Poor SenderBase Reputation Score

Similar Messages

• Senderbase Reputation Bad for no reason?

  Does anyone know of any way I can find out WHY some of our IP's poor senderbase reputation score even though the rest that send the same mail do not?
  It seems to only be this range of IP's affected as they were a group of 30 that we received...184.107.24.161-190
      I like the concept of what Cisco is doing with senderbase - but without  telling system administrators WHY they are listed poorly, how can we  fix the problem? And why is there no mechanism to contact people to  request the reasoning behind the change in status?
     If anyone can help, please let me know - as we don't know who to contact and I suspect the previous owner of these is the reason for it!
  184.107.24.170
  mta170.maropost.com
  Y
  0.0
  2.3
  0
  Poor
  184.107.24.174
  mta174.maropost.com
  Y
  0.0
  0.92
  0
  Poor
  184.107.24.175
  mta175.maropost.com
  Y
  0.0
  0.61
  0
  Poor
  184.107.24.176
  mta176.maropost.com
  Y
  0.0
  0.61
  0
  Poor
  184.107.24.189
  mta189.maropost.com
  Y
  0.0
  2.2
  0
  Poor

  Hi Ross,
  Please consider opening a Service Request with our Customer Care ( http://www.cisco.com/web/ironport/contacts.html#~tab-3). We can investigate the SBRS for these IP address and provide further information.
  Please note we share the specifics with the IP address or network's administrator as they are the one who can fix the issue. We do not disclose details with any other who is not administrator of the IP address or network to keep the data private about the network in question.
  If you are not the admin, please advise your partner/customer to check :
  http://www.senderbase.org/contact
  I also would like to share this Tecnical Article from our knowledge base:
  Article #100: SenderBase: Frequently Asked Questions Link: http://tools.cisco.com/squish/91fE2
  It contains valuable information about this topic.
  I hope this helps.
  Valter

• Senderbase Reputation Bad

     Does anyone know of any way I can find out WHY my IP address has a poor senderbase reputation score?
     It's causing major issues for our business as we are unable to contact our biggest customer. We send dozens of emails a day to their servers, and suddenly we are being blocked thanks to the listing.
     Yes, we have taken it up with their IT company, but their progress tends to be quite slow - and this issue will effect other customers as well.
     I like the concept of what Cisco is doing with senderbase - but without telling system administrators WHY they are listed poorly, how can we fix the problem? And why is there no mechanism to contact people to request the reasoning behind the change in status?
     I called the Australian branch of Cisco and they told me to send in an email complaint. Which of course I did, but it was rejected from our domain so I had to send it from a personal account.
     If anyone can help, please let me know - it's killing our business!
     http://www.senderbase.org/senderbase_queries/detailip?search_string=60.240.47.245

  Hi Steven,
  sorry for not getting back to you earlier.
  In general, I would like to encourage you to get in touch with customer support if you are experiencing issues with your Senderbase score. I just checked your current repoutation and the score is back to neutral at this time. Since the score has already changed again, I unfortuntaley cannot 100% confirm if your decreased score was in fact related to the issue referenced by Peter. That said, given the timing and your location, it is in fact likely.
  Now, to provide a statement regarding the issues referenced in the IT News article.
  The war against spam requires a daily battle with spammers and purveyors of malicious content. Cisco maintains the world’s most trusted and effective mail security technology through constant research and development, accompanied by constant measurement of results.
  Tuesday morning PDT, Cisco became aware of an issue that resulted in Cisco email security products blocking some legitimate email senders. This was the result of recent algorithm updates that focused on newly identified Internet traffic behaviors indicating spam activity. Unfortunately, this traffic behavior is also seen in some legitimate email activity, resulting in the inaccurate blocks.
  Upon learning of the issue, Cisco immediately implemented algorithm changes, fully resolving the issues by Tuesday evening PDT. Cisco security specialists are continuing to closely monitor the situation, to ensure no further impact to service.  Cisco is also enhancing monitoring procedures to more quickly identify any negative impacts of new rules in the future.
  Best,
  Sebastian

• Can I Query MSDN and pull a list of user's reputation scores

  Hi ~  We are developing an incentive based system for our teams based upon activity in MSDN forums, is it possible to pull user's reputation scores programmatically?
  If so, can you point me in the right direction?
  Thanks!

  Hi,
  Yes it's possible, look at this  Technet Wiki article http://social.technet.microsoft.com/wiki/contents/articles/30775.parse-a-json-stream-to-show-technet-medals-on-wpf-listbox.aspx
  Regards,
  Yan Grenier
  Merci de bien vouloir "Marquer comme réponse", les réponses qui ont répondues à votre question, et de noter les réponses que vous avez trouvé utiles.

• Reputation Score Changes when users leaves a community

  A strange behavior when user leaves a community in sharepoint 2013
  For eg : Suppose the reputation score of user is 20 before he is leaving a community.Once he leaves the community his score becomes -21.Ok minus is fine.but when a user joins back it is still 21.
  This means a user can join and leave a community any no of times and increase his reputation score. I think this is a bug
  harsh damania

  I agree it seems to be a BUG

• Override web reputation score

  We have a site we regularly use, and recently it has been given a -6.0 web reputation score. Our policy is to block for -6.0 sites.
  Is there any way to exempt a particular URL, and allow it, regardless of web reputation score? Seems like there should be, but I can't find it.
  Thanks

  Note that you should be _very_ careful with using "Allow". This will cause the site to bypass ALL security services, including Virus scanning, so before you "allow" any sites please make sure that they really are legitimate sites and not likely to be distributing viruses/malware/etc.
  The alternative is to create a new web access policy which matches this specific site (via a custom category) and give this policy a different WBRS Block score.
  To do this, create a new Web Access Polcy and put it above your existing policies. Under "Policy Member Definition" select "Advanced" and then "Edit Categories" and select the custom category you've created for this site. You can also add in any other criteria you wish (eg, IP ranges or authentication, etc).
  Then after creating the new policy you can configure this policy to not use WBRS, and this setting will only impact sites in your custom category. All other sites will fall through to the lower down policies, and use their WBRS settings.

• Poor mta reputation

  Hello,
  All of a sudden many emails I'm trying to send from my .me address (mobile me account) are being bounced back saying "Your access to this mail system has been rejected due to the sending MTA's poor reputation."
  How can I fix this??  It's a pressing problem, so any help is greatly appreciated.  I couldn't find a mail forum, so if there's a better place to post this let me know.
  Thanks for any help.

  Some information here:
  https://discussions.apple.com/thread/4913784?tstart=0
  If you monitor the "More Like This" box (top right), other threads appear. Opening them usually displays other threads.
  Send Apple feedback. They won't answer, but at least will know there is a problem. If enough people send feedback, it may get the problem solved sooner.
  Feedback

• Poor MTA reputation due to neighbors in /24 block

  Good day,
  I have sent an email to [email protected], without any response (including of the automated kind). 
  I basically have 2 small IP blocks:
  a primary /32 block (any traffic originating from the server appears to come from this IP)
  a secondary /29 block that is routed to the /32
  My MTA has a poor reputation, but it is not clearly indicated WHY.   I have been with the current colocation services for about 3 years, and I have had issues sending mail since.  In that time, my servers have never been blacklisted (as far as I can tell) on the various RBLs out there.  At the previous colocation facility that I used for 5 years, I never had any issues.
  I have aggressive DKIM and SPF records, rDNS setup setup for my main domains. 
  All I can surmise is some of the IPs in the /24 my main block is part of have poor ratings, which is impacting me negatively.
  I just don't know what else I can do to make things better.
  Thanks
  Jason

  Some information here:
  https://discussions.apple.com/thread/4913784?tstart=0
  If you monitor the "More Like This" box (top right), other threads appear. Opening them usually displays other threads.
  Send Apple feedback. They won't answer, but at least will know there is a problem. If enough people send feedback, it may get the problem solved sooner.
  Feedback

• The Comcast "Poor Service" reputation is well earned!

