I need some help regarding email domain / IP blacklisting. I work for a company based in South Africa who recently bought a business in Ghana. Emails between the two companies (each business currently uses different email domains) are sporatic with some arriving, some being put into McAfee quarentee (on the South African end) and some not arriving at all. We've narrowed down what we think is the problem using the TrustedSource™ Query on http://www.trustedsource.org/ - when entering the IP into the query the result states that some of the "neighboring IP addresses" are considered High risk or Unverified. Is this the cause of our emails not getting through?
What are these neighbouring domains and is it possible to find out exactly what is causing them to be added to McAfee's blacklist so we can resolve the root cause?
Thanks in advance.
TrustedSource (often the quickest way of getting things cleared)
If you want to address an issue with a web site in Site Advisor, that is based on McAfee's TrustedSource Web Reputation, please go to http://www.trustedsource.org/en/feedback/url and use the web form to contact the Trusted Source team.
Note: If you want to track your requests or be notified via email, register for a free TrustedSource.org account.
If email between Ghana and South Africa is being lost (in either direction) and if both companies are running McAfee software then the most likely explanation is that some emails are being blocked by McAfee for an unknown reason. Alternatively, emails are being lost in transit. You would have to investigate the paths internet traffic could take between the two countries, look at the ISPs involved, find the servers involved and query their reputation.
You haven't specified what the IP address that you mentioned is, but I presume it's a mail server at one end of the link. the reputation of neighbouring IP addresses may be relevant to your problem, but not necessarily. Other domains (if any) on that IP address most definitely would be relevant, and it's worth investigating their reputation as well as that of the IP address itself. There are many tools to check the current state of installed server software to see if it's up to date, and to see if an IP address or domain is blacklisted for any reason.
However, if the lost emails are a result of McAfee blocking or discarding them then you need to ask about this in one of the sections within Business. The most likely area for this is in SaaS Email Security if you have SaaS installed. Can you confirm whether you in fact have got McAfee SaaS at either end?
Hi again Hayton,
Apologies I think I sent you a PM accidently. In the PM I mentioned the IP under scrutiny is 184.108.40.206 - I've spoken with some people here and they seem to think that the issue is that the ISP used in Ghana is using relay SMTP servers of which some have been marked as high risk and therefore some mails make it and some don't dependent on which SMTP server the smart logic uses. Can you advise how this can be resolved in the short and long terms?
I don't know if I have enough expertise to comment on the SMTP issue. I'll see what I can find out but I suspect someone in the Business section will need to take this over. Again, are you using SaaS? That seems like the best place to look for a more definitive answer (although I'll do what I can).