Anti-spam performs legitimacy checks on the sender's IP address. If the IP address is blacklisted, the NGFW considers it junk email. To check the legitimacy of the source IP address using the RBL blacklist, the NGFW sends a query request to the RBL server and determines the legitimacy of the IP address based on the reply code returned from the RBL server.
A reply code is generally an IP address for identification only. It can be a reserved IP address, such as 127.0.0.1 and 127.0.0.2.
To use the RBL blacklist, obtain the reply code from the RBL service provider and set the reply code on the NGFW. After receiving the query result, the NGFW compares the returned reply code with the one specified on the device. If the codes match, the queried IP address is blacklisted and email from this IP address is junk email.
For details on the mechanism of the RBL blacklist, see Anti-Spam.