SonicWALL TZ 190 Manuale Utente

Chapter 60: 

SMTP Real-time Black List (RBL) is a mechanism for publishing the IP addresses of SMTP 
servers from which or through which spammers operate. There are a number of organizations 
that compile this information both for free 

, and for profit 

. A well maintained list of RBL services and their efficacy can be found at:

 

SMTP RBL is an aggressive spam filtering technique that can be prone to false-positives 
because it is based on lists compiled from reported spam activity. The SonicOS 
implementation of SMTP RBL filtering provides a number of fine tuning mechanisms to help 
ensure filtering accuracy.

RBL list providers publish their lists via DNS. Blacklisted IP addresses appear in the database 
of the list provider's DNS domain using inverted IP notation of the SMTP server in question as 
a prefix to the domain name. A response code from 127.0.0.2 to 127.0.0.9 indicates some type 
of undesirability:

For example, an SMTP server with IP address 1.2.3.4 has been blacklisted by RBL list provider 
sbl-xbl.spamhaus.org, then a DNS query to 4.3.2.1.sbl-xbl.spamhaus.org will provide a 
127.0.0.4 response, indicating that the server is a known source of spam, and the connection 
will be dropped.