  I switched from FIOS to Comcast X1 in June (installed on the 9th) in order to take $20 off my monthly bill.  After the install the tech called in a request while standing in my living room to have the new cable burried.  Note: The cable runs across a large common area that is maintained by the commnunity.   After two weeks without any sign of the utility lines being marked I called Comcast to check on the cause for the delay.  Nothing, they had no ticket open to put the line underground.   Now nearly another two weeks have passed and I still don't have any sign of progress (in VA the lines are marked without a few days of a request to "Miss Utility").    So I have a great product (X1 DVR), but FIOS keeps sending "What can we do to get you back?" emails.  It is clear that Verizon will do what it takes while Comcast can't find the time to finish the job of winning a customer.    Is normal or has my case been handled by a few disgruntled Comcast employees?  

  SterlingVA wrote:
  I switched from FIOS to Comcast X1 in June (installed on the 9th) in order to take $20 off my monthly bill.  After the install the tech called in a request while standing in my living room to have the new cable burried.  Note: The cable runs across a large common area that is maintained by the commnunity.   After two weeks without any sign of the utility lines being marked I called Comcast to check on the cause for the delay.  Nothing, they had no ticket open to put the line underground.   Now nearly another two weeks have passed and I still don't have any sign of progress (in VA the lines are marked without a few days of a request to "Miss Utility").   
  So I have a great product (X1 DVR), but FIOS keeps sending "What can we do to get you back?" emails.  It is clear that Verizon will do what it takes while Comcast can't find the time to finish the job of winning a customer.   
  Is normal or has my case been handled by a few disgruntled Comcast employees? 
  Apologies for the issue and the experience that you described above. I have asked a colleague to review your account and reach out to you so that we can get this work completed and make this right. 
  Thanks for your patience.

• Obtaining senderbase scores via CLI tool

  Is there a command within the CLI tool you can run to display the senderbase score for a particular domain?
  When i view message details within the tool i can see it does give the actual senders score when a particular mail came in, but i'd prefer to be able to just query a senders domain. Can somebody let me know if this is possible please, and if so what is the command?
  Kind regards
  Simon

  You can indirectly obtain the SBRS score of the connecting sender from the CLI or the GUI:
  1. Use trace tool CLI->trace
  2. GUI->System Administration->trace
  The lookup is ultimately against the connecting IP address, so you're going to need to obtain that. Below is an example of what it looks like from the CLI. In the example, below, the IP of 209.85.217.20 has a SBRS score of 5.6
  mail3.example.com> trace
  Enter the source IP:
  []> 209.85.217.20
  Enter the fully qualified domain name of the source IP (If left null, a reverse DNS lookup will be performed on the source IP):
  []> mail-gx0-f20.google.com
  Select the listener to trace behavior on:
  1. InboundMail
  [1]>
  Fetching default SenderBase values...
  Enter the SenderBase Network Owner ID of the source IP. The actual ID is 188995.
  [N/A]>
  Enter the SenderBase Reputation Score of the source IP. The actual score is 5.6.
  [N/A]>
  Enter the Envelope Sender address:
  []> [email protected]
  Enter the Envelope Recipient addresses. Separate multiple addresses by commas.
  []> [email protected]
  Is there a command within the CLI tool you can run to display the senderbase score for a particular domain?
  When i view message details within the tool i can see it does give the actual senders score when a particular mail came in, but i'd prefer to be able to just query a senders domain. Can somebody let me know if this is possible please, and if so what is the command?
  Kind regards
  Simon

• How to increase SBRS for a domain?

  I've implemented a new mail system for a new company recently. But some staffs in this company reported that they could not send email to some domains like hotmail.com, msn.com,etc. So I go to senderbase.org to check my company IP address and "Email Reputation Score: Poor". How can I increase the SBRS? and also can I know the reason why this IP has a poor email reputation score?

