed access

    Direct data feed access offers better filtering performance with fresher data than is available on the public mirrors. Sign up for SURBL Data Feed Access.

  • Applications supporting SURBL

  • Learn about SURBL lists