Threat intelligence on 'current, active' bad domains


SecurityZones offers SURBL reputation data

The industry's most comprehensive and accurate list of bad domains!

  • Updated every 1-2 minutes
  • Accurate, effective list of 800,000 - 1,500,000 'current, active' bad domains.

- Used by Security Vendors, AntiSpam Solutions, Service Providers and Enterprise worldwide to improve their defenses against fast flux, bot generated, and malicious domains.

  • Email Filtering
  • Web Filtering
  • Security Solutions

SURBL is a major data source providing domain reputation that's used by the world's largest webmail providers, security vendors, ISPs large through small, universities, private companies, governments, and lots of other folks.

SURBL data are used to help evaluate web site reputation in commercial and open source mail filters, security appliances, and a wide range of mail and web applications and systems.

SURBL Overview

What is SURBL?

SURBL provides a highly accurate and highly dynamic list of current, active, bad domains;  providing up to date threat data on malicious websites.   SURBL is highly effective at controlling the hard to detect phishing and bot-net domains.   SURBL data contains approx 800,000 current, active, bad domains, is updated continuously (updated every 1-2 minutes), and greatly improves detection of phishing, malware and bot-net domains.  


Why use SURBL?

SURBL data are used to help evaluate web site reputation in commercial and open source mail filters, security appliances, and a wide range of mail and web applications and systems


- Fast, dynamic intel to identify Advanced phishing, malware data sources

- Our customers (email providers, filter vendors, security vendors) find SURBL to be a very high value source of intel, and an excellent addition to their solutions. 

How to use SURBL

Email Filtering

A sender blacklist like is commonly used as a first-stage to detect about 80% to 90% of unsolicited messages at the MTA. After the MTA, a second-stage mail filter checks message body web sites against SURBLs. SURBLs enable the mail filter to detect more than 75%* of the remaining unsolicited messages. Together they can detect more than 95%* of unsolicited messages.

SURBLs should be used along with multiple, weighted factors to classify messages, as SpamAssassin does.

SURBL data are typically accessed using DNS queries. Small to medium-sized organizations may use the free public DNS servers, while large organizations of more than 1,000 users should retrieve the data by rsync and serve it from a local DNS mirror or other internal database. When used in combination with Spamhaus, SURBLs can detect more than 95% of unsolicited messages.

Security Data - Delivering a real time feed of 800,000 - 1,000,000 active Bad Domains:

SURBL data is used extensively in security applications including a wide variety of security applications which are enhanced with the SURBL real time threat intelligence. The SURBL data is delivered in near real time, updated every 1-2 minutes. Data provide includes approx 800,000 current active bad domains. This data is highly accurate – SURBL obsesses on quality and has highly sophisticated processing and filtering engines which also includes manual review and white-listing… to ensure a highly effective and highly accurate list.

DNS RPZ – Taking back DNS:

SURBL delivers the first ready for production RPZ source. RPZ can help end Organizations or ISP's in setting a policy on the network layer. If you cannot resolve a malware site in DNS you can't get infected visiting it. This can bring filtering to a whole new level. Who decides what gets inside a RPZ zone? Who do you trust to deliver the data source? Do you trust them today on another level? 


What is SURBL RPZ?

SURBL RPZ is a version of SURBL's high-quality anti-spam, anti-phishing and anti-malware data in the form of a DNS Response Policy Zone (DNS RPZ). DNS RPZs are used to deny or modify the resolution of low-reputation domains, in other words, to deny DNS services for known-bad domains. SURBL is the world's first provider of RPZ data.

Why use SURBL RPZ?

SURBL RPZ data are typically used to protect users from visiting objectionable or dangerous spam, phishing or malware web sites. Doing so can prevent identity theft, phishing attacks, malware infection, loss of revenue due to visiting objectionable spam sites, and more. This is made possible by SURBL's highly-regarded, multi-sourced, real-time intelligence about such domains.

How to use SURBL RPZ

SURBL RPZ is available via DNS zone transfer using recent versions of BIND 9. Local SURBL RPZ queries are answered by your local BIND recursive nameserver where they can be used to deny resolution (NXDOMAIN is the default behavior) or to send traffic to a local walled garden for example, instead of allowing the successful resolution known-bad domains. Other RPZ-supported behaviors are available by modifying the response values as needed in your operational environment.

SURBL RPZ data are available by private incremental zone transfer.

SURBL website -