Filter
Top Products
Anti-Spam > Real-Time Black List Filter
846
SonicOS 5.8.1 Administrator Guide
RBL list providers publish their lists using DNS. Blacklisted IP addresses appear in the
database of the list provider's DNS domain using inverted IP notation of the SMTP server in
question as a prefix to the domain name. A response code from 127.0.0.2 to 127.0.0.9 indicates
some type of undesirability:
For example, if an SMTP server with IP address 1.2.3.4 has been blacklisted by RBL list
provider sbl-xbl.spamhaus.org, then a DNS query to 4.3.2.1.sbl-xbl.spamhaus.org will provide
a 127.0.0.4 response, indicating that the server is a known source of spam, and the connection
will be dropped.
Note Most spam today is known to be sent from hijacked or zombie machines running a thin
SMTP server implementation.Unlike legitimate SMTP servers, these zombie machines
rarely attempt to retry failed delivery attempts. Once the delivery attempt is blocked by the
SonicWALL RBL filter, no subsequent delivery attempts for that same piece of spam will be
made.