invaluement anti-spam DNSBL
Listed? Visit our lookup & removal utility



+1 (478) 475-9032

Mailing Address:
PowerView Systems
PMB 305
3780 Northside Drive
Suite 140
Macon, GA  31210
  ivmSIP (sender’s ip dnsbl)   ivmSIP/24   ivmURI (uri dnsbl)  
  spam blocker blog   dnsbl guide   rsync access & instructions  
  reviews   about “invaluement”   lookup utility   contact  


for Macon &
W.R., Georgia,

“a Domain/URI Blacklist

ivmURI, is one of three invaluement DNSBLs. Please first read the discussion of goals and features shared by all 3 lists detailed on the invaluement Anti-Spam DNSBL page.

Mailadmin & SARE Ninja, Alex Broens said:

“ivmURI has become another valuable spam detection layer which I highly recommend to my customers. Rob McEwen has done a great job in this niche and complements the already available resources, with minimal admin requirements - setup & it works!”
founder of SURBL, Jeff Chan said:

“We've enjoyed working with Rob McEwen on SURBL and expect his new DNSBL to aid in the identification of unsolicited messages in new ways.”

ivmURI is the invaluement uri dnsbl. Aka a “uri bl”, this list includes those IPs and domain names which only appear in the body of unsolicited messages. ivmURI was developed by one of the long-time SURBL administrators, Rob McEwen, and is now considered to be one of the four top-tier URIBL/domain blacklists, along side SURBL, URIBL and SpamHaus’s new DBL list. In fact, the drop-off in quality after the four major URI blacklists (SURBL, URIBL, ivmURI, and DBL) is considerable. Simply put, there is no close fifth.

How can we know this? Besides having data from industry leaders backing up this claim, we are in a position to know and to judge because the founder and developer of ivmURI, Rob McEwen, has been an administrator for SURBL since June 2005 and continues to serve in that role. Therefore, Rob has an insider’s knowledge of the inner workings of SURBL. (Rob was also a participant in the discussions which led to the formation of URIBL, and keeps close contact with some of the URIBL folks as well.) It was this hard won expertise that inspired the creation of ivmURI.

None of the four major URI/Domain blacklists (SURBL/URIBL/ivmURI/DBL) make any of the others obsolete because all block some spams missed by the others. Therefore, we consider all four to be indispensable. However, ivmURI could still be a huge help for some organizations who now suddenly find themselves unable to afford to subscribe one or more of the others. True, every one of these except for ivmURI is free for low-volume and/or non-profit usage. However, at some point, the other three require a subscription which is actually more expensive than an invaluement subscription. In contrast, because a subscription is required at all usage levels for the invaluement lists, we are then able to make our invaluement subscription prices much more reasonable than what other DNSBLs charge for rsync access. This is a huge help for those organizations which either (a) find themselves having to pay for access to the others due to licensing policies --OR-- (b) who have a high messaging volume which demands rysnc access to DNSBLs in order to benefit from the higher efficiency gained by serving DNSBLs locally. In either case, such organizations will find rsync to the invaluement lists surprisingly affordable.

Most importantly, ivmURI holds it own in comparision to other URIBL/Domain blacklists....

FOR EXAMPLE: Recently, a multi-national corporation with 60K employees gathered stats on ivmURI, SURBL, and URIBL. (DBL didn't exist until March 2010.) Their statistics showed that 72% of the spam blocked by SURBL was also blocked by ivmURI. Obviously, it is noteworthy that 28% of the spam blocked by SURBL was missed by ivmURI! However, (overall) in those statistics, ivmURI blocked more spam than both SURBL and URIBL, and had fewer false positives than both SURBL and URIBL. Additionally, for every 1 spam blocked by SURBL that ivmURI missed, there were 2 spams blocked by ivmURI that SURBL missed. Finally, ivmURI had the highest “unique” spams blocked (that being spams blocked by a URI blacklist which ALL other URI lists missed). In fact, ivmURI beat out the 2nd place URI blacklist in this “uniques” category ( by a 2-to-1 margin. (details and raw data available upon request)

How does ivmURI fit into this mix of high quality URI DNSBLs?

“ivmURI alone now accounts for 85% of all the spam we block, while maintaining an extremely low false positive rate.”

