Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3498
Views
3
Helpful
5
Replies

Why do IPs get a bad reputation? How do you find out why your ip address is being blocked

oitconz
Level 1
Level 1

‎08-01-2019 10:43 PM

This has been asked before and I cant see a single answer to this n the forums so time to ask again.

 

How do you find out why YOUR ip address is blocked? There must be some feed back loop to let ISPs know what the problem is otherwise it cant be remediated.

 

Without this information ironport is just an arbitrary blocker of emails:

 

We got blocked, we dont send spam. Why? NO don't tell me why I got blocked this time - tell me how to find this out everytime!!

5 people had this problem
Labels:
0 Helpful
5 Replies 5

dmccabej
Cisco Employee
Cisco Employee

‎08-02-2019 08:13 AM

Hello,

 

If you mean blocked based on a negative reputation with Cisco (Talos), you can try submitting a ticket via the Talos Intelligence website. It also provides some additional details as to why your IP may have declined in reputation. 

 

https://www.talosintelligence.com/reputation_center/support#reputation_center_support_ticket

 

If you're not able to get enough information through submission of a Talos ticket then you can always open a ticket with Cisco TAC and we can try to work with Talos directly to find out the why behind it. 

 

Thanks!

-Dennis M.

0 Helpful

oitconz
Level 1
Level 1
In response to dmccabej

‎08-02-2019 10:00 PM

Cisco close tickets without resolving them. They set them to resolved, no explanation, no resolution. A piss poor response that does nothing to resolve the issue, let us know what might have gone wrong or give our clients any answers as to why things were banned.

 

Arbitrary. Arrogant. Unhelpful!!!

dmccabej
Cisco Employee
Cisco Employee
In response to oitconz

‎08-04-2019 03:14 PM

Hello,

 

I apologize that you feel you haven't received adequate support on this topic. Are you referring to the Talos tickets? I'm not exactly sure how the Talos tickets are handled as I'm not on that team, but, when you open a ticket with Cisco TAC you should hopefully at least be able to gather some additional details. If you're able to provide me with an example I could send some feedback to the team. 

 

Thanks!

-Dennis M.

0 Helpful

ppreenja
Cisco Employee
Cisco Employee

‎08-04-2019 02:19 AM

Hi,

A bad sending reputation (for IP address or domain) is often a cumulative effect of the three principal components:

Bounce rate: The number of messages returned as undeliverable divided by the number of emails sent

Complaint rate: The number of people who report your messages as spam divided by the number of emails delivered

Spam trap hits: The number of messages delivered to addresses that are explicitly used to trace and catalog spam

The worst case is your IP address ends up with a bad reputation or exhibits behavior that appears to demonstrate poor email practices, and then it could be blacklisted or blocked by some ISPs. Each ISP treats reputation differently and maintains its own internal blocklist.

In regards to Cisco TALOS giving a reputation score to certain IP addresses is a dynamic feature which depends on various factors. If you own or have come across a domain, URL, or IP that you believe has the incorrect reputation, please submit a reputation adjustment ticket at the below link:
https://talosintelligence.com/reputation_center/support#reputation_center_support_ticket

Below is the article to see the blacklists used by Senderbase:
https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118404-technote-cs-00.html

Also, to make sure that there are no spam activities from one’s internal network, ESA appliance has a feature to enable Anti-spam engine in outgoing mail policies for monitoring the outgoing mails from the internal network to the internet.

Hence, all in all, if you are simply ensuring that no are sending any spam emails to anyone is not a good enough reason for your IP address not to be marked as spam or getting blacklisted since it is just one of the various other factors. You need to follow many good email practices for maintaining a good reputation and it is a robust process.

Also, please find below one article available on the internet to check on your sending reputation score with various entities, hope it helps:
https://sendgrid.com/blog/5-ways-check-sending-reputation/

Regards,
Pratham
0 Helpful

ihave2024problem
Level 1
Level 1
In response to ppreenja

‎02-26-2024 11:49 AM

I opened just 6 Tickets to the reputation Team. My IP is set poor and my Customers have many Problems to send Mails out...much of them are blocked by cisco appliances...

Thats very very very bad for my hosting business, when my business customers cant send mail properly...

 

Cisco markes Tickes as resolved, no change, no comment.....

at this point i don´t know what to do further....no more idea....

I tryed everything to contact cisco, but false hotline, not the correct team, we call you later....nothing happens...cisco seems to be an really bad company

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents