SURBL Links

• SURBL Lookup Look up IPs and domains on all SURBLs
• SURBL announcement and discussion mailing lists
• SURBLs mentioned on Slashdot and again with the release of SpamAssassin 3
• Open Letter To Operators Of Redirection Sites
• Most Abused TLDs: daily count of the TLDs most listed on SURBLs.

 

Mirroring zone files locally

• rbldnsd is highly recommended as a very fast DNS server specifically meant to serve up list zones. Use it with rsync to get the zone files from the list providers.
• rsync offers efficient, incremental, error-corrected file transfer and updating between similar and different platforms such as Posix (UNIX), Windows, etc.
• Instructions for Setting up a SURBL name server
• Here are instructions for setting up a Windows SURBL DNS mirror. Note that there is a Windows port of rbldnsd and rsync.
• How to locally mirror list zone files when running both rbldnsd with BIND under FreeBSD. Applies to other Unix-like operating systems in general. Note that this also works under Windows, since ISC has a Windows version of BIND.
• While rbldnsd is prefered for many reasons, we present steps for Using BIND and rsync to mirror list zones.
• Michele Neylon's DNS Blacklists - Setting up a local mirror explains how he set up rbldnsd and rsync with BIND under Unix/BSD/Linux.
• rbldnsd howto contains Bob Cottrell's notes on how he set up rbldnsd with rsync under Solaris. Includes information about setting up port forwarding in BIND when running both types of name servers on the same host.
• NJABL's tips for running rbldnsd and rsync (local copy) is a guide to setting up and running, including port forwarding in BIND 8 and 9 so that rbldnsd can run on an existing BIND server. Applies equally well to SURBLs and other lists.
• FAQ for rbldnsd and dnscache Rick Macdougall has written up how he set up rbldnsd to run on the same name server as dnscache from djbdns.
• TQMcube.com's RBLDNSD for Postfix How-To Explains how to set up rbldnsd and use it with the Postfix MTA. The rbldnsd part applies to any installation of rbldnsd with BIND under Fedora (or Unix-like operating systems in general).
• Spamhaus' Data Feed FAQ Explains how to configure a standalone rbldnsd, and how to use it with BIND. It also describes using rsync and rbldnsd under Windows and includes a link to Windows software versions.
• To monitor rbldnsd traffic levels, see Mike Atkinson's How-To for converting rbldnsd stats to MRTG graphs. (local copy). See also Michele Neylon's blog post about the above: Graphing RBLDNSD queries using MRTG, and Niall Donegan's follow up blog post: Graphing Rbldnsd Stats With MRTG. See also Skull's Munin plugin for RBLDNSD. "This script is a plugin for munin which allows it to monitor per-zone queries as logged by RBLDNSD statistics file."
• SURBL data feed request form

 

SpamAssassin version 3 has built-in support for SURBLs

• SpamAssassin 3 includes a plugin with SURBL support enabled by default: URIDNSBL config
• SpamAssassin 2.63 and 2.64 Plugin for use with SURBL: SpamCopURI
• How to use SpamAssassin 2.63 with SpamCopURI and SURBL in Win32 (Windows)
• How To Use SpamAssassin on Win32 (Windows) by Michael Bell (original location)
• How to use an Exchange SMTP Transport Event Sink with SpamAssassin (Windows)
• The SpamAssassin Rule QA site has current (weekly) scores of rule hits on spam and ham corpora. Spam hits are good, but ham hits are very bad. The goal is to maximize the former while minimizing the latter. Ham hits make a given rule much less useful so it's arguably most important to minimize those as a first priority.
• If you'd like to generate local statistics for your SpamAssassin rules, there are several ways to do it. One way is to use spamd logs with Theo Van Dinter's sa-stats.pl. Many other stats programs are linked from the SpamAssassin wiki.

