New ABUSE sublist -- SC, AB sublists deprecated -- migration to ABUSE
December 18, 2015In order to keep improving SURBL data, we plan to reorganize some of the sublists inside the combined list multi as described below.
SC, AB sublists deprecated, merged into ABUSE sublist with JPUntil now the SURBL multi data set consisted of the two typed sublists MW (malware) and PH (phishing) and several general data sets (AB, JP, SC and WS), each with its own bit mask value. To simplify the use of multi and to prepare for more detailed typing information in the future we will be merging the above general lists into a single sublist that will be known as ABUSE. All domains listed on ABUSE will return bit mask 64, the value previously used by the JP sublist.Effective immediately, the SC and AB data sets have been migrated and are already part of ABUSE, as is the JP data set. These migrated data sets now no longer return bit mask values 2 (SC) and 32 (AB) but 64. Their old bit mask values have been deprecated.
WS sublist to be deprecated after transition period
The WS sublist will be migrated into ABUSE (bit mask value 64) after a transition period, per the timeline at the end of this announcement. Its old bit mask value 4 will then be deprecated.For compatibility with existing applications, any TXT records for hosts listed on ABUSE will continue to identify the sublist name as JP until the end of the transition period. To existing unmodified applications it will appear that the SC and AB sublists have been emptied and their data added to the JP sublist.Generally we recommend that application developers not depend on particular TXT records, as they are meant for human readers (for example, in non-delivery messages) and are subject to change without notice. Applications should always use the numeric (A record) return values from DNS queries instead.
TimelineDeprecation of the SC, AB sublists - ImmediateAB => bit mask value 64SC => bit mask value 64Migration of WS dataset to ABUSE - 1 May 2016WS => bit mask value 64renaming of ABUSE TXT recordThe documentation on the SURBL site will be updated over the next few weeks to reflect the changes. It has not been updated yet.http://www.surbl.org/lists
Recommended actionWe recommend that SURBL application developers prepare to update their configurations according to these changes so they are ready when the changes are put into production on our name servers and zone files.Please direct followup discussion to the SURBL Discussion list.
SURBL Data Feed Request
SURBL Data Feeds offer higher performance for professional users through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.
The main data set is available in different formats:
Rsync and DNS are typically used for mail filtering and RPZ for web filtering. High-volume systems and non-filter uses such as security research should use rsync.
For more information, please contact your SURBL reseller or see the references in Links.
Sign up for SURBL Data Feed Access.