Difference between "Check for RBL" and "Verify Sender’s IP Reputation"?

Question

What's the exact difference between them both (in MTA mode)? 
 
 Email > Policies > $policy > Spam Protection > Check for RBL

Email > General Settings > SMTP Settings > Verify Sender&rsquo;s IP Reputation

From my understandig, both check the IP address of the sender. One is per policy, one is global. 
 At the RBL check, you can define the RBL lists. What mechanism (or list?) is used to verify sender&rsquo;s IP reputation? 
 
 Thanks, 
 Daniel

dja · Accepted Answer

dja said: 
 I asked myself the same thing. Where comes the "IP reputation" from? 
 
 From Sophos Support I've now gotten the answer: 
 The appliance checks all IP addresses for reputation based on our data collected by Sophos Labs.

Firewalls.com Inc · Answer

Daniel, 
 When real-time blackhole lists are enabled, external IP reputation databases are used to determine if the sending server is a known spammer. I believe the default RBLs used are at least these were used in Sophos SG UTM 9: &bull; CYREN IP Reputation &bull; cbl.abuseat.org Yes, you can also configure additional RBLs to use. 
 Note that the difference between the premium and standard RBL services you see are that with premium no false positives are expected, and with standard some false positives may be possible. 
 With IP reputation enabled you can choose to reject, accept or drop emails that are being sent from known spam senders. By doing this during the message transmission, you can reduce the processing that Sophos XG Firewall is required to do. 
 The XG Firewall can also verify if the recipient email address is valid by using an SMTP query to the recipients mail server. If the email address is incorrect, the email will be rejected causing a bounce message to the sender. This reduces the load on XG Firewall as it does not have to process the email, and it provides senders, including customers and valued partners, with an instant response if they mistype your email address. If the email address is valid, the message is processed for spam and viruses as normal. 
 
 Hope this steers you in the right direction! 
 
 Regards, 
 
 Firewalls.com Inc. 
 Get Secure. Stay Secure. 
 www.firewalls.com

Firewalls.com Inc · Answer

They've moved some things around in the SFOS 17.0.5 MR-5. My apologies, in the previous version you could add and edit Sender Remote Blacklist directly from within the SMTP Scanning Policy. Looks like we now have to create the objects then we can add them to the SMTP Policy when Spam Protection is enabled. 
 Screen shot demonstrates where to add the RBL Group where we can create new groups or edit the pre-built service groups in the new SFOS 17.0.5 MR-5 
 Premium RBL Services RBL (IPv4) Premium RBLs. No false alarms expected. Standard RBL Services RBL (IPv4) More RBLs. False alarms are possible.

Regards, 
 
 Firewalls.com Inc. 
 Get Secure. Stay Secure. 
 www.firewalls.com