Showing results for 
Search instead for 
Did you mean: 

Poor SDR reputation with new O365 hosted domains


Hi All,


We recently increased the SDR scanning engine, to include the 'poor' in the reject verdict ( Awful was standard enabled ), after we scanned the number of 'poor' SDR's in a period of time offcourse


But now we see that most domains that fell into the Poor SDR, are O365 hosted domains.


On TalosIntelligence we see always the same behaviour


Web Repuaution : neutral

Email Reputation : ?? None listed

Email Volume : 0 


So what I assume is that these domains are migrated domains from own mailservers towards O365 , or domains that exist a long time, but firstly started to email. Because : 


Message 30100789 Consolidated Sender Reputation: Poor, Threat Category: Spam , Suspected Domaini(s): Youngest Domain Age: 21 years 2 months 1 day for domain:


Opening a reputation ticket with Talos does not help. They are not willing to increase the reputation.


We now add those 'O365' customer domains in a sdr exception list ( and will check them after 30d and clean the list )


Anyone else seen this behaviour ?

1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

Just to clarify the web reputation on is not the same as SDR.


SDR is not reflected on As it currently needs the entire email header to look up an SDR score. 

I have not seen reports of O365 hosted domains specifically being marked poor, however if there are false positives I would recommend opening a TAC case to get that investigated through Talos. We might get additional details that way.




Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: