SURBL Multi Blacklist
SURBL Multi is a composite blocklist or blacklist that aggregates data to identify domains and IPs involved in online abuse.
Updated on 17 Jun 2026: We updated this guide to clarify SURBL Multi result codes, delisting checks, and prevention steps.
Summarize with
Check if you are listed on SURBL Multi Blacklist
And 143 other blocklists.
Spamhaus
0Spam
Cisco
NoSolicitado
URIBL
abuse.ro
ALPHANET
Anonmails
Ascams
BLOCKEDSERVERS
Calivent Networks
EFnet
JustSpam
Kempt.net
NordSpam
RV-SOFT Technology
Scientific Spam
Spamikaze
SpamRATS
SPFBL
Suomispam
System 5 Hosting
Team Cymru
Validity
www.blocklist.de Fail2Ban-Reporting Service
ZapBL
2stepback.dk
Fayntic Services
ORB UK
technoirc.org
TechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftSpamhaus0SpamCiscoNoSolicitadoURIBLabuse.roALPHANETAnonmailsAscamsBLOCKEDSERVERSCalivent NetworksEFnetJustSpamKempt.netNordSpamRV-SOFT TechnologyScientific SpamSpamikazeSpamRATSSPFBLSuomispamSystem 5 HostingTeam CymruValiditywww.blocklist.de Fail2Ban-Reporting ServiceZapBL2stepback.dkFayntic ServicesORB UKtechnoirc.orgTechTheftWhat is SURBL Multi blacklist?
The SURBL Multi blacklist is SURBL's public combined dataset at multi.surbl.org. It is a URI-focused blocklist that lists domains and IP addresses found in malicious or abused website links, not a traditional sender-IP blacklist. Mail filters use it to tag or block unsolicited messages based on URLs in the message body, and DNS firewalls can use the same reputation data to block access to dangerous sites.
Technically, it uses bitmasking. A single DNS A record response shows which sub-lists contain the queried domain or IP address. The response looks like 127.0.0.X, where X indicates list membership. For example, 127.0.0.8 means the entry is on PH, and 127.0.0.64 means it is on ABUSE. If an entry appears on multiple blacklists, the values are added together, so 127.0.0.80 means MW and ABUSE because 16 + 64 = 80. SURBL says the default TTL for live Multi data is 60 seconds, and the Multi data is updated on average every 30 to 40 seconds.
- 4 means DM, disposable email domains.
- 8 means PH, phishing sites.
- 16 means MW, malware sites.
- 32 means CT, click tracker domains.
- 64 means ABUSE, spam and other abuse sites.
- 128 means CR, cracked sites.
SURBL also publishes TXT records for human-readable explanations, but automated systems should rely on the A record response. A result of 127.0.0.1 means access to the public SURBL nameservers is blocked, not that the queried domain has normal list membership.
Who runs SURBL Multi blacklist?
The SURBL Multi blacklist is operated by SURBL BV, a corporation registered in the Netherlands. The company provides near real-time reputation data feeds for mail flow, mobile communications, web access through DNS firewalls, and other security use cases. SURBL's public Multi data is available through DNS queries for eligible low-volume users, while private data feed formats include API, CSV, DNS, RPZ, RSYNC, and RTF.
The name SURBL originally stood for 'SpamCop URI Realtime Block List' and was later updated to 'Spam URI Realtime Block List' as the project expanded beyond its first data sources.
How do I get delisted from SURBL Multi blacklist?
To request removal from this blocklist, start with the official SURBL lookup. Visit the SURBL Lookup page and follow the removal form instructions. Before you request delisting from this blacklist (blocklist), fix the issue that caused the listing.
- Confirm exactly what is listed. Check the domain, host, or IP address shown in the lookup result, and note whether the result points to PH, MW, CR, CT, DM, ABUSE, or a combined code.
- Remove abusive content. Clean phishing pages, malware loaders, spam landing pages, cracked content, unauthorized redirects, and injected links.
- Secure the environment. Patch CMS software and plugins, rotate FTP and control panel passwords, scan upload devices, and check DNS control panels for malicious subdomains.
- Review email practices. Use confirmed opt-in for marketing mail, remove unengaged or risky addresses, and stop any campaign that links to compromised or low-quality pages.
- Use DMARC reporting for source visibility. Suped's DMARC reporting product helps identify unauthorized sources using your domain, which is useful when the listed URL appears in mail you did not send.
After the fixes are complete, submit the removal request. SURBL can deny delisting when phishing, malware, cracked pages, DNS abuse, or spam-linked content remains active.
What is the impact of a SURBL Multi blacklist listing?
The impact of a SURBL Multi blacklist listing is medium for many legitimate senders, but it becomes severe when the listed domain appears in active email campaigns or customer-facing links. Because SURBL Multi checks URLs in the message body, mail can be filtered even when the sending IP address has no direct listing. Providers using this blacklist (blocklist) can reject the message, route it to spam, add a warning, or increase the spam score.
Outside the inbox, DNS firewall users can block access to the listed website. The exact result depends on the sub-list involved and the receiving system's policy. PH, MW, and CR listings normally need a security cleanup first. CT, DM, and ABUSE listings often point to sending practices, tracking-domain use, disposable email infrastructure, or abusive website content.
How to reduce future SURBL Multi blacklist listings
After delisting, treat SURBL as both a website security signal and an email reputation signal. The practical goal is to stop listed URLs from appearing in mail and to keep your domain from hosting pages that look abusive.
- Monitor websites and landing pages for injected redirects, phishing kits, malware, and cracked CMS content.
- Keep CMS core software, themes, plugins, and DNS control panel access patched and protected with strong authentication.
- Use dedicated tracking domains only for mail sent to confirmed, engaged recipients, and retire tracking links that appear in abusive campaigns.
- Watch DMARC aggregate reports in Suped for unauthorized sources sending mail with your domain, then investigate campaigns that include unfamiliar links.
- Recheck SURBL after cleanup and again after new campaign launches, because the Multi feed updates frequently and a new listing can affect active sends quickly.
