MailCleaner offers SURBL as an option to the MailCleaner Virtual Appliance. This additional option increases the phishing and malware detection rate and reaction of our product.

SURBL is a list of web sites that have appeared in unsolicited messages and not a list of message senders. SURBL has proven to be a highly-effective way to detect cracked websites that host malware, phishing or other malicious content.

What Are The Benefits?

As a MailCleaner option, SURBL Data Feeds offer higher performance for our clients through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.

How Does It Work?

Websites seen in unsolicited messages tend to be more stable than the rapidly changing botnet IP addresses used to send the vast majority of them. Sender lists like Spamhaus can be used in a first stage filter to help identify a majority of unsolicited messages, but SURBL can help find unsolicited messages in a second stage filter.

SURBL data are updated more than 240 times daily and are provided to users worldwide via a data feed service.

Phishing data from multiple sources are included in this option, like PhishTank, OITC, PhishLabs, Malware Domains and several other sources, including proprietary research by SURBL.

It also contains data from multiple sources that cover sites hosting malware or cracked sites. This includes OITC,, The DNS blackhole malicious site data from and others.


SURBL was created in 2004 to replace formatted text-based lists such as “sa-blacklist” that were previously used in SpamAssassin and distributed through web sites. The announcement of SURBL as a URI DNSBL was made April 8, 2004 to the SpamAssassin user community. SURBL is the first major list of the URI DNSBL type.


As all MailCleaner options, you simply add 20% to the price of the basic MailCleaner Virtual Appliance Solution license.