ZyXEL Communications ZyWall ATP series User Manual page 565

DNSBL C replies that IP address b.b.b.b matches an entry in its list.
3
The Zyxel Device immediately classifies the email as spam and takes the action for spam that you
4
defined in the email security policy. In this example it was an SMTP mail and the defined action was to
drop the mail. The Zyxel Device does not wait for any more DNSBL replies.
Here is an example of an email classified as legitimate based on DNSBL replies.
Figure 366 DNSBL Legitimate Email Detection Example
IPs: c.c.c.c
d.d.d.d
4
The Zyxel Device receives an email that was sent from IP address c.c.c.c and relayed by an email server
1
at IP address d.d.d.d. The Zyxel Device sends a separate query to each of its DNSBL domains for IP
address c.c.c.c. The Zyxel Device sends another separate query to each of its DNSBL domains for IP
address d.d.d.d.
DNSBL B replies that IP address d.d.d.d does not match any entries in its list (not spam).
2
DNSBL C replies that IP address c.c.c.c does not match any entries in its list (not spam).
3
Now that the Zyxel Device has received at least one non-spam reply for each of the email's routing IP
4
addresses, the Zyxel Device immediately classifies the email as legitimate and forwards it. The Zyxel
Device does not wait for any more DNSBL replies.
If the Zyxel Device receives conflicting DNSBL replies for an email routing IP address, the Zyxel Device
classifies the email as spam. Here is an example.
Chapter 32 Email Security
1
c.c.c.c?
d.d.d.d?
d.d.d.d Not spam
ZyWALL ATP Series User's Guide
565
DNSBL A
DNSBL B
2
DNSBL C
3