Blocked lists stop messages from the blocked senders, bypassing IP-level filtering. The Blocked lists are not applied to your MTA, but you can set up additional blocked or approved senders, or perform additional filtering at your MTA. The trade-off for bypassing IP filtering are the additional resources that are needed to process, filter, and store the higher levels of spam messages that would otherwise have been blocked. When using the Blocked lists, you may experience lower overall spam catch rates.
In the case of a standard reputation (Known Spam Source List) service lookup, the order of the evaluation hierarchy is:
Approved IP
Blocked IP
Approved country
Blocked country
For dynamic reputation (QIL) service lookup, the customer-defined “blocked policy lists” (IP, Country) are ignored; only the Approved lists are checked. Otherwise, the order of policy lookup (first IP, then country) is the same as for standard reputation (Known Spam Source List) service.
To add to the Blocked list:
When specifying the IP address, you can use either of the following:
Standard IPv4 format: 123.123.123.123
IPv4 IP address range in CIDR notation: 123.123.123.123/24
Avoid specifying the same CIDR range in the Approved and Blocked lists, as unexpected results might occur. If required, the approved CIDR range must be less than or equal to the blocked CIDR range.
For example, avoid specifying 172.31.15.164/30 in the Approved list and 172.31.15.164/31 in the Blocked list
Standard IPv6 format:
2001:0db7:85a3:0000:0000:8a2e:0370:7334
2001:db7:85a3:0:0:8a2e:370:7334
2001:db7:85a3::8a2e:370:7334