An increasing number of DNS services are being deployed to protect end users against and to monetize typo, malware, phishing and spam sites by redirecting web service to an alternate site. Generally they do this by changing the IP address or NXDOMAIN responses to DNS queries. Unfortunately these changes can adversely affect SURBL DNS responses and create false positives or false negatives. One way to test for this is to make sure that responses to SURBL DNS queries are in 127/8, or more specifically 127.0.0.0/24. While this won't fully determine correct results, it's still a recommended and good basic input verification test. A good solution is to run a local caching nameserver for DNS resolution, which can also improve performance. More information can be found at:

http://www.surbl.org/faq.html#dnsproxy http://www.surbl.org/implementation.html http://www.surbl.org/public-dns.html