Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1110
Views
15
Helpful
2
Replies

vESA Domain Age SDR every Domain Age 1 month

Go to solution
M. Miller
Level 1
Level 1

‎10-28-2022 05:53 AM

Hi everyone,

since yesterday 27.10.2022 beginning at round about 8:30 AM (UTC +2), all E-Mails from externally incoming Domains are reported with Domain Age: 1 month. Due to our Content Filter with Domain Age SDR, to quarantine mails younger 60 days, this led to a Content Filter overkill for all incoming E-Mails into Quarantine.

millamare_0-1666961547168.png

Date and Time configuration of our vESA absolutely fine. Sender Base Network Status up, all vESA services up to date, no blocks from firewall side for vESA services. vESA restart no solution.

Couldn't find similiar posts to that topic. No idea were to investigate for this. Any help and suggestions very appreciated!

Cheers

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎10-28-2022 06:05 AM

So a while back Talos made a change the SDR data, they only track domain age for those less than 30 days old.

A result of this is that any site that is older than 30 days will evaluate in a content filter as equal to 30 days.

You need to set your filter to < 30. NOT <=30. (This bit me in June. I wrote a post about it.)

There were some notifications about SDR data changes earlier this year, and more recent builds would comain about your filters that used SDR age...

View solution in original post

2 Replies 2

Go to solution
Ken Stieers
VIP
VIP

‎10-28-2022 06:05 AM

So a while back Talos made a change the SDR data, they only track domain age for those less than 30 days old.

A result of this is that any site that is older than 30 days will evaluate in a content filter as equal to 30 days.

You need to set your filter to < 30. NOT <=30. (This bit me in June. I wrote a post about it.)

There were some notifications about SDR data changes earlier this year, and more recent builds would comain about your filters that used SDR age...

Go to solution
M. Miller
Level 1
Level 1
In response to Ken Stieers

‎10-28-2022 06:33 AM - edited ‎10-28-2022 06:39 AM

Dear Ken,

thank you very much for your fast reply and solution. As you mentioned about some notifications about SDR data changes by Talos earlier this year, I was able to find this post now: https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72389.html

 

As a multi-involved IT-Admin, juggling with several topics and products, that isn't something I typically get my hands on, unfortunately. Due to this topic, at least I found this link now, where I'll have my eyes on for now on a regular basis: https://www.cisco.com/c/en/us/support/security/email-security-virtual-appliance/series.html

 

Unfortunately, I have to say, our current domain age limit <=60 days filtered tons of spam mails, as well as having a closer look into the Message Tracking displaying the actual Domain Age while checking E-Mails (at daily Quarantine Spam Checks) made my life A LOT easier. Now it's only showing up 1 months ... **bleep**! So I cannot appreciate this change in SDR data ...

0 Helpful
Customers Also Viewed These Support Documents