 

Applications which use SpamAssassin and support SURBLs

• MIMEDefang Anti-virus and anti-spam Milter for Unix
• AMaViS Anti-virus and anti-spam Milter for Unix
• MailScanner Anti-virus and anti-spam Milter for Unix
• Qmail-Scanner Content Scanner for Qmail mail server
• Qmail Toaster setup for SURBLs on Qmail
• Merak Mail Server Windows mail server with anti-virus, anti-spam, etc.
• MDaemon Windows mail server with anti-virus, anti-spam, etc.
• VisNetic Mail Server by Deerfield.com uses SpamAssassin and SURBLs.
• Message Partners' MPP is a multi-platform mail filter and archival system
• GEE Whiz spam and virus filtering for GroupWise and NetMail adds SURBL support in version 2.0
• MxScan is an anti-spam and anti-virus plugin for the MailEnable Windows mail server. It uses SpamAssassin, ClamAV, etc.
• babycart filters text through SpamAssassin
• SpamAssassin's list of third party software

 

Windows applications supporting SURBLs

• Mail Server Content Filter filters mail in Merak Mail, Microsoft Exchange 2000 and Communigate Pro (Windows version) using regular expressions matching RBL, domain, user or IP addresses against any part of message. Configurations are written in XML.
• ORFilter is a free-ware Exchange plug in which supports SURBLs. ORFilter is reported to work with Exchange 2007.
• Policy Patrol by Red Earth Software adds SURBL support to their commercial anti-spam add-on for Exchange.
• XWall for Microsoft Exchange supports SURBLs.
• GFI MailEssentials v11 adds SURBL support to Exchange, Lotus Notes and other popular SMTP/POP3 servers.
• Vamsoft's ORF Enterprise Edition adds SURBL support to Windows 2000 and 2003 versions of Exchange and IIS SMTP Service (IIS 5 or 6).
• STAT AntiSpam has open-source SURBL support in antispam filter set for the freeware Windows mail server Mercury/32.
• NEMX Power Tools for Exchange Server supports SURBLs.
• Sunbelt Software's Ninja Email Security adds SURBL support to its integrated plug-in architecture for antispam, antivirus, disclaimers, and attachment filtering in Microsoft Exchange environments.
• ASTPS adds SURBL support to Clearswift MIMEsweeper, MailMarshal, and other Windows mail scanners which support external programs.
• eWall is a Microsoft Windows based SMTP gateway by Server Side Solutions which offers SURBL support to any mail server as an open source filter.
• Yasu is an open source Win32 or Windows 2000 program to check URIs against SURBLs in Clearswift Mailsweeper and other Windows mail systems that can run external scripts.
• SmarterMail is a Windows mail server with SURBL support.
• hMailServer is a free email server for Windows. It supports SURBLs and may make use of SpamAssassin.
• Invariant Systems' URI extraction tool invURIBL is a Windows program to check message body URIs against SURBLs for example, from Declude for Imail. It can be used as a standalone program or as a general plug in to Windows mail servers.
• SURBL_filter.zip is a command script checks SURBL sites against message bodies in Declude JunkMail, which is an add-on to the Windows mail server Ipswitch IMail.
• MTS Professional is a low cost, full-featured SMTP/POP3 based email server for Windows NT4/2000/XP. MTS Professional now supports SURBLs.
• Trash Finder is a plugin for the free IMS mail server on Windows. The subscription version of Trash Finder supports SURBLs.
• ALOAHA is a transparent SMTP Proxy for Windows which supports SURBLs.
• (See also how to use SpamAssassin with Windows above.)

 

