Messaging Gateway

Hello everybody,

We have had a new server with a own IP address for a few weeks. Since the changeover, we have not been able to continuously send emails to some of our customers or suppliers who are equipped with Symantec security software.

We have already tried several times to delist our IP address (https://ipremoval.sms.symantec.com/ipr/lookup). This works for the time, but after a week it is blocked again.

We are already in contact with our host and they certify that we have a good reputation (X-SecureMailgate-Evidence: Combined (0.01) ). We do not send newsletters or any other advertising to our customers, according to our host, unnoticed spam e-mails can also be excluded. We only have e-mail business, as is common in every company today.

I therefore ask for help on how we can set our good IP reputation at Symantec permanently, or how we can put our IP on a "whitelist" permanently. Should we ever actually fall under suspicion of spam. I accept the necessity of such a blocking, but not if we are not to blame.

Our IP: 148.251.30.57

Thank you in advance for any help

Marc

Just being curious, I plugged your IP address into the first service that came back from a Google search for "IP Reputation"
(in this case it happened to be "www.ipqualityscore.com")  which came back with the following:
"148.251.30.57 (mail.mueller-arbeitsschutz.de) has been detected as a proxy connection. The IP reputation score is currently 65, which does not indicate serious issues. No RBL blacklisting issues were detected at this time."
So far so good, right?  but in the same screen it has:

"Proxy/VPN Detection Check IP Reputation Reputation Issues Detected
This IP address has been detected as a proxy connection, which could be hurting your IP reputation.
IP Reputation Score 65% - Suspicious IP"

This seemed a bit "conflicted" so I tried another service, one associated with CISCO (talosintelligence.com/reputation_center)
down at the bottom of the list of sites using your server to send mail through this was listed:
148.251.30.252  static.252.30.251.148.clients.your-server.de Yes 0.0 2.1 1 Poor

I'm NOT an expert, but just being logical about putting the two things together, it "looks" (to me, anyway) like this person who has a poor sender reputation is routing through your mail server and degrading your IP reputation.  I could be completely mis-interpreting things, but it "might" be worthy of investigation.

Original Message:
Sent: 11-09-2020 02:08 AM
From: Marc Waldfahrer
Subject: Symantec IP Reputation

Hello everybody,

We have had a new server with a own IP address for a few weeks. Since the changeover, we have not been able to continuously send emails to some of our customers or suppliers who are equipped with Symantec security software.

We have already tried several times to delist our IP address (https://ipremoval.sms.symantec.com/ipr/lookup). This works for the time, but after a week it is blocked again.

We are already in contact with our host and they certify that we have a good reputation (X-SecureMailgate-Evidence: Combined (0.01) ). We do not send newsletters or any other advertising to our customers, according to our host, unnoticed spam e-mails can also be excluded. We only have e-mail business, as is common in every company today.

I therefore ask for help on how we can set our good IP reputation at Symantec permanently, or how we can put our IP on a "whitelist" permanently. Should we ever actually fall under suspicion of spam. I accept the necessity of such a blocking, but not if we are not to blame.

Our IP: 148.251.30.57

Thank you in advance for any help

Marc

Hello tpa,

thank you for your summary. I didn't know the sites you linked to and I couldn't find it in google. Thank you so much for these links which I have carefully looked at. Nevertheless, I find your information very informative and have passed it on to our hosting partner. I am looking forward to the feedback and possibly the solution. I am surprised, however, that this was not noticed in their own search. Judging by the table found at (talosintelligence.com/reputation_center), there are some who forward the mails via our IP address. Is that normal? is this done everywhere?

Thank you for your help! I hope we get closer to a solution like this ...

------------------------------
Marketing & Sales
Müller Arbeitsschutz e.K.
------------------------------

Original Message:
Sent: 11-09-2020 05:30 PM
From: Thomas Anderson
Subject: Symantec IP Reputation

Just being curious, I plugged your IP address into the first service that came back from a Google search for "IP Reputation"
(in this case it happened to be "www.ipqualityscore.com")  which came back with the following:
"148.251.30.57 (mail.mueller-arbeitsschutz.de) has been detected as a proxy connection. The IP reputation score is currently 65, which does not indicate serious issues. No RBL blacklisting issues were detected at this time."
So far so good, right?  but in the same screen it has:

"Proxy/VPN Detection Check IP Reputation Reputation Issues Detected
This IP address has been detected as a proxy connection, which could be hurting your IP reputation.
IP Reputation Score 65% - Suspicious IP"

This seemed a bit "conflicted" so I tried another service, one associated with CISCO (talosintelligence.com/reputation_center)
down at the bottom of the list of sites using your server to send mail through this was listed:
148.251.30.252  static.252.30.251.148.clients.your-server.de Yes 0.0 2.1 1 Poor

I'm NOT an expert, but just being logical about putting the two things together, it "looks" (to me, anyway) like this person who has a poor sender reputation is routing through your mail server and degrading your IP reputation.  I could be completely mis-interpreting things, but it "might" be worthy of investigation.

