...

The idea was that data mining in surbl logs (or other RBL / URI services by a large number of servers) might enhance accuracy by allowing accurate realtime detection of spams in progress. I might be wrong, or maybe it's not surbl's role to do such analysis.

We allready do....

Does that mean that you use this query patterns for a particular URI to delist it, if it is never queried too often from geographically diverse IPs? Or something similar?

Also, do you use the site/URI related info like its contents, how often the SSL gets changed, info like whether the site SSL pretends to be for paypal.com while signed by some russian authority or korean one etc? I assume at least the PH list uses this criteria. Using this technique for other lists also could help to find whether the URI is spammy.

-- cheers, Skar.