How you can help

1. If you like the performance you get from using SURBLs, then please consider recommending them to others. The more widely SURBLs are used, the more effective they will be in stopping spam.

2. Please report any false positives to us so that we can review them and de-list or whitelist as appropriate. For further list removal information please see the Lists page.

3. To re-iterate: if you are using SURBLs and notice any false positives, then please report them back to us, regardless of whether you are using an open source or commercial application or service. You are getting benefits from the efforts of our volunteer community and it's only fair that you give back to the rest of our community in this way.

4. Report your spams using SpamCop. Doing so gets abused senders blacklisted, and it also gets spam URIs reported to their hosts and into sc.surbl.org and therefore multi.surbl.org. This is a highly effective way to stop spams.

5. Use multi.surbl.org instead of individual lists since it reduces the number of DNS queries needed if you're using more than one list. Current versions of SpamAssassin use multi by default, as should all applications.

6. If you run a high volume mail server (e.g., processing more than a few hundred thousand messages per day), please set up rbldnsd, then fill out our rsync request form to request access to the SURBL zone files. BIND zone files are also available by rsync. Please see Links for some references and instructions on using rbldnsd and rsync. Please do not use public name servers for processing large volumes of mail. This is true for any RBLs you may be using. Also, please do not get the zone files for production use from this web site.

7. We could use a few more public name servers since SURBL seems to be starting to take off. Please contact jeffc at surbl dot org or rsync at surbl dot org if you would like to help. Note that name servers should be on DS3s at a minimum since DNS traffic may ramp up to one or two megabits per second if SURBL use continues to grow.

8. If you are using SpamCopURI, please make sure you're using the latest version which has several fixes including per-test DNS caching. That can reduce your DNS queries significantly.

9. Please consider helping to port or write applications such as MTA milters or plugins to use SURBL. Our Implementation Guidelines provide an overview of the functionality needed.

10. If you have any information about ccTLDs that are not in our two-level-tld list, please let us know at our contacts.

11. If you find SURBLs useful, then please consider making a donation using the link at the left. Contributions will be used to help pay traffic and hosting expenses and to set up additional servers elsewhere in the world.

News

Internal

• 12/5/07: As of December 2007, we have added The DNS blackhole malware, malicious software and phishing site data to our phishing list.

• 10/19/06: As of October 2006, we are adding PhishTank data to our phishing list. As of mid-2006, were are including phishing data from Castlecops' PIRT.

• 2/7/05: We have removed the JP data from WS. If you did not have a separate rule or configuration to use JP before, then please add one. Examples for SpamAssassin are in the Quick Start. (Starting with version 3.1, SpamAssassin has a JP rule included in the default configuration. For SA versions prior to 3.1, please add configurations for JP as described in the Quick Start.)

• 2/7/05: SC and WS zone files have been removed from the SURBL web site per below. Please use invURIBL or another SURBL plug in with Declude instead.

• 1/29/05: SC and WS zone files will be removed from the SURBL web site by 1/7/05. This does not affect DNS operation or most SURBL applications which use it, but it does mean that users of Roger Eriksson's Windows command script with Declude Junkmail should use Invariant Systems invURIBL or similar Windows SURBL plug-ins instead.

• 11/13/04: In order to explore some conjunctions of existing lists that might have fewer false positives, we've created some stats measuring the number of DNS hits against all blocklists that the individual SURBL lists get, along with some permutations of those lists. This gives some measure of the performance of the different lists, though it likely undercounts rapidly changing data such as SC and AB since it's based on the previous ten days of data. SC and AB have inherently shorter time periods of 3 and 7 days respectively.

  Additionally we've increased the number of days that frequency data of DNS queries against our whitelist are kept from 10 to 90. A full 90 days of data won't be accumulated until February 2005. These stats are all updated around midnight.

• 11/12/04: We have added data from fraud.rhs.mailpolice.com into ph, joining our exiting phishing data from mailsecurity.net.au. This has doubled the size of our phishing list to about 1000 records. Thanks to Jay Swackhamer of MailPolice for gathering this data and making it available to us.

• 9/27/04: A new list jp.surbl.org is now part of multi.surbl.org. With a bitmask value of 64, it exists only as part of the combinded SURBL list multi, not as a standalone list. JP is based on spamtrap data from Joe Wein and from Raymond Dijkxhoorn and his colleagues at Prolocation which are then processed using Joe's jwSpamSpy program. JP has a very good spam detection rate around 80% and a very low false positive rate below 0.02%. For information about using JP, please see the Quick Start, and for more about the JP list, please see the Lists section.

