Give the gift of Drupal. All merchandise is 50% off through 2016.
I tested the http:BL plugin by editing the statements in function httpbl_check() to simulate a greylist and blacklist IP. The generated messages did not showed the replacements for %ipurl and %whitelisturl but resolved to /%25ipurl and /httpbl/%25writelisturl. Switching to source editing of the messages in http:BL 'Advanced' settings did not resolve the problem.
I fixed the problem by excluding admin/settings/httpbl.edit-httpbl-message-* in the CKeditor Global Profile. CKeditor had already replaced the % symbols with %25 - I edit the message to restore the 'bare' %.