Chris Owen,
  1. LOW FALSE POSITIVES: At least as low as SURBL and URIBL.
  2. UNIQUES: As stated, there are some series of spam listed only by ivmURI, or listed by ivmURI first. In fact, periodically a URI will get listed only on ivmURI, and then SURBL and/or URIBL and/or DBL will pick up that URI months later. (Of course, the reverse is true as well! Which is why every major URI/Domain Blacklist is very valuable and we use every such one we can access in our own spam filtering!)
  3. SMALL MEMORY FOOTPRINT: ivmURI has a memory footprint which is much smaller than URIBL and vastly smaller than SURBL.
    • This opens up possibilities for applications which require a smaller memory footprint URI BL!
    • Interestingly, ivmURI’s spam catch rate is at least as high as SURBL, URIBL, and DBL. So, in this case, having less data does not translate to less spam caught!
  4. FAST UPDATING: In situations where all four URI/domain blacklists have caught a new spammer’s domain at the same time (at the backend), ivmURI has one of the fastest turnaround times for getting that domain into circulation, for productive use. This helps catch new series of spam that haven’t had much time to get listed on all the various types of anti-spam clearinghouses and are, therefore, at high-risk for getting missed by many spam filters.

Examples of URIs caught by ivmURI,
but missed by SURBL and URIBL!

“ivmURI is a URI (domain) DNSBL like SURBL or URIBL, with high effectiveness (comparable with URIBL/SURBL), extremely low false positives, and quick to list.”

From CBL, the largest component of Spamhaus’ Zen & XBL lists -- see full quote on the web site!

NOTE: The DBL was not available when the following information was gathered. We will include DBL for another batch very soon.

The following is a tiny sampling of such messages. In this case, we took the last 500 message caught by ivmURI, waited 24 hours (to give SURBL and URIBL extra time to catch these). Extracted from that batch, below are the domains caught by ivmURI but missed (at that time) by surbl and uribl, even after giving them an extra 24 hours to catch up.

  • Some of these web sites have been terminated by hosting providers by now. Also, some of these are listed on surbl and uribl by now!.
  • This batch was collected on May 31, 2008. Fresher samples will be posted here from time to time.
  • For each domain listed below, we have unsolicited messages on file with those domain names used in the message’s links.
  • Had we spotted URIBL and SURBL an extra 1 hour instead of 24 hours, this list would be much larger. And, as mentioned earlier, surbl and uribl also catch much spam missed by the other two URI BLs, including listing URIs missed by ivmURI... so this point cuts all three ways!
  • Visit these web sites at your own risk since we haven't checked them for malicious exploits.

Uri Uniques Uri Uniques Uri Uniques

How to access the invaluement DNSBL?

Sign up here for an evaluation.



“a Domain/URI Blacklist

What is a

If you are not a professional in the mail hosting and spam filtering industry, you may be wondering, “What is a URI DNSBL? And what does URI stand for?” ...keep reading...

A uri dnsbl is simply an anti-spam “black list” delivered via DNS which consists of domain names and IP addresses which are found in the body of the message. Specifically, there are the domains and IP addresses which spammers use to host their web sites. They are a part of the clickable links that the spammer has placed inside the messages so that, when someone clicks on that link, it goes to the spammer’s web site.

Why not call it a domain name black list?

Since the spammers sometimes use IP addresses instead of domain names, the term domain name blacklist is insufficient. That is where the term URI comes into play. URI stands for Uniform Resource Identifier, and this term covers both domain names and IP addresses.

How is a URI list different from a “regular” DNSBL?

A traditional DNSBL (aka “rbl”) is a list of the IP addresses from which spam is sent. In contrast, a URI blacklist is blocking spam based on the domain names and IP addresses (referred to as URIs) that are contained within the body of the message.

Is this the same thing as a Right Hand Side Blacklist (RHSBL)?

No! Many confuse RHSBLs with URI BLs. A RHSBL lists domains used in the “from” address of spams. A URI blacklist goes after the clickable links in the body of the message. A very high percentage of spams are sent from forged addresses. In those cases where the return address actually belongs to the spammer and the spammer is trying to get the recipient to reply, the spammer is probably going to use a freemail address (gmail, yahoo, hotmail, etc.) as their from or reply to address.

Therefore, RHSBLs are practically worthless and should not be confused with URI blacklists, which are far more effective than RHSBLs.

  ivmSIP (sender’s ip dnsbl)   ivmSIP/24   ivmURI (uri dnsbl)  
  spam blocker blog   dnsbl guide   rsync access & instructions  
  reviews   about “invaluement”   lookup utility   contact  


for Macon &
W.R., Georgia,