• 9/17/04: After trying DNS TTLs at 25, 20 and 15 minutes, it appears that 15 minute TTLs optimizes both name server traffic and the quickness of records being added or deleted from the lists. Therefore we are standardizing on 15 minute TTLs for all SURBLs.

• 8/20/04: As part of our continuing TTL experiment, we have set the TTLs on all lists to 25 minutes. If the resulting DNS traffic does not change much, then we will leave the slower-changing lists at 25 minutes and change SC back to 10 minutes.

• 8/17/04: We are deprecating be.surbl.org, the SURBL list made from a stale snapshot of the BigEvil list before it got ws added into it. BE probably isn't too useful anymore since it's not getting updated, so please change to using ws.surbl.org instead. Eventually we would like to get rid of BE entirely.

• 8/17/04: We are cleaning up some of the redundant zone files in the SURBL rsync server:
  1. surbl.rbldnsd - going away, use sc.surbl.org.rbldnsd instead
  2. *.rbldns - going away when no traffic, use *.rbldnsd instead
  3. surbl.bind - going away, use surbl.org.bind instead
  In all cases the replacement files use the preferred names, already exist, and have identical content. If you are using any of the old names, please change them to the new names.

• 8/11/04: We have lowered the TTLs on SURBL zone files to 1 hour. This includes multi.surbl.org, but does not include sc.surbl.org which already had a 10 minute TTL. This should cause new entries to take effect sooner since the negative caching TTL should also be 1 hour.

• 8/1/04: ws.surbl.org now has some additional data sources including: MailSecurity's SURBL lists.

• 7/1/04: Added a new whitelist source: domains of publically-traded companies listed at dmoz and Google. Each yields lists of about 4300 or so of mostly the same domains which are now excluded from SURBLs. Here are the extracted dmoz and Google public company domain lists.

• 6/30/04: Three new SURBL lists are available: ob.surbl.org, ab.surbl.org, multi.surbl.org. The first two match spamvertised sites kindly provided by Outblaze and AbuseButler respectively. multi is a bitmask-combined list of all the other SURBL lists, for use with programs that can decode these back into their constiuent lists, such as SpamAssassin 3's urirhssub. More information on these additional lists can be found in the Quick Start and Lists sections.

• 6/29/04: be.surbl.org records are now included in ws.surbl.org, so please use ws.surbl.org instead of be. be is now frozen and the content in it may go away eventually.

• 5/6/04: We are now properly removing any subdomains (third or greater level domains or host names) from generic TLDs. (For example, abc.defxyz.com becomes defxyz.com.) This change may result in slightly better matching on both be and sc lists since the clients are supposed to be doing similar things with domains found in message body URIs. The new-style sed expression doing this on the SURBL side is chop-two-level-domains.sed.

• 5/5/04: We've added some notes about setting up local DNS caching of RBL zone files. Bob Cottrell describes setting up rbldnsd and rsync on top of an existing BIND server. Here are my notes about setting up rbldnsd with BIND under FreeBSD. Rick Macdougall writes up how he set up rbldnsd to run on the same name server as dnscache from djbdns. I've written up how to use rsync with BIND to cache RBL zone files, though rbldnsd is a better solution for many reasons. See also NJABL's tips for running rbldnsd and rsync and a (local copy).

• 5/5/04: Zone file refresh times on ws.surbl.org and be.surbl.org have been lowered from several hours to 20 minutes. TTLs for those zones remain at several hours. This change probably will affect few if any users.

• 4/27/04: sa.surbl.org is gone. Please use ws.surbl.org instead, since it is the new name for the domains from Bill Stearns' sa-blacklist.

• 4/24/04: In order to prevent future confusion, we are changing the names of the rbldnsd zone files from .rbldns to .rbldnsd . If you are using rbldnsd, please update your rsync and cron configs to use the slightly revised .rbldnsd names. For now both old and new names are being served, but we may want to stop providing the deprecated names at some point in future. If you're using the old names, please update to the new ones. We expect the new names to be stable. The changes to the rbldnsd zone file names are:

    sc.surbl.org.rbldns  -->  sc.surbl.org.rbldnsd
    ws.surbl.org.rbldns  -->  ws.surbl.org.rbldnsd
    be.surbl.org.rbldns  -->  be.surbl.org.rbldnsd
  

  (For background, there are two RBL name server programs with similar names but different functionality: rbldnsd and rbldns. Zone files in rbldnsd implement a superset of rbldns, most relevantly in the ability to serve domain names in RBLs, where rbldns can only serve IP addresses. The two are therefore similar enough to cause potential confusion.)

