Hi All,
We recently increased the SDR scanning engine, to include the 'poor' in the reject verdict ( Awful was standard enabled ), after we scanned the number of 'poor' SDR's in a period of time offcourse
But now we see that most domains that fell into the Poor SDR, are O365 hosted domains.
On TalosIntelligence we see always the same behaviour
Web Repuaution : neutral
Email Reputation : ?? None listed
Email Volume : 0
So what I assume is that these domains are migrated domains from own mailservers towards O365 , or domains that exist a long time, but firstly started to email. Because :
Message 30100789 Consolidated Sender Reputation: Poor, Threat Category: Spam , Suspected Domaini(s): xxxxx.be. Youngest Domain Age: 21 years 2 months 1 day for domain: xxxxxxx.be
Opening a reputation ticket with Talos does not help. They are not willing to increase the reputation.
We now add those 'O365' customer domains in a sdr exception list ( and will check them after 30d and clean the list )
Anyone else seen this behaviour ?