cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.0.0-418
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

187
Views
10
Helpful
0
Replies
rolelael
Beginner

Poor SDR reputation with new O365 hosted domains

Hi All,

 

We recently increased the SDR scanning engine, to include the 'poor' in the reject verdict ( Awful was standard enabled ), after we scanned the number of 'poor' SDR's in a period of time offcourse

 

But now we see that most domains that fell into the Poor SDR, are O365 hosted domains.

 

On TalosIntelligence we see always the same behaviour 

 

xxxxxxxxx.mail.protection.outlook.com

 

Web Repuaution : neutral

Email Reputation : ?? None listed

Email Volume : 0 

 

So what I assume is that these domains are migrated domains from own mailservers towards O365 , or domains that exist a long time, but firstly started to email. Because : 

 

Message 30100789 Consolidated Sender Reputation: Poor, Threat Category: Spam , Suspected Domaini(s): xxxxx.be. Youngest Domain Age: 21 years 2 months 1 day for domain: xxxxxxx.be

 

Opening a reputation ticket with Talos does not help. They are not willing to increase the reputation.

 

We now add those 'O365' customer domains in a sdr exception list ( and will check them after 30d and clean the list )

 

Anyone else seen this behaviour ?

0 REPLIES 0