• 4/24/04: Zone files now only update when the underlying spam URI domains have changed.

• 4/22/04: Dallas Engelken has set up an SURBL+ lookup page at SpamAssassin Rule Emporium! (SARE) at which you can look up domain and IP addresses on all SURBLs, and IP addresses against standard SpamAssassin numeric RBLs.

• 4/21/04: BigEvil.cf and MidEvil.cf SpamAssassin rule sets are now available in the form of an SURBL as be.surbl.org. Please see the Quick Start for sample configs and the SURBL Lists section for more detailed information.

• 4/20/04: SURBL testpoints "example.com" have been changed to "surbl-org-permanent-test-point.com" to avoid potential spam detection on sample URIs.

• 4/20/04: TXT record for sc.surbl.org is changed from: "Message body contains recently and multiply-reported SpamCop spamvertised domain." to: "Message body contains SpamCop spamvertised domain."

  TXT record for ws.surbl.org is changed from: "Message body contains domain in sa-blacklist. See: http://www.stearns.org/sa-blacklist/" to: "Blocked, See: http://www.stearns.org/sa-blacklist/".

• Feedback so far on the effectiveness of SURBL is very positive, with spam hit rates for sc.surbl.org ranging up to 60% with near-zero False Positives. Some results appear below. With some more tuning we may be able to improve that further.

• As you can see from the Quick Start and SURBL Lists sections, there's another SURBL to test with message body URIs with: ws.surbl.org. This new list uses domains from Bill Stearns' sa-blacklist, and is available through DNS and rsync like our original SpamCop-derived sc.surbl.org.

• Raymond Dijkxhoorn has kindly set up an rsync server for the SURBL rbldnsd and BIND zone files. Administrators of high volume mail servers, please fill out our rsync request form to request access to our rsync server. Gigabit hosting for the rsync of SURBL zone files is kindly donated by Dutch ISP and large open source mirror MultiKabel N.V.. Thanks Raymond and MultiKabel!

• Raymond has also set up three mailing lists for SURBL users and fans: Announce, Discuss, and Zones for announcements, discussion, and DNS zone and rsync server administrators respectively. We encourage anyone using SURBL or interested in keeping up with SURBL news and announcements to subscribe to the low-volume, read-only Announce list. The Discuss list is a good place to bring up questions or issues related to SURBL.

External

• 7/24/07: Sunbelt Software adds SURBL support to Ninja Email Security(tm). "Ninja Email Security integrates antispam, antivirus, disclaimers, and attachment filtering with a plug-in architecture for Microsoft Exchange environments."

• 8/29/06: Hexamail adds SURBL support to the latest version of their Windows/Linux server-side spam blocker Hexamail Guard.

• 8/16/06: Jörg Zieren mentions that "Camel's Eye, a GPL'd client-side Java POP3/SMTP proxy, has support for SURBL.

• 8/15/06: Christian Stigen Larsen has written a simple C command line program to query SURBLs. The source is available at http://surblhost.sourceforge.net. surblhost is used by memurl.com to deny redirection services to spammers.

• 8/10/06: Jamie Thom announces a wiki page describing how to setup SpamAssassin with SURBL on Qmail using the Qmail Toaster system.

• 7/22/06: Anthony Howe has upgraded his milters to work with Postfix 2.3 and its new Sendmail 8 milter support. This means that Postfix can now filter based on SURBL hits using milter-link. "Also in this update, milter-link/0.3 has been updated to support aggregate list bit masks and added a new option policy-links."

• 5/1/06: Erik Mugele has added MIME support to his Exim script for checking messages against SURBLs.

• 5/1/06: milter-link for Sendmail "extracts URLs from the message body (text, HTML, and/or MIME encoded)" and checks them against SURBLs, or after domain resolution against RBLs. Written in C, milter-link does on-the-fly MIME decoding without using temporary files.

• 4/18/06: MEFilter, a bolt-on for the MailEnable mail server, adds beta SURBL support. Test results are very favorable.

• 4/17/06: milter-uri.pl is a basic Sendmail milter written in Perl using Sendmail::PMilter and SpamAssassin libraries. It uses the 20_uri_tests.cf rules file to strip the URI's from a message, so it is relatively light.

