Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
980
Views
0
Helpful
6
Replies

Senderbase.org creating false positives to the email community

willmanley
Level 1
Level 1

‎04-07-2015 03:15 PM

Hi,

We've been through a couple of issues in the past year with Senderbase.org . Because we don't use their product they see fit to mark IP addresses as a poor reputation where and whenever they see fit. I do not agree that they should be allowed to say mail servers have a poor reputation when they don't appear on RBL lists. The fact it could take up to a week for this to be resolved is a joke. This has caused us to lose business because of their practice. They don't even provide an opt-out.
 

Regards

Will

Labels:
0 Helpful
6 Replies 6

Mathew Huynh
Cisco Employee
Cisco Employee

‎04-07-2015 06:21 PM

Hello Will,

 

I am sorry to hear your experiences with SBRS (senderbase) filtering in this manner.

However please note, Senderbase setup does not only use it's own sensors, it ties and incorporate sensory information from a large range of information before a score is determined.
 

Should you not want to utilize the SBRS engine on your device, you can disable SBRS usage via the HAT overview; else you may also customize the thresholds if you feel it is too aggressively marking servers down.

 

GUI > HAT overview > Remove SBRS values on sendergroups 

 

However i do not recommend removing this feature but perhaps editing the actions for lower SBRS senders or suspectlist values.

 

Regards,

Matthew

0 Helpful

willmanley
Level 1
Level 1
In response to Mathew Huynh

‎04-07-2015 07:38 PM

Hi Matthew,

 

Thanks for your response but we don't use senderbase in our organisation. Our issue is that senderbase is flagging our IP as poor without any reason as with many mail servers with many companies around  the world going through a few forums.

Email reputation services are not applicable to the world today due to their lack of real time adjustment from events that had happened. Having a comment saying it could take over a day or week to resolve is not satisfactory.

As I do not want senderbase to record history regarding my IP I need to be able to opt-out. Is there a way?

Regards

Will

 

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to willmanley

‎04-07-2015 07:42 PM

Hello Will,

Unfortunately you will not be able to opt out of SBRS sensors as this sensory network uses well known RBLs and spamcop, spamhaus to name a few sensor's for the score matching.

 

If clients are using Cisco ESA's which uses SBRS filtering and you're being blocked due to their SBRS filtering, you'll have to contact the admins for allowance to put your IP through.

 

For Cisco ESA supported users, they can reach out to SBRS team with a TAC case to see what may be the reasons why the IP is being blocked and further details -- but SBRS works off multiple sensors so there is no manual intervention into the score processing.

 

Regards,

Matthew

0 Helpful

willmanley
Level 1
Level 1
In response to Mathew Huynh

‎04-07-2015 07:53 PM

Hi Matthew,

 

Unfortunately ISP groups and so forth are now very hands off filtering technology. I contacted iiNet here in Australia to be told that they use senderbase.org and do not modify any settings at all. They purely rely on what senderbase.org delivers as an answer.

Not only that I do hear that the sensor network and results are very automatic however this is flawed. For instance our mail servers are not on any blacklists yet we are classified as poor which makes no sense.

If you are telling me there is no opt-out for this service then I thought that would be in breach of the filtering standards set out by the industry. Most lists allow an opt-out should you have had an issue or something is in error within their service.

Regards

Will

 

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to willmanley

‎04-07-2015 07:58 PM

Hello Will,

With regards to SenderBase service possibly breaching filtering standards, this information I cannot confirm if it is or if it is not; as I am not well versed into industry standards of mail filtering.

 

If your IP is reporting as Poor and you're unsure as to why;

http://www.senderbase.org/support/#problem=3

 

This is the only available information I can share as I am not apart of the SBRS team itself that monitors hits, reports and such.

 

Regards,

Matthew

0 Helpful

willmanley
Level 1
Level 1
In response to Mathew Huynh

‎04-07-2015 08:12 PM

Hi Matthew,

Thanks for taking the time to respond on this. I've read that statement and found it to be very unhelpful on the senderbase website regarding 'poor' flagged IP addresses.

To be honest to say it could take 3-5 days is absolutely ridiculous for things to improve. Would Cisco put up with that if this happened to them? It's all a bit silly that this has been allowed to continue.

Regards

Will

 

0 Helpful
Customers Also Viewed These Support Documents