Phone Lines icon GFI Support

Articles in this section

See more

How does the IP DNS Blocklist antispam filter work?

Author: Luis Fernandes

Answer

The GFI MailEssentials DNS Blocklist filter verifies that the IP address of the sending mail server is not known to send spam emails. The DNS Blocklist filter performs DNS queries to the DNS Blocklists enabled in GFI MailEssentials, using the IP address of the sending mail server.

DNS Blocklist requirements:

Before configuring the DNS Blocklists in GFI MailEssentials, you need to ensure that the DNS server and the Perimeter servers are configured correctly. Proceed as follows:

DNS Server

All the queries done by the DNS Blocklist filter are done using DNS. By default, GFI MailEssentials will perform the DNS queries against the DNS server configured on the local machine. You can select to perform such DNS queries using an alternate DNS server. This can be done as follows:

  1. From the GFI MailEssentials configuration, expand the Anti-Spam node
  2. Click Anti-Spam Settings 
  3. Click the DNS Server tab
  4. Select Use the following DNS Server
  5. Specify the DNS server to use
  6. Click OK to apply the changes

Important Note:

If the DNS server used for these queries is not configured correctly, the DNS queries performed by GFI MailEssentials may fail. This may cause timeouts in the queries performed by GFI MailEssentials, and may delay the delivery of the emails. More information can be found here.

Perimeter Servers

GFI MailEssentials needs to identify the mail server which delivered the email to the organization s mail servers. It is therefore important to configure the Perimeter servers in GFI MailEssentials correctly.

If perimeter servers are not configured properly, it is possible that some or all spam passed through the DNS Blocklist filter will not be blocked. For more information on perimeter servers, please see Configuring a Perimeter Server.

NOTE:

  • More information on perimeter servers can be found in the GFI MailEssentials user manual
  • The IP DNS Blocklist (DNSBL) feature in GFI MailEssentials will only process the last IP address sending directly to the Perimeter server. This results in less false positives and a reduction in the time taken to perform the checks
  • The following website lists public blocklist servers and publishes results on both spam capture and false positives: http://www.dnsbl.com

Related articles