IP getting bad scoring on SenderBase

Unanswered Question
Aug 13th, 2008
User Badges:

Hello,

I'm having an issue where a particular owner of a domain(IP 202.123.27.157) is getting a bad reputation from senderbase. The IP is not in any blacklists and the owner does use authentication for sending out mails.
Given that i implemented a few IronPorts at some clients, the guy contacted me to ask if there's a way to remove this bad reputation from Senderbase.
On Monday, they did disable a feature on their mail server where the server was sending out a reply to sender asking for authentication before the server accepts the mail. But they did disable that feature thinking that it might be the cause of the issue.

They have been using this IP and server since 4 years and why have this issue now?

Can someone pls help on how to contact Senderbase to get this IP reputation clearing?

thanks,
Vinesh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Wed, 08/13/2008 - 09:15
User Badges:

Sorry to hear that the owner of the IP range is having difficulty with respect to their mail getting delivered to other IronPort appliances that are implementing SenderBase Reputation Scoring.

However, allowing IP ranges/addresses to be modified or tampered manually or from a request would compromise the integrity of the system.

There is usually an event in the customer's network/environment that causes the reputation of the IP address to drop drastically and deviate into the negative range. Some common causes are computers in the network that get infected with a virus, become compromised and start expending a lot of unsolicited e-mail traffic(spam) that is generated from within the network and going out to the Internet. Thus, the cause of the company's IP address to become blacklisted and acquire a low SBRS score. Other causes are incorrect network settings on mail servers that allow them to become open relays.

The best way to increase the SBRS(senderbase reputation scoring) is to re-examine the firewall and mail servers at the outer perimeter of the network. They should be locked down so that only a few mailservers are allowed to relay through your IronPort appliances. When adding machines to the Relaylist, use specific IP addresses instead of open ranges or entire octets. If you feel that you've combed your network and don't see where the problem is, you may want to contact IronPort customer support will the IP address that has the low score and Support can assist in shedding some light into why that IP address/range garnered a low SBRS score.

Good luck!

Kevin

Hello,

I'm having an issue where a particular owner of a domain(IP 202.123.27.157) is getting a bad reputation from senderbase. The IP is not in any blacklists and the owner does use authentication for sending out mails.
Given that i implemented a few IronPorts at some clients, the guy contacted me to ask if there's a way to remove this bad reputation from Senderbase.
On Monday, they did disable a feature on their mail server where the server was sending out a reply to sender asking for authentication before the server accepts the mail. But they did disable that feature thinking that it might be the cause of the issue.

They have been using this IP and server since 4 years and why have this issue now?

Can someone pls help on how to contact Senderbase to get this IP reputation clearing?

thanks,
Vinesh

Actions

This Discussion