How It Works

The actual implementation of Email Reputation Services involves one DNS look-up per IP address. When an email server accepts the initial connection from another email server, it records the IP address of the machine requesting the connection. The receiving email server then queries its DNS server to determine if there is a record for that IP address.

Figure 1. Smart Protection Network Workflow

For Standard, a single DNS query is sent to the standard reputation database, which contains known and documented sources of spam as well as an extensive listing of dynamic IP addresses. Any positive response from this database should result in your email server’s returning a 550 error, or rejection of the requested connection.

For Advanced, a single DNS query is sent to the standard and dynamic reputation databases. A positive response from the dynamic database should result in your email server’s returning a 450 error, or “temporary failure” of the requested connection. Listings in this database are occasionally legitimate email servers that have compromised hosts behind them that are temporarily sending spam. If the connection request is from a legitimate email server, it will requeue and try again later, causing a delay in email delivery until the listing expires but will not block the email.

Depending on the capabilities of your email server, additional options for handling IP connections may be available to you. Some allow for throttling or limiting the number of connections accepted from an IP over a designated time period. Still others allow you to set different levels of scanning to messages from questionable IP addresses as opposed to known IP addresses. The ultimate goal is to reject as many connections as possible upon initial request; those rejected connections represent spam messages that are never accepted and are thus never brought into the email infrastructure. Keeping unwanted spam out of the infrastructure means that valuable bandwidth, processing, and storage resources are not wasted.