Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
960
Views
5
Helpful
0
Replies

Getting a better handle on Gmail rejections, handling of SBRS

ac513
Level 1
Level 1

‎12-14-2021 01:19 PM - edited ‎12-14-2021 02:45 PM

 

We're a Cisco Secure Email customer in higher education with ~4,000 FTEs and ~25,000 students.  Something that's been bugging me for a while is that fact that so many messages coming into our ESA appliances from Gmail wind up getting rejected by the Host Access Table because, unsurprisingly, Gmail's public/shared mail hosts regularly see their reputation tank.

 

For just one example today, 209.85.167.65. Reputation with Talos is poor, and a vendor sending from Gmail with an otherwise good/reputable domain is seeing their mail dinged with a -3.9 SBRS. Since we're using Cisco's default SBRS ranges, it's getting rejected by the HAT. Even if we were using their conservative range, that's still getting dangerously close to a -4.0. https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118381-technote-esa-00.html

 

The way I see it, we have three options:

 

A) Tell our users and their senders "tough, Gmail's host is being bad and you're collateral damage."

 

B) Graylist Gmail's IPs. (HAT sender group with high precedence that skips SBRS but still allows spam/malware/phish scanning)

 

C) Change our "BlockedList" HAT sender group to the Conservative presets, i.e. reject at -4.0 SBRS and lower.

 

How is everyone else handling Gmail and other similar messages from hosted providers where legit messages often teeter upon the edge of rejection?

Labels:
0 Replies 0
Customers Also Viewed These Support Documents