Views:

The current implementation of Email Reputation Services involves one DNS look-up per IP address. When an email server accepts the initial connection from another email server, the email server records the IP address of the machine requesting the connection. The receiving email server then queries its DNS server to determine if there is a record for that IP address.

Figure 1. Smart Protection Network Workflow

For the Standard Service, a single DNS query is sent to the standard reputation database. Any positive response from this database results in your email server returning a 550 error, or rejection of the requested connection.

For the Advanced Service, a single DNS query is sent to the standard and dynamic reputation databases. A positive response from the dynamic database results in your email server returning a 450 error, or “temporary failure” of the requested connection. Listings in this database are occasionally legitimate email servers that have compromised hosts behind them that are temporarily sending spam. If the connection request is from a legitimate email server, it will queue and try again later, causing a delay in email delivery until the listing expires but does not block the email.

Depending on the capabilities of your email server, additional options for handling IP connections may be available. Some options allow for throttling or limiting the number of connections accepted from an IP over a designated time period. Other options allow you to set different levels of scanning to messages from questionable IP addresses as opposed to known IP addresses. The goal is to reject as many connections as possible upon initial request; those rejected connections represent spam messages that are never accepted and are thus never brought into the email infrastructure. Keeping unwanted spam out of the infrastructure means that valuable bandwidth, processing, and storage resources are not wasted.