• 3/20/06: Kaspersky Anti-Spam adds SURBL support starting with Open Beta 3.0. Operates as a standalone filter or with sendmail, qmail, CommuniGate Pro, Postfix or Exim.

• 2/3/06: FirstClass, a messaging and groupware system for schools and businesses, adds SURBL support starting with version 8.1.

• 11/18/05: Eric Hammond says that his Notlong.com redirection service "has been protected by SURBL since July 2004."

• 11/17/05: Kevin Gilbertson reports that he has been using SURBLs for "about a year now" to protect his popular redirection site TinyURL.com from abuse by spammers and phishers.

• 9/14/05: SpamAssassin 3.1 is released with default support for all current SURBLs, including JP. (For SA versions prior to 3.1, please add configurations for JP as described in the Quick Start.)

• 6/8/05: GWAVA version 3.5 adds SURBL support to the GroupWise MTA under Novell Netware.

• 5/15/05: LogSat's SPAMFilter ISP spam and virus mail filtering service now has SURBL support.

• 4/30/05: Erik Mugele has updated his Exim perl script that does SURBL checking to add local whitelisting. (First linked 11/7/04.)

• 2/20/06: Erik has updated the Exim SURBL code to be more efficient, doing fewer queries, faster performance, etc. Please use the updated version at the new link above.

• 3/29/05: Vamsoft's ORF Enterprise Edition adds SURBL suppport to Windows 2000 and 2003 versions of Exchange and IIS SMTP Service (IIS 5 or 6).

• 3/28/05: GFI MailEssentials adds SURBL support to Exchange, Lotus Notes and other popular SMTP/POP3 servers.

• 3/6/05: SpamCopURI version 0.24 has been released with improved URI detection, added redirector sites, revised conf file, etc.

• 3/5/05: Jeremy Andrews has added SURBL support to Drupal CMS, a web Content Management System which allows users to publish web content, organize discussion communities, run blogs, collaborate on projects, etc. Here is his announcement.

• 2/12/05: SpamPal, a client-side filter, now has SURBL support via Alain de Camps' version of the URLBody plugin.

• 1/18/05: Yasu is an open source Win32 or Windows 2000 program to check URIs against SURBLs in Clearswift Mailsweeper. It should be usable with other (Windows) mail systems that can run external scripts and interpret return codes.

• 12/31/04: Invariant Systems has written a Windows URI extraction tool invURIBL which can check message body URIs against SURBLs. It can be used standalone or as plugin to any Windows mail server that can call an external application and process the return code. For example, it is finding use with Declude for Imail.

• 12/28/04: MailMarshal SMTP and Exchange protect enterprise mail against viruses and spam and now support SURBL. (Here's their Knowledge Base article about using SURBLs.)

• 12/3/04: Pieter Droogendijk has written qmail and qmail-ldap patches to use SURBLs.

• 11/15/04: ALOAHA is a transparent SMTP Proxy for Windows which now supports SURBLs.

• 9/25/04: Yves Junqueira's Suri does SURBL checks on mail stored in files. It's a general-purpose program usable with amavisd and others.

• 9/12/04: NEMX adds SURBL support to their Power Tools for Exchange Server spam and virus filter.

• 9/10/04: Martijn Jongen has added SURBL support to ORFilter, a free-ware Exchange plug in. It works with SMTP server, Exchange Server 2000 and 2003 under Windows 2000, 2003, XP.

• 9/3/04: Trash Finder is a plugin for the free IMS mail server on Windows. The subscription version of Trash Finder now supports SURBLs.

• 9/1/04: Bob Apthorpe has written an open source Posix text filter that calls SpamAssassin. Called babycart, it is useful as a general spam check on arbitrary text for example from a wiki or blog. It can be used with SURBLs, RBLs or any other SpamAssassin rules.

• 8/19/04: ASTPS adds SURBL support to Clearswift MAILsweeper, NetIQ Mailmarshal, and other Windows mail scanners. "ASTPS is an Anti Spam Tool which can be used as a plug-in for Clearswift MAILsweeper, NetIQ Mailmarshal and any other scanner platform running on Windows 2000/XP/2003 which supports external programs."

• 8/18/04: Red Earth Software has added SURBL support to version 3.5 of their Policy Patrol commercial anti-spam add-on for Exchange. Here's the press release about it.

• 8/18/04: STAT Communications has added open-source SURBL support to their antispam filter set for the freeware Windows mail server Mercury/32. Their STAT AntiSpam rule set is an open-source, perl-based anti-spam system for use with Pegasus Mail's Mercury/32.

