• DNS blackhole added to our phishing list


    As of December 2007, we have added The DNS blackhole malware, malicious software and phishing site data to our phishing list. more

  • PhishTank data added to our phishing list


    As of October 2006, we are adding PhishTank data to our phishing list. more

  • JP data removed from WS


    We have removed the JP data from WS. If you did not have a separate rule or configuration to use JP before, then please add one. Examples for SpamAssassin are in the Quick Start. (Starting with more

  • SC and WS zone files removed


    SC and WS zone files have been removed from the SURBL web site per below. Please use invURIBL or another SURBL plug in with Declude instead. more

  • SC and WS zone files to be removed


    SC and WS zone files will be removed from the SURBL web site by 1/7/05. This does not affect DNS operation or most SURBL applications which use it, but it does mean that users of Roger more

  • Mail Police added to phishing data


    We have added data from into ph, joining our exiting phishing data from This has doubled the size of our phishing list to about 1000 records. Thanks more

  • JP is now a part of


    A new list is now part of With a bitmask value of 64, it exists only as part of the combinded SURBL list multi, not as a standalone list. JP is based on trap data more

  • Standardized 15 minute TTLs


    After trying DNS TTLs at 25, 20 and 15 minutes, it appears that 15 minute TTLs optimizes both name server traffic and the quickness of records being added or deleted from the lists. Therefore we more

  • TTLs on all lists set to 25 minutes


    As part of our continuing TTL experiment, we have set the TTLs on all lists to 25 minutes. If the resulting DNS traffic does not change much, then we will leave the slower-changing lists at 25 more

  • Deprecating


    We are deprecating, the SURBL list made from a stale snapshot of the BigEvil list before it got ws added into it. BE probably isn't too useful anymore since it's not getting more

<< < 1 2 [3] 4 > >>

SURBL Data Feed Request

SURBL Data Feeds offer higher performance for professional users through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.

The main data set is available in different formats:

Rsync and DNS are typically used for mail filtering and RPZ for web filtering. High-volume systems and non-filter uses such as security research should use rsync.

For more information, please contact your SURBL reseller or see the references in Links.

Sign up for SURBL Data Feed Access.

  • Sign up for data feed access

    Direct data feed access offers better filtering performance with fresher data than is available on the public mirrors. Sign up for SURBL Data Feed Access.

  • Applications supporting SURBL

  • Learn about SURBL lists