MTA filters supporting SURBLs

• milter-link for Sendmail (and postfix) checks message body URIs against SURBLs, or after domain resolution against RBLs. Written in C, milter-link does on-the-fly MIME decoding without using temporary files. milter-link now works with Postfix 2.3 via its new Sendmail 8 milter support.
• milter-uri.pl is a basic Sendmail (and postfix) milter written in Perl using Sendmail::PMilter and SpamAssassin libraries.
• j-chkmail Sendmail (and postfix) milter for detecting viruses and spam. A standalone C program
• PTSMail Utilities are designed to manage sendmail under Unix. Uses a web interface to manage virus and spam filtering, quotas, etc. Now supports SURBLs.
• Using SURBLs with the Exim MTA provides a perl routine that can be used with "any other MTA that can call an external process to scan a message."
• qmail and qmail-ldap patches to use SURBLs. Here are local copies of the Regular patch, Qmail-ldap patch and Documentation.
• uribl plugin for SURBLs in qpsmtpd, a perl smtpd with MTA function and plugin capability, announcement
• MailMarshal for Exchange and general SMTP servers protects enterprise mail against viruses and spam and now supports SURBLs. (Here's their Knowledge Base article about using SURBLs.)
• GWAVA version 3.5 adds SURBL support to the GroupWise MTA under Novell Netware.
• Message Partners' MPP multi-platform mail filter and archival system supports SURBLs with MTAs "Postfix, Exim, Sendmail, Qmail, Communigate Pro, Surgemail, Sun Java System Messaging Server and email platforms with a generic SMTP/LMTP filter interface."

 

Other programs and services using SURBLs

• "The Anti-Spam-SMTP-Proxy (ASSP) server project is an Open Source, Perl based, platform-independent transparent SMTP proxy server that leverages numerous methodologies and technologies to both rigidly and adaptively identify e-mail spam." ASSP uses SURBL by default.
• MailStripper by Eridani Star System is an MTA independent, UNIX SMTP spam filter with anti-virus capability that now supports SURBLs.
• MEFilter, a bolt-on for the MailEnable mail server, adds beta SURBL support. Test results are very favorable.
• Kaspersky Anti-Spam adds SURBL support starting with Open Beta 3.0. Operates as a standalone filter or with sendmail, qmail, CommuniGate Pro, Postfix or Exim.
• Guardian Digital, a Linux security company, uses SURBLs in their Secure Mail Suite. Here's the press release about it.
• NetWin adds SURBL support to their multi-platform email, groupware and instant messaging server, SurgeMail.
• Hexamail adds SURBL support to the latest version of their Windows/Linux server-side spam blocker Hexamail Guard.
• MicroWorld includes SURBL support in their eScan and MailScan products.
• SimpleFilter is a POP3 proxy and SMTP service offering pre-filtering of mail and marking of spam subject lines. Uses SURBLs and other techniques.
• LogSat's SPAMFilter ISP spam and virus mail filtering service now has SURBL support.
• SurGATE, Endersys' antispam and antivirus gateway, now has SURBL support.
• Camel's Eye, a GPL'd client-side Java POP3/SMTP proxy, now has support for SURBL."
• SpamPal, a client-side filter, now has SURBL support via Alain de Camps' version of the URLBody plugin.
• Drupal CMS, a web Content Management System now has SURBL support via Jeremy Andrews' spam_surbl module, which is written in PHP. Here is his announcement about it. Drupal allows users to publish web content, organize discussion communities, run blogs, collaborate on projects, etc.
• FirstClass, a messaging and groupware system for schools and businesses, adds SURBL support starting with version 8.1.
• IndiMail, an open source mail server and qmail replacement, added SURBL support as of version 1.8.3.
• Net::Blacklist::Client is a perl module which queries multiple BLs or URIBLs in parallel.
• surblhost is a simple C command line program to query SURBLs, written by Christian Stigen Larsen. surblhost is used by memurl.com to deny redirection services to spammers.
• "Spamcheetah is a spam filter based on OpenBSD employing traffic shaping (tarpit), greylisting, Vipul's razor and friends that employs SURBL effectively for combating URL based phishing attacks."
• Tom Shaw has created a PHP5 object for checking SURBLs called URI Reputation Client.
• Martijn Grooten has published a DNS-based method to check redirectors quickly.
• Suri does SURBL checks on mail stored in files, adapted from Devin Carraway's plugin to qpsmtp. General-purpose program usable with amavisd and others.
• rxwhois.cmd OS/2 whois client whois client for anti-spam use includes SURBL checks

 

Other URI blacklists

• mailpolice Offers seven content-based blocklists mostly compatible with programs that use SURBL. mailpolice's fraud list is currently included in ph.surbl.org.
• dnsbl.invaluement.com "ivmURI is the invaluement URI DNSBL."
• URIBL.com

