cancel
Showing results for 
Search instead for 
Did you mean: 

TrustedSource query report High Risk for 189.11.64.0/18

Hello,

I'm a new user of Email Security and coincidentally our SMTP IP was marked as High Risk.

Looking for information on the TrusteSource site and McAffe threat-intelligence site I don't understand why any IP at 189.11.64.0/18 is mark as High Risk (only our IP as marked Low Risk, because I requested a adjust of reputation and was made today)

Our SMTP IP is 189.11.65.71. (http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=189.11.65.71)

For our SMTP IP the hostname don't match with the reverse IP name, someone knows where McAfee Threat-Intelligence find the hostname that is showing at this page?

Why when I check the reputation of IP 189.11.63.0 the site returns "unverified" and when I check the reputation of IP 189.11.65.0 (or any other IP at subnet 189.11.64.0/18) the site returns "High Risk"? (is this a issue?)

Lauro

PS: sorry my poor english

3 Replies
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: TrustedSource query report High Risk for 189.11.64.0/18

try the following

Here is what i would suggest you do.

Step 1: Check the status of the IP address at www.trustedsource.org:

  1. Open www.trustedsource.org.
  2. Enter the IP address in the TrustedSource query box.
  3. Confirm the status of the IP address as a high or medium risk.
     


Step 2: Send an email to the McAfee Labs team at ts-feedback@mcafee.com including the message hash and the Sending IP address.

Example of notification email sent to McAfee Labs:

To: ts-feedback@mcafee.com
From: admin@mfesupport.com
Subject: False Positive

Please adjust the reputation of this message/IP:

Sending IP address: 172.16.201.110

Re: TrustedSource query report High Risk for 189.11.64.0/18

I did the suggestion.

But how can I know why a reputation of a IP is "High Risk"?

Any IP on subnet 189.11.64.0/18 is reported as High Risk. I can't find some IP that's is unverified... I think that is very stranger all IPs in the range were verified and reported was High Risk (except my SMTP IP).

Highlighted
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: TrustedSource query report High Risk for 189.11.64.0/18

unfortunately i'm not that familiar with the trustedsource web site and how the risk level is determined.  you might want to ask your question under one of the following forums

ironmail -- https://community.mcafee.com/community/business/email_web/ironmail

mcafee email gateway -- https://community.mcafee.com/community/business/email_web/meg  

a moderator from those forums might be able to give you a better answer.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator