Ironport and Senderbase

‎14-01-2009

One of my favourite things about the new Ironport platform we have implemented to combat spam on our networks is how it uses a reputation based system to determine how to handle incoming mail. Right at the point of connection, before any of the SMTP commands are sent, our Ironport boxes look up the Sender Base Reputation Score (SBRS) of that IP address, and if it's really bad, the connection is simply dropped. This on it's own is pretty great, but there's more. All the time our Ironport boxes are gathering information about the hosts who are sending email through them, and reporting back to the master SenderBase database. This isn't just true for our Ironport platform, the vast majority of other Ironport users (over 100,000 organisations) also report their statistics back to the senderbase database too. Because of this updating from everyone all the time, spam outbreaks from new hosts can be caught really quickly, and we will start blocking them almost immediately. As the host is blocked at the connection level, this takes very little resources on the box, especially compared to the full-on scanning that would be done if the message was not blocked. As I'm writing this, our email systems are blocking over 97% of all messages as a result of their bad reputation, which is over 75 million messages! Imagine how much more spam we'd all have in our mailboxes without this. It really is a sorry reflection of email today that less than 1% of email that has hit the platform so far today have been considered "clean". Finally, another great thing about senderbase is it's transparency. Anyone can look up their IP on the site, www.senderbase.org, and look at the current top hitters for spam, virus and just normal email traffic. They even have a map on there that shows you where all the mail is coming from.

Chris_Bowen · ‎12-03-2009

Hi ive been looking into a solution for this spam blocking as my server is blocked by Ironport. i am a ligitimate business but unfortunetlly i got hacked and my server and ip address got reported. Now that i have had an outside source to resolve the security issues and it is now being monitored constantly my customers cant send anything to Plusnet... My question is... Is there a way that i can get whitelisted. Cheers Chris

Richard_Hartley · ‎13-01-2010

So this new system might explain why I can no longer - as of yesterday - send mail to my ex-wife!! I am using Plusnet as my ISP and so is she. I am mailing from my BT Internet (Yahoo) webmail client to her Plusnet email address and seeing the mail returned - allegedly due to my IP's poor reputation! Great improvement!

orbrey1 · ‎14-01-2010

Hi Richard, It'll be the IP address for the BT Yahoo SMTP server that the webmail platform uses that will have the poor reputation, and it's senderbase that decides which reputation is allocated to an IP address based on how much SPAM is sent from it. It's not particularly surprising that a webmail SMTP server has a bad reputation - unfortunately public servers such as this are prone to abuse by spammers.

Richard3 · ‎14-05-2010

Just started having this problem with our work server. Had a client on the phone v unhappy at not being able to send an email to one of his clients! We host 5 or 6 e-commerce site which have a high turnover of products. Each time someone buys it send out an email! How, if any can I get our IP unblocked. Any help please. Thanks

Kenneth_Adcock · ‎03-06-2010

I run a small website design firm in Charleston, SC. the past few days I have gotten several complaints that mail is not going through and bounce backs are clearly pointing to Senderbase and our POOR reputation as the reason. We do not host ANY spammers and our clients are a select few that we create custom website for. Senderbase provides only a runaround and no clear solutions. What is causing this, and how do we improve this rating you have imposed on us? You promote your system as an answer to the spam problem, but you are not a solution, but rather a NEW problem as annoying and frustrating as spam itself. Thanks a lot, Kenny 69.16.211.148

Chris · ‎04-06-2010

Kenny, the IP in the footer of your comment seems to have a good reputation according to Cisco/IronPort's website? - Is that the IP of the MTA you're having problems with? FWIW, our customers can disable spam filtering via our website which results in their inbound email being routed around the IronPort anti-spam appliances (therefore not being subject to the SenderBase checks).