michael orlitzky

Cisco (SenderBase) security products lose email

what are these things

Cisco has two “email security” products:

In addition to those, Cisco has a reputation system called SenderBase. The aforementioned products use SenderBase to decide if they should accept your mail.

the problem

SenderBase reacts badly to minor incidents, and there's no way to fix the system manually. Letting the system correct itself “can take anywhere from a few hours to just over one week.” The first point may be subjective, so let's ignore it.

Often, a legitimate mail provider will send out some spam. For example, if one of its users contracts a virus: the user's email account will send out spam until it is disabled. This is regrettable, but unavoidable. All you can ask is that the mail provider respond quickly to remedy the problem. Even so, the mail provider may temporarily wind up on one or more blacklists, of which SenderBase is an example.

When that happens—but after the spam problem has been corrected—the mail provider can ask to be removed from the blacklists. Such a removal procedure should exist for all blacklists, but SenderBase doesn't have a removal process. Once you're on it, you stay there, and Cisco customers won't get your mail.

how to fix it

You can't. SenderBase support can do nothing about anything. Their support team only has one canned reply, so I don't even know what this guy's job is:

In general, once all issues have been addressed (fixed), reputation recovery can take anywhere from a few hours to just over one week to improve, depending on the specifics of the situation, and how much email volume the IP sends. Complaint ratios determine the amount of risk for receiving mail from an IP, so logically, reputation improves as the ratio of legitimate mails increases with respect to the number of complaints. Speeding up the process is not really possible. SenderBase Reputation is an automated system over which we have very little manual influence.

In the meantime, if there are recipients whom you cannot contact, we would recommend contacting the ISP involved to request a temporary score improvement or you can always arrange to contact the recipient via alternative means.

Regards, Greg Johnston, SenderBase Support

How can you send more legitimate mail when all of it is rejected? No idea. How are you supposed to contact every Cisco customer to request a score improvement, keeping in mind that they will all reject your email? No idea. Cisco's suggestion is that you just stop using email for a week.

conclusion

Legitimate mail providers can wind up with a “poor” SenderBase reputation even when nothing is wrong. That causes Cisco products to reject legitimate mail for up to one week. Cisco knows about this, and they suggest that you just stop using email for a week.

What can be done? Nothing, really. Don't put anything with Cisco in its name on your network. Tell your friends (not) to do the same. The problem is resolved when no one is using Cisco email security products.

coup de grĂ¢ce

If you try to email the support team about the fact that you're incorrectly listed on SenderBase, those retards reject your message due to the incorrect listing:

<support@senderbase.org>: host vmx.sco.cisco.com[184.94.241.135] refused to talk to me: 554-vmx.sco.cisco.com 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.

No shit. I have a hunch that they don't successfully resolve a lot of support tickets.