  Also you may want to verify if you have the correct DNS information for your domain.
  Here is a great article that goes into detail on this:
  http://www.pkguild.com/?p=7
  With Hotmail - it should help (according to their website) if you have SenderID and SPF records for your domain.
  If your email is "worth money" then you can pay a company like SenderScore Certified a chunk of money and get onto their whitelist (which Hotmail and other major email providers use). Ironport used to own SenderScore (under another name) but it is totally seperate now.
  You can also improve your SBRS by making sure none of your email addresses forward email out of your Ironport (as they will be also forwarding spam out too).
  If you have mailing lists - make sure they do proper forwarding (ie not an Exchange DL or UNIX /etc/aliases) as they make it look like you are forging other people's domain names.
  Oh yeah - if you have any spammer issues on your network - fix them too :)

• Too many recipients at this hour

  Thu Jan 3 15:47:04 2008 Info: New SMTP DCID 2880414 interface 10.1.1.6 address 202.144.198.251 port 25
  Thu Jan 3 15:47:04 2008 Info: Delivery start DCID 2880414 MID 5800177 to RID [0]
  Thu Jan 3 15:47:04 2008 Info: Delayed: DCID 2880414 MID 5800177 to RID 0 - 4.1.0 - Unknown address error ('452', ['Too many recipients received this hour']) []
  Thu Jan 3 15:47:04 2008 Info: MID 5800177 to RID [0] pending till Thu Jan 3 15:49:08 2008 [Default]
  Thu Jan 3 15:47:11 2008 Info: DCID 2880414 close
  anyone know what this is? too many recipients this hour?

  To follow up on Poesjkin's message, that error text is exactly what an IronPort ESA will give when it applies rate limiting. If the receiving MTA is indeed an IronPort ESA, then that drastically narrows the likely reasons for the rate limiting. The most likely reason is that your sending ESA has an IP address with a poor SenderBase reputation, or has no reputation at all. Another good possibility is that that IP address fails the address->name->address double-lookup DNS verification. Try investigating those and see what you come up with.

• Suspected spam relay

  Most of our out going email is stuck in the mail queue.
  This is in message details.
  Message ID: ED5221439AD
  Date: Thu Sep 4 13:50:14
  Size: 4306
  Sender: [email protected]
  Recipient(s) & Status:
  [email protected]:
  host Mail70.domain.net[xxx.xxx.xxx.xxx] refused to talk to me: 554-mail70.domain.net 554-121-73-24-xxx.cable.domain.com 554 #5.7.1 Mail rejected. DMZGlobal Business Quality Electronic Messaging. 121.73.24.xxx is a suspected spam relay by way of a very low SenderBase Reputation Score , see http://www.senderbase.org/search?searchBy=ipaddress&searchString=121.73.24.xxx for details.
  And here is postconf.
  xserve:~ admin$ postconf -n
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  disablevrfycommand = yes
  enableserveroptions = yes
  html_directory = no
  inet_interfaces = all
  localrecipientmaps = proxy:unix:passwd.byname $alias_maps
  luser_relay = vlewington
  mail_owner = postfix
  mailboxsizelimit = 0
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  mapsrbldomains =
  messagesizelimit = 10485760
  mydestination = $myhostname,localhost.$mydomain,localhost,mydomain
  mydomain = mydomain
  mydomain_fallback = localhost
  myhostname = mail.mydomain
  mynetworks = 127.0.0.1/32,10.x.x.x/32
  mynetworks_style = host
  newaliases_path = /usr/bin/newaliases
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = postdrop
  smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org rejectrblclient mapsrbldomains permit
  smtpddatarestrictions = permit_mynetworks, rejectunauthpipelining, permit
  smtpdhelorequired = yes
  smtpdhelorestrictions = permitsaslauthenticated, permit_mynetworks, checkheloaccess hash:/etc/postfix/helo_access, rejectnon_fqdnhostname, rejectinvalidhostname, permit
  smtpdpw_server_securityoptions = cram-md5,plain
  smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
  smtpdsasl_authenable = yes
  smtpdsenderrestrictions = permitsaslauthenticated, permit_mynetworks, rejectnon_fqdnsender, permit
  smtpdtls_certfile = /etc/certificates/mydomain.crt
  smtpdtls_keyfile = /etc/certificates/mydomain.key
  smtpduse_pwserver = yes
  smtpdusetls = yes
  unknownlocal_recipient_rejectcode = 550
  Any help to solve this problem would be much appreciated.
  Sochet

  None that I know of other than making sure your mail server is properly configured and doesn't send out spam.
  You can talk to the actual ISP that blocks you (Senderbase doesn't block, only provide statistical information) and see if they are willing to whitelist you.
  Alternatively, set your mail server to send through your ISP's SMPT server (assuming this is acceptable based on your contract).

