01-04-2022 04:38 AM
I realized that all incoming connections using IPv6 to us has a no SBRS score and therefore are hitting the sender group SUSPECTLIST. Senders with no score should be treated as suspect according to Cisco best practice, but it becomes a problem when no sending IPv6 hosts seem to have a score. I searched on Talosintelligence.com about 50 IPv6 addresses of Swedish sending e-mail hosts, known to me. None of them have a SBRS score.
Anyone else experiencing this or am I alone?
It is really frustrating and hard to explain to our end users when perfectly ok e-mails don't arrive. I like to try and follow best practice, but it's not ok that 14 percent of legit incoming connections are blocked for not having a SBRS score.
I'm very grateful for all help I can get and hopefully with your help I can solve it.
Regards
Michael
01-05-2022 03:24 AM
TALOS Sender IP Reputation system does support IPv6, Rise a defect with TAC team.
01-05-2022 03:43 AM
Hi,
I just did and got a fast reply to read these articles. Didn't help a lot.
“ESA FAQ: What does the SBRS value of "none" mean, and how can you detect these scores?”
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117903-qa-sbrs-00.html
also this one :
“How are SenderBase Reputation Scores (SBRS) determined, and what do they mean?”
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118380-technote-esa-00.html
I have answered them and hope for a more informative reply. If I get an answer I will update this thread.
Regards
Michael
01-13-2022 10:35 PM
Just wanted to inform that it wasn't much point opening a TAC. I closed it since we were getting nowhere in the matter, I hope it'll be better in the future. For now I will accept messages with no reputation since I work for a government agency that aren't very acceptable to false positives.
Regards
Michael
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: