Sophos Extensible List: SXL

  • Article ID: 31563
  • Rating:
  • 12 customers rated this article 2.8 out of 6
  • Updated: 18 Jul 2011

SXL stands for Sophos eXtensible List. The Sophos eXtensible List is a database of anti-spam data, which is maintained on the Sophos servers and provides a real-time lookup service for the Sophos anti-spam engine. SXL lists a variety of spam characteristics, including IP addresses, domains, paragraphs, outbreak checksums, etc.


During scanning, the anti-spam engine can, if necessary, query the extensible lists on the nearest server and get immediate feedback on whether an email is good or bad.


Because SXL is extensible, it means that as the threat changes, more data types can be easily and rapidly added. Major advantages of this include:

    • the size of the list of IP addresses is unlimited
    • data is available immediately, so the delay required to publish the data no longer exists
    • the size of updates is reduced as less local storage of spam data is needed

Where does data for SXL come from?

The Sophos Traffix system automatically adds spam data direct into SXL. This operates alongside the existing system, where spam data is added by analysts and other automatic sources. This is a new reputation system which receives and processes feedback from products about the email traffic they receive.


Traffix processes transactions and generates, in near real time, reputation data about computers sending email. This reputation data is then published to SXL, providing a fast feedback. So for example, if a customer in Australia sees a new IP address sending spam, it will be reported back to SophosLabs, processed by Traffix and then pushed out to all other customers through SXL.


Further information about SXL is available on the Sophos website.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent