Realtime Blacklists (RBLs) are databases of IP addresses that have been identified as sources of spam or other malicious email activity. These databases are updated frequently so they can be a constant combatant against spam in email when used.

RBLs identify IP addresses that have spammy behavior through various methods, including: receiving a high volume of spam complaints from users, setting up spam-trap email addresses, or a user sending a large volume of email with a high bounce rate. Once identified as a source of spam, the IP is added to one or more RBL databases, like Spamhaus, each with its own criteria for listing and delisting IPs (if an IP is able to be delisted at all).

Once RBLs are enabled in your mail server's anti-spam settings, anytime the server receives an incoming email a real-time check against the RBLs of your choosing can be done automatically. This check is done through a DNS query of the sender's IP address against the RBL's designated server, if the query returns any successful results that means the sender IP is listed in the RBL as a potential spammer. If an email is received from a sender whose IP address is on an RBL, the receiving mail server can take a pre-defined action, including but not limited to: rejecting and deleting the email so it doesn't reach the recipient's inbox at all, quarantining the email via sending it directly to the recipient's spam folder, or giving the incoming email a boosted spam score that will increase the likelihood of other anti-spam tools being triggered. At the core, the RBLs provide a check of an IP's data to the mail server, but it is up to the server administrator to decide which RBLs best fit their anti-spam protection preferences best and what actions any RBLs may take. RBLs, like most other spam fighting tools, are most effective when used in layered collaboration with other tools.