The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
SXL stands for Sophos eXtensible List. The Sophos eXtensible List is a database of anti-spam data, which is maintained on the Sophos servers and provides a real-time lookup service for the Sophos anti-spam engine. SXL lists a variety of spam characteristics, including IP addresses, domains, paragraphs, outbreak checksums, etc.
During scanning, the anti-spam engine can, if necessary, query the extensible lists on the nearest server and get immediate feedback on whether an email is good or bad.
Because SXL is extensible, it means that as the threat changes, more data types can be easily and rapidly added. Major advantages of this include:
Where does data for SXL come from?
The Sophos Traffix system automatically adds spam data direct into SXL. This operates alongside the existing system, where spam data is added by analysts and other automatic sources. This is a new reputation system which receives and processes feedback from products about the email traffic they receive.
Traffix processes transactions and generates, in near real time, reputation data about computers sending email. This reputation data is then published to SXL, providing a fast feedback. So for example, if a customer in Australia sees a new IP address sending spam, it will be reported back to SophosLabs, processed by Traffix and then pushed out to all other customers through SXL.
Further information about SXL is available on the Sophos website.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.