Views:
IP Profiler proactively identifies IP addresses of computers that send email messages containing threats mentioned in the section About Sender Filtering. You can customize several criteria that determine when IMSS starts taking a specified action on an IP address. The criteria differ depending on the potential threat, but commonly include a duration during which IMSS monitors the IP address and a threshold.
To accomplish this, IP Profiler makes use of several components, the most important of which is Foxproxy—a server that relays information about email traffic to IMSS.
The following process takes place after IMSS receives a connection request from a sending mail server:
  1. FoxProxy queries the IP Profiler’s DNS server to see if the IP address is on the blocked list.
  2. If the IP address is on the blocked list, IMSS denies the connection request.
    If the IP address is not on the blocked list, IMSS analyzes the email traffic according to the threshold criteria you specify for IP Profiler.
  3. If the email traffic violates the criteria, IMSS adds the sender IP address to the blocked list.
Keywords: how it works