I'm a new user of Email Security and coincidentally our SMTP IP was marked as High Risk.
Looking for information on the TrusteSource site and McAffe threat-intelligence site I don't understand why any IP at 220.127.116.11/18 is mark as High Risk (only our IP as marked Low Risk, because I requested a adjust of reputation and was made today)
Our SMTP IP is 18.104.22.168. (http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=22.214.171.124)
For our SMTP IP the hostname don't match with the reverse IP name, someone knows where McAfee Threat-Intelligence find the hostname that is showing at this page?
Why when I check the reputation of IP 126.96.36.199 the site returns "unverified" and when I check the reputation of IP 188.8.131.52 (or any other IP at subnet 184.108.40.206/18) the site returns "High Risk"? (is this a issue?)
PS: sorry my poor english
try the following
Here is what i would suggest you do.
Step 1: Check the status of the IP address at www.trustedsource.org:
Step 2: Send an email to the McAfee Labs team at email@example.com including the message hash and the Sending IP address.
Example of notification email sent to McAfee Labs:
Please adjust the reputation of this message/IP:
Sending IP address: 172.16.201.110
I did the suggestion.
But how can I know why a reputation of a IP is "High Risk"?
Any IP on subnet 220.127.116.11/18 is reported as High Risk. I can't find some IP that's is unverified... I think that is very stranger all IPs in the range were verified and reported was High Risk (except my SMTP IP).
unfortunately i'm not that familiar with the trustedsource web site and how the risk level is determined. you might want to ask your question under one of the following forums
mcafee email gateway -- https://community.mcafee.com/community/business/email_web/meg
a moderator from those forums might be able to give you a better answer.