 

Other resources

• SpamCop reporting site, feeds URI sites into sc.surbl.org. SpamCop Spamvertised Sites
• The Spamhaus Project "tracks the Internet's Spammers, Spam Gangs and Spam Services, provides dependable realtime anti-spam protection for Internet networks, and works with Law Enforcement to identify and pursue spammers worldwide."
• spam@uce.gov The email submission address of the United States Federal Trade Commission should be used by everyone to report unsolicited messages. The submitted messages are stored and indexed and are used in U.S. Federal, State and local government cases against senders of unsolicited messages.
• Here's a link to the November 2005 FTC ruling that web site owners are responsible for sending of unsolicited messages by their affiliates.
• A United States federal appeals court ruled on June 25, 2009 in Zango, Inc. v. Kaspersky Lab, Inc. that the Communications Decency Act, specifically 47 USC 230(c)(2)(B), immunizes filter providers against lawsuits claiming unfair business practices. Here's the ruling (a local copy), Findlaw's coverage, coverage in Wired magazine and technology law professor Eric Goldman's coverage.

 

Best Current Practices (BCP) for Email Marketing

• Canadian Federal Task Force on Spam
• Messaging Anti-Abuse Working Group (MAAWG) Senders Best Communications Practices
• Lyris Opt-in and permission-based email marketing
• The Spamhaus Project Marketing FAQs
• The SuretyMail Email Deliverability Wiki
• SuretyMail Plain-language legal interpretation of FTC May 2008 new rule provisions under the CAN SPAM Act
• LINX Best Current Practice for the running of mailing lists
• MAPS Guidelines for proper mailing list management
• A marketing-oriented site ClickZ

 

Recommendations for Email Service Providers (ESPs)

• Best Practice Recommendations for ESPs
• Neil Schwartzman's blog "Epsilon Interactive breach the Fukushima of the Email Industry" has good advice for ESPs for mitigating breaches and preventing abuse
• John Levine's blog "What Next for Email Service Providers?" also makes recommendations for ESPs in the wake of data breaches

 

Organizations that can help with mail practices

• ISIPP: Institute for Spam and Internet Public Policy
• Unspam A consulting and services company "helping governments craft effective contact control laws and assisting legitimate businesses in complying with them"
• Return Path Certification (formerly Sender Score Certified)
• Word to the Wise Expert email deliverability consulting

 

Free malware and vulnerability tools

• AVG Anti-Virus Free Edition Windows anti-virus
• Malwarebytes Anti-Malware Windows anti-malware, free and commercial
• Spybot - Search & Destroy Windows anti-spyware
• Ad-Aware Windows anti-spyware
• myNetWatchman SecCheck often finds cracked Windows programs that others don't. Be sure to check "Hash Report" when it completes.
• McAfee Avert Stinger Windows anti-virus
• F-Secure Easy Clean Malware and rootkit remover
• Trend Micro Rootkit Buster Windows anti-rootkit
• Secunia Network Software Inspector general network application vulnerability tester
• Nessus vulnerability scanner general network application vulnerability tester

 

Acknowledgements

Thanks

People (in no particular order)

SupraNet

MultiKabel N.V.

Prolocation

Sonic.net

Google.org

Internet Systems Consortium, Inc.

Eric Kolve, Raymond Dijkxhoorn, Justin Mason, Daniel Quinlan, Julian Haight, Sidney Markowitz, Kelsey Cummings, Jacob Davida, Erik O'Connor, Bill Stearns, Chris Santerre, all the folks and organizations providing data and name service, and the many other people without whom this project would not be possible. You know who you are! :-) Our thanks to all!

Some comments about SURBLs

Catherine Hampton, spambouncer.org:

"The results have been nothing short of amazing; the only blocklists that come even close [to SURBLs] in terms of quantities of spam stopped are the SBL and CBL. Given that you don't even need to look up host IPs to check the SURBL, it has to qualify as one of the most useful BLs I've ever tried."

