The new Forefront version for Exchange server provides a DNS Blocklist service out of the box. This means that we don’t have to subscribe to other third party companies for getting real-time blocklists. Forefront customers get the service for free. Forefront DNSBL is an aggregated list of multiple feeds from various RBL providers combined into a single lookup and hosted by Forefront Security on its own DNS infrastructure. The list of feeds includes both Microsoft internal contributing teams and external vendors like Spamhaus.
DNSBL solution is enabled out of the box without any manual work needed from the administrator to configure and maintain the filter. The DNSBL will start working immediately after the setup and there is nothing to configure. The feature is enabled by default, although it is advised to check whether the selection box is checked in the Forefront Console.
The query from DNSBL agent to the DNSBL provider is encrypted to make sure that the data is not used by non-Forefront customers. Only Forefront agent knows how to encrypt & decrypt the query.
A welcome feature and one more reason to deploy Forefront 2010 for Exchange!