• Adding a disclaimer

  Good Morning,
  We are getting ready to move our C370 into production and one of the last items that we need to look at is the Disclaimer.
  We have figured out how to add our Disclaimer to every e-mail going out, but here's what we would like to do.  Currently with PMDF, our current mail gateway, we have the ability to check to see if a disclaimer has already been added to an outbound e-mail.  If it exists, we do not add it again.  I don't see where I can do that with the C370.
  Is this something that can be done and if so, how?
  Thanks in advance,
  Doug

  Viquar,
  I used an IP from our Relaylist.  I have saved the file in a .pdf so that you can "blow it up".
  Doug
  Screen shot:
  Logged in as: admin on greeneye.emcins.com  
  Options
  Account
  Change Password
  Log Out
  Help and Support
  Help
  Online Help
  Support Portal
  New in this Release
  Technical Support
  Open a Support Case
  Remote Access
  Packet Capture
  Monitor
  Reports
  Overview
  Incoming Mail
  Outgoing Destinations
  Outgoing Senders
  Delivery Status
  Internal Users
  DLP Incidents
  Content Filters
  Virus Outbreaks
  Virus Types
  TLS Connections
  System Capacity
  System Status
  Scheduled Reports
  Archived Reports
  Quarantines
  Message Tracking
  Mail Policies
  Email Security Manager
  Incoming Mail Policies
  Incoming Content Filters
  Outgoing Mail Policies
  Outgoing Content Filters
  Host Access Table (HAT)
  HAT Overview
  Mail Flow Policies
  Exception Table
  Recipient Access Table (RAT)
  Destination Controls
  Bounce Verification
  Data Loss Prevention (DLP)
  DLP Policy Manager
  Domain Keys
  Domain Profiles
  Signing Keys
  Text Resources
  Dictionaries
  Security Services
  Anti-Spam
  IronPort Anti-Spam
  Anti-Virus
  Sophos
  McAfee
  Data Loss Prevention
  RSA Email DLP
  IronPort Email Encryption
  IronPort Image Analysis
  Virus Outbreak Filters
  SenderBase
  Monitoring Services
  Reporting
  Message Tracking
  External Spam Quarantine
  Service Updates
  Network
  System Administration
  Trace
  Alerts
  LDAP
  Log Subscriptions
  Return Addresses
  Network Access
  Users
  Network Access
  System Time
  Time Zone
  Time Settings
  Configuration File
  Feature Keys
  Feature Key Settings
  Feature Keys
  Shutdown/Suspend
  Upgrades
  System Upgrade
  System Setup
  System Setup Wizard
  Next Steps
  Trace
  Trace Results
  Host Access Table Processing           (Listener: OutboundMail)
  Fully Qualified Domain Name:
  Unknown Host
  Matched On:
  172.22.0.3
  Sender Group:
  RELAYLIST
  Named Policy:
  RELAYED
  Connection Behavior:
  RELAY
  SenderBase Network Owner ID:
  N/A
  SenderBase Reputation Score:
  N/A
  Policy Parameters:
  Max. Messages Per Connection:
  10,000
  Max. Recipients Per Message:
  100,000
  Max. Message Size:
  20M
  Max. Concurrent Connection From a Single IP: 
  600
  Use TLS:
  Preferred
  Accept Untagged bounces:
  Yes
  Max. Recipients Per Hour:
  Unlimited
  Use SenderBase:
  No
  Use Spam Detection:
  No
  Use Virus Detection:
  Yes
  Envelope Sender Processing
  Envelope Sender: [email protected]
  Default Domain Processing:
  No Change
  Envelope Recipient Processing
  Envelope Recipient: [email protected]
  LDAP Accept Lookup:
  Result:             not performed
  Default Domain Processing:
  No Change
  Domain Map Processing:
  No Change
  Alias Expansion:
  No Change
  Message Processing
  Assigned Virtual Gateway:
  None
  Assigned Bounce Profile:
  None
  Domain Masquerading
  No changes
  Filter Processing
  Encrypt_Messages_with_subject_string
  Rule: recv-listener == "OutboundMail":                 True
  Rule: subject == "(?i)^\\$C\\$":                 False
  Rule: AND:                 False
  no_duplicate_disclaimer
  Rule: sendergroup == "RELAYLIST":                 True
  Evaluating Nested Filter:
  Rule: body-contains("EMC071856", 1):                 True
  Rule: NOT:                 False
  Mail Policy Processing: Outbound (matched on policy DEFAULT)
  Message going to:
  [email protected]
  End-User Safelist/Blocklist Processing
  Result:
  Not Evaluated
  Anti-Spam Processing
  Evaluation:
  Not Evaluated
  Anti-Virus Processing
  Evaluation:
  No Viruses Detected             
  Elapsed Time: 0.003 sec
  Actions Taken:
  Delivered
  Virus Outbreak Filters Processing
  Evaluation:
  Not Evaluated
  Data Loss Prevention Processing
  Result:
  Not Evaluated
  Disclaimer(s) Added
  Above Message:
  No changes
  Below Message:
  EMC_Disclaimer
  DomainKeys Signing
  Result of DomainKeys processing:
  DomainKeys signing is not enabled in this listener's HAT
  DKIM Signing
  Result of DKIM processing:
  DomainKeys signing is not enabled in this listener's HAT
  DKIM Verification
  Result of DKIM Verification processing:
  DKIM verification not enabled in this listener's HAT
  SPF Verification
  Result of SPF Verification processing:
  SPF verification not enabled in this listener's HAT
  Message Delivery (matched on policy DEFAULT)
  Final Envelope Sender:
  [email protected]
  Final Recipients:
  [email protected]
  Final Message:
  Message-Id: <0383be$@OutboundMail>
  Date: 08 Feb 2011 08:21:18 -0600
  Received: from unknown ([172.22.0.3])
    by mail-ir-int.emcins.com with TEST; 08 Feb 2011 08:21:18 -0600
  Subject: Test of Disclaimer if Disclaimer exist
  Content-Transfer-Encoding: 7bit
  Content-Type: text/plain; charset="us-ascii"
  Test to see if disclaimer doesn't get added.
  Doug
  EMC071856
  NOTICE:  This message (including any attachments) is intended for a specific
  individual and may contain information that is either confidential or legally
  protected.  If you believe that it has been sent to you in error, please reply
  to the sender that you have received the message in error, then delete it.
  If you are not the intended recipient, you are hereby notified that any
  retention, dissemination, distribution, or copying of this communication is
  strictly prohibited.  Thank you.   EMC071856
  Copyright © 2003-2010 Cisco Systems, Inc. All rights reserved.

