SARBL - Smart Adaptative Realtime URIBL

SARBL is a dns service anyone can use to filter spams.

It's a DNSBL stating which domain name is likely a spammy one. It's currently used by a bunch of French, Canadian and British ISPs and hosting providers. It's well maintained as of August 2016.

How can I use SARBL to filter my spam?

If you know how to use a URI RBL in your spam filtering software, just add "" in your uri filters.

Users of Amavis or Spamassassin, you can add this to your spamassassin configuration filters:

urirhssub       URIBL_SARBL       A
body            URIBL_SARBL        eval:check_uridnsbl('URIBL_SARBL')
describe        URIBL_SARBL        Contains an URL listed in the SARBL blocklist
tflags          URIBL_SARBL        net
reuse           URIBL_SARBL
# here, choose how many points you want to give to emails whose domain names are detected by our filter: 
# our recommended default score is 2, but once you trust this list enough, 4 points could be good:
score URIBL_SARBL   0 4 0 4 
# if you trust it to *not* trigger a false positive, you could even say 5 or 6 points here :) 

Then restart your spamassassin or amavis daemon to use this new service.

Users of Rspamd can benefit from SARBL since version 1.3.3 or use the following configuration snippet :

   group "surbl" {
       symbol "RBL_SARBL_BAD" {
           weight = 2.0;
           description = "A domain listed in the mail is blacklisted in SARBL";
   rule {
       symbol = "RBL_SARBL_BAD";
       suffix = "";
       noip   = true;
       images = true;

Please note that we'd rather have less blacklisted domains than false positive. So you should be able to give a lot of points to this filter without much risk.

Questions ? Participate ? ...

If you have questions, you should look at the FAQ for answers, if you can't find your answer here, contact us at team [at]' (no spam or commercial proposals, thanks)'. We can answer questions in French and English.

If you want to participate to this project, mail us, having users feedback and some non-filtered spams could help, and helping building the regexp we use could help too ...