CR (cracked sites) sublist to be added to multi.surbl.org SURBL traditionally lists hosts (domains and IPs) owned by abusers, but as blacklisting their own hosts has impacted them, some have ...read more
In order to keep improving SURBL data, we plan to reorganize some of the sublists inside the combined list multi as described below. SC, AB sublists deprecated, merged into ABUSE sublist with ...read more
Today we added blocked notifications for use in SpamAssassin. This allows people to see if they are beeing blocked by ...read more
The experimental sublist XS which we set up a few years ago has been deprecated. If you are querying it, then please stop querying ...read more
As announced last October, malware data has been moved from PH to a new list MW, taking the bit of OB, which was deprecated last year. Along with malware data, limited set of cracked hosts also has ...read more
We have added some more domains to the two-level-tlds and three-level-tlds files as available on the SURBL site. The updated files can be found ...read more
We are very pleased to announce that the SURBL phishing list: http://www.surbl.org/lists.html#ph now includes data from Phishlabs: http://www.phishlabs.com/ Thanks to Phishlabs for ...read more
In order to keep improving SURBL data, we plan to reorganize some of the sublists inside the combined list multi as described below. OB -- OB sublist to be deprecated immediately Due to ...read more
SURBL has updated its Open Letter To Operators Of Redirection Sites by adding some best practice recommendations: http://www.surbl.org/redirection-sites They include: Check links ...read more
Anthony Howe noticed that gcc was complaining about ISO 8859-1 accented characters used in the two-level-tlds file. With his kind help, we converted those to equivalent IDN representation. Diffs ...read more
SURBL Data Feed Request
SURBL Data Feeds offer higher performance for professional users through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.
The main data set is available in different formats:
Rsync and DNS are typically used for mail filtering and RPZ for web filtering. High-volume systems and non-filter uses such as security research should use rsync.
For more information, please contact your SURBL reseller or see the references in Links.
Sign up for SURBL Data Feed Access.