SURBL RPZ data are typically used to protect users from visiting objectionable or dangerous spam, phishing or malware web sites.

Enforce Policy, and Block resolution of bad domains.. at the DNS level.
Doing so can prevent identity theft, phishing attacks, malware infection, loss of revenue due to visiting objectionable spam sites, and more. This is made possible by SURBL’s highly-regarded, multi-sourced, real-time intelligence about such domains.

DNS RPZs are used to deny or modify the resolution of low-reputation domains, in other words, to deny DNS services for known-bad domains.  

What is SURBL RPZ?

SURBL RPZ is SURBL’s high-quality anti-spam, anti-phishing, and anti-malware data in the form of a DNS Response Policy Zone (DNS RPZ). DNS RPZs deny DNS services for known malicious domains. SURBL is the world’s first provider of RPZ data.
SURBL RPZ data provides fast, dynamic intel to identify Advanced phishing, malware data sources

What RPZ Feeds Are Available?

As a quick overview:

SURBL provides a highly accurate and highly dynamic list of current, active, bad domains;  providing up to date threat data on malicious websites.   SURBL is highly effective at controlling the hard to detect phishing, malware and bot-net domains.   SURBL data contains approx 1.5 million current, active, bad domains, is updated continuously (updated every 1-2 minutes), and greatly improves detection of phishing, malware and bot-net domains.

– Fast, dynamic intel to identify Advanced phishing, malware data sources
– Our customers (email providers, filter vendors, security vendors) find SURBL to be a very high value source of intel, and an excellent addition to their solutions.


SURBL Multi – the primary SURBL feed is called ‘Multi’ – which is a composite list of all known ‘current, active bad domains.  Regarded as best source of intel on bad domains, due to the extensive level of coverage and effectiveness. 

– Fast, dynamic intel to identify Advanced phishing, malware data sources
– Updated every 1-2 minutes
– Highly accurate
– Global coverage… approx 1.5m – 2.0 ‘current, active’ bad domains

SURBL Fresh: feed provides critical, accurate, information on the brand new domains, based on the time new domains are placed into service. This is highly valuable intel to proactively address the ongoing use of fast flux, and brand new domains in malicious activities contains information about the DNS insertion time of new domains for most of the TLDs on the Internet.  You can define your own policies, based on this highly accurate data.


SURBL RPZ data, which is available by private incremental zone transfer, is used to protect and prevent users from visiting websites that pose cyber threats, including spam, phishing, and malware sites. 

This improves detection and prevents phishing attacks, malware infections, identity theft, and loss of revenue, which could be detrimental to a business. All of this is possible thanks to SURBL’s highly-regarded, multi-sourced, real-time intelligence about such malicious domains.


SURBL RPZ is available via DNS zone transfer using recent versions of BIND 9. Your local BIND recursive nameserver answers local SURBL RPZ queries and uses them to deny resolution (NXDOMAIN is the default behavior) instead of allowing the successful resolution of known bad domains. Other RPZ-supported behaviors are available by modifying the response values as needed in your operational environment.

Ready to see how SURBL RPZ can benefit your business? Contact Us to Sign up for your 30 day free trial.