I have found through experience that the FP rate is considerably higher when checking headers with SURBL. I can't even recall ALL the reasons why... but I know empirically... from actually experience... that this is true. (especially with IP addresses)
I can second this. I did some testing just for my own curiousity a while back because plenty of spammers, even those sending through open proxies, use their own registered domains to HELO and/or in the From: line. However, I found that the following stuff causes FPs:
* With IPs, often an IP that is used directly in a spam is on a hacked server that is not supposed to be a web server. If you block URIs on the IP, you get no false positives. If you block on headers, you often do, especially if you block on all foreign IPs rather than the first external IP/"handoff IP". That's because these trojaned servers also have a "real life" as something else, often a DNS or mail server (if a server), or a user workstation. If you deliberately want to cause FPs to pressure the owners to clean up the trojan, fine, but that is not what SURBLs are intended to do. That's SPEWS or (to a much lesser extent) the SBL.
* With domains, phishers and (increasingly) spammers are hosting web pages on hacked servers and using that server's domain in the spam URI. If you bloc on headers, again, you have a real risk of blocking legitimate email.
I'd like to see a larger, more conservatively run RHSBL for headers than the AHBL RHSBL. But right now, there isn't one.