• Reputation Filtering Rejecting a valid Host

  We have a company that is not able to email us. Our ironport server says their reputation status is poor and is rejecting the message.
  If you go to senderscore.org and enter the ip addresses of their server they are all 95-100 score rating.
  Why are we rejecting their email?
  I was able to get around this by add them to the whitelist.

  this host is a 'poor' score for a reason - whether it's quasi-legitimate spam / marketing mail or a sharp statistical increase in mail volume over a short period due to some bot net or virus traffic - there's not supposed to be any misinformation or false positives. there are many reasons or factors that contribute to the score, which is mostly confidential for us (IronPort). we can tell you that it is a rolling average that is continuously correcting itself.
  many cusgtomers are comfortable referring their partners or owners of incoming MTAs that have been rejected by SBRS to just RTM at senderbase.org and contact SB support teams for more info.
  so in short, if you 'trust' this MTA and they don't want to contact SenderBase for help, then yes, manually add it to the whitelist. occasionally whitelisting is easier than constantly blacklisting, which is why senderbase is so cool / popular.
  more info on senderbase.org and our 'Sender Base Reputation Score':
  Sender Base Best Practices / Overview:
  http://tinyurl.com/lvuub
  Tips on Low Scores:
  http://tinyurl.com/zfczg
  andrew