6.0 ORF Online Help
Select your ORF version:

Table of Contents


This help section describes the SURBL test of ORF and the related settings. Find the SURBL Test configuration under the BlacklistsSURBL test in the left navigation pane.

What are SURBLs and How They Work?

SURBLs are online lists of Uniform Resource Identifier (URI) hosts, typically web site domains, that have been observed in unsolicited messages. For example, if a spam contains a link to the spamvertized online medicine shop site as http://np7zhg13g5.n0rxmeds.biz/bis/?add=10, SURBLs will list the domain n0rxmeds.biz. SURBLs (like DNS blacklists) are queried using DNS lookups by ORF.

General Information

The SURBL Test (actually URL domain blacklisting) feature of ORF is a powerful anti-spam technique. When this feature is enabled, ORF scans the email and extracts all links (URLs) from the email. The resulting URL list is then distilled to a domain list and checked against the online SURBLs (URL domain blacklists, see above).

ORF provides two types of URL domain blacklists, an automatic and a manual one, called SURBLs and the User-Defined URL Domain Blacklist, respectively.

Enabling or Disabling the SURBL Test

You can enable or disable the SURBL Test by clicking the ON / OFF button on top of the BlacklistsSURBL Test page, or on the FilteringTests page.

SURBL Test Settings

Click the Settings button to configure the URL blacklist settings. Information about the settings is available in the SURBL Test Settings topic.


Add list of domains to the Exception list to exclude them from filtering. This can be useful to eliminate false hits without whitelisting the sender. See the Domain Lists help section.

Using the User-Defined URL Domain Blacklist

Click the Configure button of the User-Defined URL Domain Blacklist group. See the Domain Lists help section regarding the configuration.

Using SURBLs

Activating or de-activating SURBLs

Set the checkbox of the SURBL that you want to activate or clear the checkbox to de-activate. Only the active blacklists are used for filtering. Before you start using an SURBL, it is strongly recommended to read its description.

Setting the SURBL check order

The SURBL on the top of the list is checked first when filtering. Set the check order by selecting the SURBL and moving it using the Move Up and Move Down buttons. Alternatively, you can move the SURBL by drag & drop.

Adding, modifying and deleting SURBLs

Click the New button to add a new SURBL definition to the list. To modify an existing SURBL definition, click Modify. SURBLs can be deleted using the Delete button or the Delete key.

Exporting and importing SURBLs

Right-click on the list and select "Import definitions..." or "Export definitions..." Alternatively, you can do this from the menu: select FileImportURL domain blacklist or FileExportURL domain blacklist and select the list you want to import or export. See more on this below.

Using the SURBL Properties Dialog

See the SURBL Properties section.


SURBL false positive reporting

You can help the work of the SURBL maintainers by reporting any domains that are currently blacklisted, but should not be included in the SURBLs to [email protected]. Visit http://www.surbl.org for details.

Can ORF work with obfuscated URLs?

The ORF URL extraction engine recognizes the most common URL obfuscation attempts. The extraction engine recognizes virtually all URLs which are highlighted links in Microsoft® Outlook® and Outlook Express®.

Does ORF work with Internationalized Domain Names?

Yes, ORF 5.1 added support for recognizing and encoding IDNs properly in both plain text and HTML sources.

Exporting and importing SURBL definitions

The import and export format for SURBL definitions is XML (see the List Import and Export Formats section).

It is recommended to keep the list SURBL definitions up to date to maximize the filtering efficiency: the latest definitions are available on our website.

Copyright © Vamsoft Kft. All rights reserved. Document ID adm-urlblacklist, version 2.