The older a domain is the less likely it should be listed. Most spam domains are used for 3 days then abandoned. Domains older than 90 days probably should not be added. Domains more than 1 year old usually should not be added. However, domains that use name servers listed in SBL as belonging to known spam operators can be included, regardless of age. (See below.)
If you get a match it's likely a spammer. However lack of an SBL match doesn't mean it's not a spammer. Also SBL checks may result in some false positives. Therefore SBL inclusion does not always mean we should list.
If you get a match it's likely a spammer. SBL lists the name servers of several known spam gangs. Those spam gangs are responsible for a large portion of all spam. However lack of an SBL match doesn't mean it's not a spammer. Also SBL nameserver checks may result in some false positives (such as gov.ru). Therefore SBL inclusion does not always mean we should list.
(For this purpose, checking the resolved NS records is safer than checking registrar database name servers, because the domains could be further delegated to other name servers.)
On the other hand, be aware that spammers sometimes mention legitimate URIs for example, to abuse an otherwise legitimate marketing site. For example they can do this to gain incentive or click-through points, etc. Therefore using zombies, etc. does not automatically mean that URIs themselves actually belong to spammers, only that spammers sent the message.
Conversely, if a sending IP is not in an RBL and appears consistent across multiple reports, then this is less of a good candidate for SURBL listing. SURBLs were especially intended to be used against zombie-sent spam, since regular RBLs are far more efficient against fixed sending networks than SURBLs. (SURBLs require more resource-expensive content parsing, storage, etc. than conventional RBLs.)
If they appear to be whitehats in IADB, then don't list.
If a URI domain or IP is mentioned in many recent postings there, it may be a spammer. But actually look at the content of messages. Sometimes there are subscribed newsletters, misclassifications, joe jobs and other erroneous inclusions there. Lack of NANAS does not indicate a lack of spammyness. Many NANAS does not necessarily indicate spammyness. You must look at a sampling of the actual content.
If the site looks like a mostly legitimate site do not add it. (I usually use google's cache of the site, or a text browser like lynx. This is somewhat safer than using a full browser to go to a site, which could contain malicious code. Viewing google summaries is sometimes good enough.)
It's unlikely that hand-edited URL lists, which these directories are, would include sites that belong to spam gangs. (The editors tend to remove abuse.)
If we created a list to try to catch every spam, it would be unusable by most people because it would create false positives and block many desired messages. If a domain has legitimate uses or could get mentioned in ordinary hams, then don't list it.