Messaging Gateway

  • Private Community
 View Only

 Domains with Specific format are being flagged as blacklisted domains

Jump to  Best Answer
Subhani's profile image
Subhani posted Sep 27, 2021 09:11 AM
I am facing a Problem and I want to know if anyone else is facing the same .

The Issue is that SMG is not able to handle emails with domains like  xxxx.sa.com  . Any emails coming from these domains is considered as email coming from bad senders and due to our Policy ,the email is deleted . When I checked , those domains were not found in the blocked domains list .

Based on one answer (I did not find any reply button to answer it) ,it is better that I specify the full domain names here .

ccc.sa.com      ( Please note that SPF is pass and IP Addresses 46.49.201.173 has no bad reputation)
mig.sa.com  ( SPF is passing and IP Address used is 40.107.15.51) 
big.sa.com  ( SPF is passing and IP Address used is 40.107.14.134)

Subhani's profile image
Subhani posted Sep 29, 2021 08:10 AM  Best Answer
On Further investigation , I found that domain sa.com was added by someone and as a result , all other domains like ccc.sa.com (ending with sa.com ) were being treated as sub domains . I am posting it for everyone's knowledge . It was my mistake that I did not check if sa.com was blacklisted whereas it could have been checked easily .
Thomas Anderson's profile image
Broadcom Employee Thomas Anderson posted Sep 27, 2021 12:48 PM
Have you checked the global reputation of any of these domains and/or the ip address or range of addresses assigned to these domains?
Following up on this I did some of my own checking:

sa.com. 5 IN A 141.8.226.34

IP Address Lookup Details for 141.8.226.34

IP Address 141.8.226.34
Country CH CH
Fraud Score
IP Reputation 100 - High Risk
Fraud Scores are enhanced by passing additional details through our API and CSV batch checks.
Mail SPAM Block List Blacklisted IP Reported as Blacklisted
Proxy/VPN Detection Proxy/VPN Proxy/VPN Detected
This IP address appears to be a high risk proxy
...
CIDR IP Address Subnet 141.8.226.0/24

So it seems these guys DO have a global bad rep, and SMG is doing the right thing.
Thomas Anderson's profile image
Broadcom Employee Thomas Anderson posted Sep 29, 2021 12:05 PM
Happy to see this was resolved. 
I ran into this https://www.cscdbs.com/en/resources-news/domain-security-report/ 
Which might be of interest to the audience here.

Disclaimer:  I don't have anything to do with with CSC, I just stumbled on these findings regarding how companies don't take certain steps to protect their domains and it seemed appropriate to include in this thread.