Based on comments received so far, the following is proposed for a combined SURBL list:
Name: mutli.surbl.org
The sc and ws lists and a phishing list would be combined into a single, bitmasked SURBL mutli.surbl.org. Bitmasking means that there will only be one entry per spam URI domain name or IP address, but that entry will have an IP address that resolves according to which lists it belongs to:
1 = comes from sc.surbl.org 2 = comes from ws.surbl.org (and be.surbl.org) 4 = comes from phishing list
Where if an entry belongs to one of the lists it will have an address where the last octet has that value, for example 127.0.0.4 means it comes from the phishing list and 127.0.0.1 means it's in the data used in sc.surbl.org. An entry on multiple lists gets the sum of those list numbers as the last octet, so 127.0.0.3 means an entry is on both ws.surbl.org and sc.surbl.org. In this way membership in multiple lists is encoded into a single response.
Default TTL for the combined list is generally the longest of the included lists, which is six hours, while individual entries inherit the shortest TTL which can be 10 minutes for sc data. That allows individual entries to expire in BIND appropriately to their data source.
TXT message for each entry is generic, pointing to a page describing the different lists and their data sources.
All this is still open to discussion, but lets lock in the bitmasking scheme, unless there are any strong objections, so that the SA programs can start to be written or modified to use a combined list.
A combined list would be in addition to the individual lists, which would continue to exist.
Comments anyone?
Jeff C.