We recently deployed a couple of Ironport C600s and are now having tickets opened from domains we are blocking due to negitive reputation scores. I know we can "whitelist" these domains but being a large organization, I do not want the overhead of managing white lists for small companies. We checked Senderbase and they are not on any Blacklists and (of course) the domain owners are stating they have been unjustly given a negitive score. The Senderbase site states the following:
If you are an email sender that found this page after you got a 'bounce' message stating that your message did not get delivered, please be aware that www.senderbase.org is not the source of the block. SenderBase is a reporting tool used by network administrators to investigate traffic flows over the Internet and does not operate a blacklist.
In our "before Ironport" environment, we used MAPS RBL and if a domain was on the blacklist we would send them there to get removed. But these domains do not (currently) show on any blacklist.
Is there a process (documented or not) in place where the domain owner can go to view "why" or "how" they recieved such a negative score (examples have been in the -2 to -3 range) or steps on how they can improve their score? We get new customers all the time and I want to allow legitimate email but do not want to manage large whitelist/suspect list or if we do, possilbe open them us to spam us.
Yes, we see the same issues. And we also had the same concerns around managing Whitelist.
We get about 3-5 complaints per month due to negative SBRS below -0.4 (level which we start throttling) or Bad DNS entries for the sending host. We find that in most cases where the sender tells us the whole story we can see cause for the negative score. The most common issue is related to new IP addresses used for sending mail. The first 30 days with high volumes can cause some negative scores. The second most common issues is that the senders host had been exploited, and yes a few have admitted to this. :)
In every case we have seen in the past two years the SBRS auto corrected to a positive score in normally 5-10 days and in 30 days worst case.
Here is how we have solved the problem over the past 2 years which has worked very well for us.
We have two SenderGroups named Temp_Whitelist_SBRS, Temp_Whitelist_Bad_DNS. We use them to grant senders 60-day temporary whitelisting. We add senders by IP address, with the domain name and date added in the comment. As we add new senders we look at senders which have been whitelisted over 30 days and normally clean them out.
Since this is a temporary whitelist we grant/add sender fairly easily without much push back on the sender. Telling the sender that this is only a 30-day whitelisting and it will be removed at that point.
Again this isn't a beautiful solution, but it has worked well for us without much time or management on our end. And can be implemented in minutes so email is following without delays.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...