We were bumping our head on their free service as well and had to take other measures to prevent having to subscribe to their paid RSync service (such as maintaining our own Blacklist and SMTP Blocked Senders in SmarterMail until we got our daily Incoming count below the threshold again).

 

The good news is that if you are querying SURBL - ABUSE BUTLER, SURBL - SPAMCOP, SURBL - SA BLACKLIST, and SURBL - JWSSPAMSPY separately you can dramatically reduce your queries to their service by deleting all of those and adding SURBL - ABUSE which combines all four of those (matter of fact, after 1 May 2016 none of those sublists will respond and you *HAVE* to use the combined ABUSE list).

 

Thus, you should now only have the the following SURBL URIBLs in SmarterMail:

SURBL - Phishing (Required lookup value enabled, 127.0.0.8)

SURBL - Malware (Required lookup value enabled, 127.0.0.16)

 

Note: In the past two years I've had 2 emails get caught by their Phishing URIBL. If your mail traffic is anything like ours you could probably do without that one. 

 

If consolidating your SURBL checks down to only 3-4 still doesn't bring you below the 250,000 queries per day limit then RSync would be the way to go, in which case you'd have to probably configure a SpamAssassin box to get those feeds and query them locally, as I don't think SmarterMail has a method to handle RBL & URIBL queries to a local file.