• 8/12/04: Paul Robichaux mentions SURBLs in his winnetmag.com article SURBLs: The Upside of Sharing Spam.

• 8/6/04: SpamCopURI version 0.22 has support for the Combined SURBL list: multi.surbl.org.

• 7/23/04: SnipURL is now using SURBLs to deny abusers access to their URL shortening and redirection service.

• 4/30/04: Ask Bjørn Hansen of develooper.com is using SURBL data to block spammer domains in the Metamark Shorten™ Service URI shortening and redirection service. This is the first use of SURBL data to prevent abuse of a redirection site that we've heard of! Great going! Ask explains his motivation as: "I mostly did it to make it less likely that I'll have to deal with abusers of the service manually. Hopefully the other redirection services will realize that benefit soon as well."

• 4/25/04: Roger Eriksson has created a Windows command script to check SUBRL domains against message bodies in Declude Junkmail. He reports that it is catching 70-75% of spam that his server receives. Declude is an add-on to the Windows mail server Ipswitch IMail.

• Frank Ellermann's rxwhois.cmd is an OS/2 'REXX script whois client with options to query abuse.net, some RBLs, rfc-ignorant.org zones, and similar command line tasks for anti-spam purposes, because OS/2 has no "rblcheck" and no whois client if perl isn't installed.'

• Charles Solomon has successfully installed SURBL support via SpamCopURI and SpamAssassin 2.63 and has it up and running in his Win32 environment. He has kindly documented the procedure (original location) for everyone interested. Charles adds: 'My instructions are written from the point of view of a "Guinevere" (www.beginfinite.com) user and are written for users of Guinevere. However, I expect steps 1-7 to work on just about any Win32 implementation of SA (on ActivePerl 5.6.1).' Please see the document itself for the full details.

• Devin Carraway has written a plugin for the Perl-based MTA qpsmtpd to compare domains from message body URIs to SURBL domain lists. Here's his announcement on perl.qpsmtpd, and a link to his uribl plugin. Congratulations to Devin on the first MTA use of SURBL we've heard about.

• 4/12/04: SURBL gets mentioned on Slashdot thusly:

  Glamdrlng writes "The SURBL, or "Spam URI Realtime Blocklist", represents a nexus of RBL's and content filtering that may bring us one step closer to a spam magic bullet. While traditional RBL's perform a DNS lookup on the connecting mail server, SURBL's take this a step further by parsing the text of the email looking for URI's and doing a lookup on those web servers...."

  Some of the resulting comments seemed to indicate an appreciation of the idea, while others were perhaps somewhat underinformed. On the other hand, some people "got it" pretty strongly. Regardless, the publicity gave the project a definite boost.

• Please see the Links page for more programs using SURBLs.

Update on using URIDNSBL with SURBL

'The current SVN trunk now contains URIBL support for RHSBL lookups using the 'urirhsbl' command:

urirhsbl NAME_OF_RULE rhsbl_zone lookuptype

Specify a RHSBL-style domain lookup. "NAME_OF_RULE" is the name of the rule to be used, "rhsbl_zone" is the zone to look up domain names in, and "lookuptype" is the type of lookup (TXT or A). Note that you must also define a header-eval rule calling "check_uridnsbl" to use this.

An RHSBL zone is one where the domain name is looked up, as a string; e.g. a URI using the domain "foo.com" will cause a lookup of "foo.com.uriblzone.net". Note that hostnames are stripped from the domain used in the URIBL lookup, so the domain "foo.bar.com" will look up "bar.com.uriblzone.net", and "foo.bar.co.uk" will look up "bar.co.uk.uriblzone.net".'

urirhsbl	URIBL_SC_SURBL	sc.surbl.org.	A
header		URIBL_SC_SURBL	eval:check_uridnsbl('URIBL_SC_SURBL')
describe	URIBL_SC_SURBL	Contains a URL listed in the SC SURBL blocklist
tflags		URIBL_SC_SURBL	net

SpamAssassin Corpus Test Results

1. Here are some test results from Daniel Quinlan on 6 April 2004 showing a 60% spam hit rate on some four-day recent spams and 0% false positives on ten months' worth of ham (non-spam messages):

   "Justin added a 'urirhsbl' test to the URIBL module, so I retested on my last 4 days of spam (the ham here ranges from 0 to 10 months old) using SURBL and it exceeded my highest expectations.

     OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME
        6491     1497     4994    0.231   0.00    0.00  (all messages)
     100.000  23.0627  76.9373    0.231   0.00    0.00  (all messages as %)
      13.804  59.8530   0.0000    1.000   1.00    0.01  T_URIBL_SC_SURBL
      14.374  61.5230   0.2403    0.996   0.99    1.00  URIBL_SBL
       0.277   0.8016   0.1201    0.870   0.55    1.00  URIBL_DSBL
   

   I went ahead and promoted T_URIBL_SC_SURBL to URIBL_SC_SURBL"

   Where T_URIBL_SC_SURBL above refers to sc.surbl.org; URIBL_SBL presumably refers to sbl.spamhaus.org (a more conventional numeric RBL); URIBL_DSBL probably refers to a dsbl.org RBL.

2. Here are results on additional lists from Justin Mason on 25 June 2004:

   OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME
    121405    22516    98889    0.185   0.00    0.00  (all messages)
   100.000  18.5462  81.4538    0.185   0.00    0.00  (all messages as %)
    13.453  70.3766   0.4925    0.993   1.00    1.00  SURBL_WS
     3.807  20.3811   0.0334    0.998   0.50    1.00  SURBL_SC
     2.650  14.2565   0.0071    1.000   0.50    1.00  SURBL_AB
     0.019   0.0933   0.0020    0.979   0.50    1.00  SURBL_PH
    12.624  67.6275   0.1001    0.999   0.50    1.00  SURBL_OB
   

   Note that the spam detection rates for the relatively fast-moving AB and SC lists tend to be much higher when the corpus is constrained to their respective time windows of 7 days and 3 days ago. 60% detection rates have been seen for them in actual production systems.

3. Here are results of the 6 May 2006 SpamAssassin mass checks:

     MSECS    SPAM%     HAM%     S/O    RANK   SCORE  NAME
         0   181939    52229    0.777   0.00    0.00  (all messages)
   0.00000  77.6959  22.3041    0.777   0.00    0.00  (all messages as %)
    22.377  28.8009   0.0000    1.000   1.00    0.00  URIBL_SC_SURBL
    26.604  34.2378   0.0134    1.000   1.00    0.00  URIBL_WS_SURBL
    24.854  31.9854   0.0115    1.000   1.00    0.00  URIBL_JP_SURBL
    12.423  15.9889   0.0000    1.000   0.98    0.00  URIBL_AB_SURBL
    23.278  29.9463   0.0479    0.998   0.96    0.00  URIBL_OB_SURBL
     0.236   0.3028   0.0038    0.988   0.67    0.00  URIBL_PH_SURBL
    15.377  19.7803   0.0383    0.998   0.95    0.00  URIBL_SBL
    29.707  38.1606   0.2585    0.993   0.85    0.00  URIBL_BLACK
     0.020   0.0264   0.0000    1.000   0.50    0.00  URIBL_RED
     0.515   0.4353   0.7946    0.354   0.45    0.00  URIBL_GREY
   

   Of particular relevance are the low false positives of some of the SURBL lists such as SC, AB and PH as shown in the low HAM% numbers. (Note that PH is important to use and score highly in order to detect phishes. It doesn't detect a large percentage of spams, but it likely detects many phishes.) The last three rules use uribl.com lists.

   Note that the SC and JP rules are the highest-ranked (best-performing) of all SpamAssassin rules.

   As of 15 September 2005, the default scores for SpamAssassin 3.1.x SURBL rules are commensurately high for SC, JP and AB:

   score URIBL_AB_SURBL 0 3.306 0 3.812
   score URIBL_JP_SURBL 0 3.360 0 4.087
   score URIBL_OB_SURBL 0 2.617 0 3.008
   score URIBL_PH_SURBL 0 2.240 0 2.800
   score URIBL_SC_SURBL 0 3.600 0 4.498
   score URIBL_WS_SURBL 0 1.533 0 2.140
   

Some SpamCopURI + SURBL results

rule                    spam hitrate
BAYES_99                0.91598
DCC_CHECK               0.61738
RAZOR2_CHECK            0.45551
SPAMCOP_URI_RBL         0.37685
RCVD_IN_BL_SPAMCOP_NET  0.36902
RCVD_IN_SORBS           0.30930
1 or more BIGEVIL       0.28707
RCVD_IN_SPAMHAUS_XBL    0.25700
RCVD_IN_DSBL            0.20964
RCVD_IN_DYNABLOCK       0.19646
RCVD_IN_NJABL           0.16928
RCVD_IN_SBL             0.16310