I have several users that get tons of email from marketing companies that normal spam filters don't work on. I have found that SURBL's solve the problem that I'm trying to solve.
I think the whole idea is to check the urls that are inside the email not only on the sending domain.
How my users got infected(if you will), I only have a few. They went to a web site that says fill out this form and get a free TV, IPOD or other, and now they get about 20 to 200 email a day asking them to buy stuff. Spam filters get some of it out, but these messages adapt pretty quickly.
I looked through some of the messages and found that if we had surbl's enabled in spam assassin they would be blocked.
I've put in a bug request number 12977, so vote on it if you think this is important, or if anyone knows how to make it work and is willing to post instructions...