Let's start with a full disclosure for SURBL: How many WL hits does [see subject] really get, the two I found can't be all, or do you only note the first hit per year ? Bye
This discussion is kinda useless here. It does have legitimate use, you could ask to get it added on uribl.com, sinc they have different criteria. Its no material for SURBL and we wont put them in to just show them they should respond on abuse reports. List them in RFC-I, thats a appropriate list for domains bouncing abuse mails... :)
Even on URIBL, the domain uk.geocities.com would qualify for, at most, a listing on URIBL grey. Given the stated goal of the SURBLs -- *no* false positives -- they simply don't qualify for a SURBL listing. That in no way means they aren't bouncing SpamCop reports, or are handling their abuse issues properly. It just means that web sites with legitimate users or a legitimate purpose outside of spam do not get listed on SURBLs no matter how abusive they are or how much spam they appear in.
Here's a recipe I've put in the SpamBouncer that catches most of the spam with Geocities links I've been seeing. Most of that spam contains, not just a Geocities URL (not always uk.geocities.com), but also a query right after the domain and first slash. If you block that pattern, you'll catch a lot of spam. So far, I've seen *no* false positives -- in the SpamBouncer spamtrap or as complaints from users of SpamBouncer 2.1 beta.
SpamBouncer is a huge set of Procmail recipes, so anyone who uses Procmail might find this handy:
=-=-=-=-=-=-=-=-=-=
# Geocities URL with a query # :0 B * (^|[^0-9a-z]|[=%]20)http://%5Ba-z%5D+(%EF%BF%BD%7C%5C.%7C%5B=%%5D2E)geocities(%EF%BF%BD%7C%5C.%7... spam.incoming
=-=-=-=-=-=-=-=-=-=