The current implementation of Email Reputation Services involves one DNS look-up per IP address. When an email server accepts the initial
connection from another email server, the email server records the IP address of the
machine requesting the connection. The receiving email server then queries its DNS
server to determine if there is a record for that IP address.
For the Standard Service, a single DNS query is sent to the standard reputation database.
Any positive response from this database results in your email server returning a
550 error, or rejection of the requested connection.
For the Advanced Service, a single DNS query is sent to the standard and dynamic reputation
databases. A positive response from the dynamic database results in your email server
returning a 450 error, or “temporary failure” of the requested connection. Listings
in this database are occasionally legitimate email servers that have compromised hosts
behind them that are temporarily sending spam. If the connection request is from a
legitimate email server, it will queue and try again later, causing a delay in email
delivery until the listing expires but does not block the email.
Depending on the capabilities of your email server, additional options for handling
IP connections may be available. Some options allow for throttling or limiting the
number of connections accepted from an IP over a designated time period. Other options
allow you to set different levels of scanning to messages from questionable IP addresses
as opposed to known IP addresses. The goal is to reject as many connections as possible
upon initial request; those rejected connections represent spam messages that are
never accepted and are thus never brought into the email infrastructure. Keeping unwanted
spam out of the infrastructure means that valuable bandwidth, processing, and storage
resources are not wasted.