Original Message:
Sent: 11-09-2020 02:08 AM
From: Marc Waldfahrer
Subject: Symantec IP Reputation

Hello everybody,

We have had a new server with a own IP address for a few weeks. Since the changeover, we have not been able to continuously send emails to some of our customers or suppliers who are equipped with Symantec security software.

We have already tried several times to delist our IP address (https://ipremoval.sms.symantec.com/ipr/lookup). This works for the time, but after a week it is blocked again.

We are already in contact with our host and they certify that we have a good reputation (X-SecureMailgate-Evidence: Combined (0.01) ). We do not send newsletters or any other advertising to our customers, according to our host, unnoticed spam e-mails can also be excluded. We only have e-mail business, as is common in every company today.

I therefore ask for help on how we can set our good IP reputation at Symantec permanently, or how we can put our IP on a "whitelist" permanently. Should we ever actually fall under suspicion of spam. I accept the necessity of such a blocking, but not if we are not to blame.

Our IP: 148.251.30.57

Thank you in advance for any help

Marc

Glad it was helpful.
As for whether this is "normal" but, (and this is just MY OPINION, so please treat it accordingly), I think you should be aware of and in control of anyone (person, company, whatever) that is relaying email through your email server, especially if it is "public facing", otherwise you have the chance to run into "little surprises", like you are encountering now.

Viel Glük!
(Ich kann etwas Deutch, meine tolle GrossMutti kommt aus Hamburg)
Original Message:
Sent: 11-10-2020 01:14 AM
From: Marc Waldfahrer
Subject: Symantec IP Reputation

Hello tpa,

thank you for your summary. I didn't know the sites you linked to and I couldn't find it in google. Thank you so much for these links which I have carefully looked at. Nevertheless, I find your information very informative and have passed it on to our hosting partner. I am looking forward to the feedback and possibly the solution. I am surprised, however, that this was not noticed in their own search. Judging by the table found at (talosintelligence.com/reputation_center), there are some who forward the mails via our IP address. Is that normal? is this done everywhere?

Thank you for your help! I hope we get closer to a solution like this ...

------------------------------
Marketing & Sales
Müller Arbeitsschutz e.K.

Original Message:
Sent: 11-09-2020 05:30 PM
From: Thomas Anderson
Subject: Symantec IP Reputation

Just being curious, I plugged your IP address into the first service that came back from a Google search for "IP Reputation"
(in this case it happened to be "www.ipqualityscore.com")  which came back with the following:
"148.251.30.57 (mail.mueller-arbeitsschutz.de) has been detected as a proxy connection. The IP reputation score is currently 65, which does not indicate serious issues. No RBL blacklisting issues were detected at this time."
So far so good, right?  but in the same screen it has:

"Proxy/VPN Detection Check IP Reputation Reputation Issues Detected
This IP address has been detected as a proxy connection, which could be hurting your IP reputation.
IP Reputation Score 65% - Suspicious IP"

This seemed a bit "conflicted" so I tried another service, one associated with CISCO (talosintelligence.com/reputation_center)
down at the bottom of the list of sites using your server to send mail through this was listed:
148.251.30.252  static.252.30.251.148.clients.your-server.de Yes 0.0 2.1 1 Poor

I'm NOT an expert, but just being logical about putting the two things together, it "looks" (to me, anyway) like this person who has a poor sender reputation is routing through your mail server and degrading your IP reputation.  I could be completely mis-interpreting things, but it "might" be worthy of investigation.

Original Message:
Sent: 11-09-2020 02:08 AM
From: Marc Waldfahrer
Subject: Symantec IP Reputation

Hello everybody,

We have had a new server with a own IP address for a few weeks. Since the changeover, we have not been able to continuously send emails to some of our customers or suppliers who are equipped with Symantec security software.

We have already tried several times to delist our IP address (https://ipremoval.sms.symantec.com/ipr/lookup). This works for the time, but after a week it is blocked again.

We are already in contact with our host and they certify that we have a good reputation (X-SecureMailgate-Evidence: Combined (0.01) ). We do not send newsletters or any other advertising to our customers, according to our host, unnoticed spam e-mails can also be excluded. We only have e-mail business, as is common in every company today.

I therefore ask for help on how we can set our good IP reputation at Symantec permanently, or how we can put our IP on a "whitelist" permanently. Should we ever actually fall under suspicion of spam. I accept the necessity of such a blocking, but not if we are not to blame.

Our IP: 148.251.30.57

Thank you in advance for any help

Marc