Advanced Cyber Security

SecPoint Products / Protector /

RBL customization

The Protector Anti Spam UTM Firewall comes fully loaded with RBL customization

Reputation Block Lists, also referred to as "DNSBLs" or "DNS Blocklists", are external databases queried by the Protector during the Anti Spam analysis.

To perform a RBL check, the Anti Spam filter must extract the IP Address , then query RBLs for for each email and the message can be blocked as spam.
RBLs can be configured in menu Anti Spam > Black - White - Grey - RBL - TLD - Hardblock Lists.

Here you can perform a quick configuration by selecting the New Level and/or go to Advanced Settings to configure each RBL individually.

When you set a new level, the Protector will enable/disable a pre-defined set of RBLs. You can then fine-tune RBLs through Advanced Settings.

In this firmware each RBL is associated with a default score, which will contribute to the global score assigned to each email.

The default score can be changed depending on the reputation of the RBL itself and your experience with it (false positives etc.).

Positive scores are assigned to IP addresses with a bad reputation, negative scores are assigned to trusted IP addresses.

The score 0 will eliminate the use of a RBL.

The RBL provided by the Protector is made up of official RBLs, marked with  , and custom RBLs, marked with.

In official RBLs, it is only possible to modify the default score, which in any case remains visible on the list and can be restored.

The Protector has a list of preloaded custom RBLs, but it is also possible to add more custom RBLs or even delete the existing ones.

If you want to add your own RBL, please read the detailed explanation that you find in the Advanced Settings page.

The information that you need to enter in the RBL configuration page should be provided by the RBL itself.

You can see the result of RBL checks in the Message Details page of the Mail Archiver.

Here you can click on [    ] in the row of a Spam message and you will see the matching RBLs among the Message Details.


Spammers may use legitimate servers to send mail messages that contain links to bad websites.

In such cases these messages may not be caught by RBLs, and it’s possible to detect the message as spam through the analysis of the bad links contained in the message.

Bad links can be detected through external databases, named URI DNSBLs, that contain the domain names or IP addresses found in the clickable links of a spam message.
In this firmware we have added the possibility to enable/disable this check.

This function is available through menu Anti Spam > Black - White - Grey - RBL - TLD - Hardblock Lists.

Here you can enable/disable this option by simply clicking on Active (checked by default).

When this option is enabled, the Protector will extract all URIs from a message and check them against a list of URI DNSBLs.

If the match is positive, the message can be blocked as spam even if the sending IP for that spam is not listed on any RBL (see the RBL feature).

The external databases to which the Protector will connect, usually provide a free service for a limited number of requests.

When this number exceeds, the database will not perform the check and a special tag is added to the message header, in "X-Spam-Status". Possible tags are: "URIBL_BLOCKED" for database or "SURBL_BLOCKED" for

URIDNSBL tags added to messages are visible in the Message Details page of the Mail Archiver.

➤ Related pages
Anti Spam RBL Listing
Cybersecurity AI Machine Learning
Firewall Hardware
Firewall Network Security
Hardware Firewall
Hardware Firewall Appliance
Internet Security
Latest Protector Change Log
Network Security Appliance
Protector Awards
Protector P9 Unified Threat Management UTM - Best #1 State of Art
Protector Questions FAQ
Protector Questions FAQ Part2
Protector Questions FAQ Part3
Protector UTM Firewall Comparison Matrix
Protector UTM Firewall Sitemap
SecPoint Protector Visio Stencils
Unified Threat Management Best UTM VPN Firewall VPN
VPN Client Connection
VPN Client to LAN
What is Ransomware?