Ben Poliakoff, Reed College:

"SURBL use has enhanced SpamAssassin's accuracy tremendously."

Bob Harbour, President, Harbour Communication:

"The improvements in the last 2 weeks has been amazing with the addition of the SURBLs and the SpamAssassin 3. I am beginning to get calls from customers wondering if we are having problems with our mail server because they are not getting as much junk mail as they were."

Matt Yackley, Network Engineer, Perkins + Will, Inc.:

"SURBL is one of the best tools available to help SpamAssassin catch more spam than ever before."

Lindsay Snider, Cumberland Technologies Inc.:

"SURBL has been excellent for us. Before SURBL, we continued to add and update SpamAssassin rules to try and catch spam as it changed over time. Eventually, we began to see our false positive level gradually increase, hence lowering our trust in the system. We went back to basics using a stock SpamAssassin with the safe SARE rules. We then turned up SURBL and ever since then our scores have been a good deal more accurate. Our false positive rate is zero or very near, and very little spam gets through untagged anymore."

Ross Carlson, Metacraft Internet Services:

"I upgraded to the latest amavisd-new and SA, enabled the DNSBL checks and now the system is tagging about 40% of the incoming mail as spam, compared to about 5% before. I've had nearly 4,000 messages come through in the last 22 hours that had URIs in the SURBL. Love it!"

Partial list of organizations using SURBLs:

Easynet France, Tiscali Benelux, Wanadoo NL, SpamCop, XMission Internet, Excel.Net, Electric Mail Company, Sonic.net, Alice's Registry, Inc., MailGuard Pty. Limited, mail-cleaner.com, Superb Internet Corp., Pacific Internet Ltd, University of Bristol (UK), Shasta.com Internet, MailRoute, Inc., Cumberland Technologies Inc., mailbag.com, NetServices Plc, Hancock Telecom, Atlantech Online, Inc., Omnis Network, LLC, University of Colorado at Boulder, Eolas, Ruprecht-Karls-Universit?t Heidelberg, University of North Carolina at Wilmington, Reed College, Michigan Integrated Solutions, Alaska Communications Systems, Inc., Martek.Net, ImproWare AG (Switzerland), Conpoint.com, Perkins + Will, Inc., Metamark Shorten? Service, SnipURL, B2B2C.ca High Speed Internet, Univerity of Klagenfurt, University of Missouri - Rolla, Yale University School of Medicine, OnlyInternet.Net, Internet Xpress (Colville, WA), GO Concepts Inc., Harbour Communication, KC Online, Utility Line Italia, MWeb (South Africa), PE.net, Voicenet.com, SoftHome.net, adfinis, free.de, Research Machines plc, Ironic Design, Inc., LogIn & Solutions AG, Mycom Group, Inc., Borden Ladner Gervais LLP, Birch Telecom Inc., ena.com, CanadaEmails.com - MPRM Group Limited, SaskNow Technologies, American Home Mortgage, Blacknight Internet Solutions Ltd, Widexs / Ionip, MORPACE International, Inc., RTC Ltd. / MOBIKOM, Plushosting B.V., Peregrine Computer Consultants Corporation, localaccess.com, InterActive Systems Designs (Pty) Ltd, Sentex Communications, BMC Software, Delmarva Online, Inc., FrogNet, Inc., Zoznam s.r.o., University of Ghent (Belgium), AxisInternet, Inc., iSupportISP LLC, San Mateo Regional Network, Inc., cetlink internetworks, Oklahoma Christian University, Cyberindo Aditama, Memorial University of Newfoundland, Grande Communications, Inc., Host -it LTD, Eze Castle Integration, Inc., Lynx Informatica, Metacraft Internet Services, ChiliTech Internet Solutions, Terra Networks (Spain), Hush Communications, CWNET - Communications world network, Riverside Internet, Argentina.Com, Best Software, Ecole des Mines de Paris, Clemson University, Spin srl, LawBase Technologies

---

links.html version 3.15 on 4/6/10