4 Replies Latest reply on Jun 11, 2014 7:52 PM by Hayton

    Neighbouring Domains blacklisted

    ghanabusinessblacklisted

      Hi All,

       

      I need some help regarding email domain / IP blacklisting. I work for a company based in South Africa who recently bought a business in Ghana. Emails between the two companies (each business currently uses different email domains) are sporatic with some arriving, some being put into McAfee quarentee (on the South African end) and some not arriving at all. We've narrowed down what we think is the problem using the TrustedSource™ Query on http://www.trustedsource.org/ - when entering the IP into the query the result states that some of the "neighboring IP addresses" are considered High risk or Unverified. Is this the cause of our emails not getting through?

       

      What are these neighbouring domains and is it possible to find out exactly what is causing them to be added to McAfee's blacklist so we can resolve the root cause?

       

      Thanks in advance.

        • 1. Re: Neighbouring Domains blacklisted
          Peter M

          TrustedSource  (often the quickest way of getting things cleared)

           

          If you want to address an issue with a web site in Site Advisor, that is based on McAfee's TrustedSource Web Reputation, please go to http://www.trustedsource.org/en/feedback/url and use the web form to contact the Trusted Source team.

           

          • 1)      Browse to www.trustedsource.org/en/feedback/url
          • 2)      Recommended for website owners or anyone else who wants to be updated on the request status:  Create an Account and then Login
          • 3)      Click on “Check Single URL” (since most re-evaluation requests would be for a single URL)
          • 4)      Select the Product you are using – in our case choose “McAfee SiteAdvisor”
          • 5)      Type in the URL you want to check
          • 6)      Click “Check URL”
          • 7)      Optional:  Choose up to 3 categories from the drop-down “Optional categorization suggestion:”
          • 8)      Optional:  Leave an “Optional comment”
          • 9)      Click “Submit URL for Review”
          • 10)   If you created an Account (and logged in with it), a Ticket ID will be displayed, along with 3 options on when you will receive email (when the ticket is Open, Reviewed, or Closed)

           

          Note:  If you want to track your requests or be notified via email, register for a free TrustedSource.org account.

           

           

           

          .

          • 2. Re: Neighbouring Domains blacklisted
            Hayton

            If email between Ghana and South Africa is being lost (in either direction) and if both companies are running McAfee software then the most likely explanation is that some emails are being blocked by McAfee for an unknown reason. Alternatively, emails are being lost in transit. You would have to investigate the paths internet traffic could take between the two countries, look at the ISPs involved, find the servers involved and query their reputation.

             

            You haven't specified what the IP address that you mentioned is, but I presume it's a mail server at one end of the link. the reputation of neighbouring IP addresses may be relevant to your problem, but not necessarily. Other domains (if any) on that IP address most definitely would be relevant, and it's worth investigating their reputation as well as that of the IP address itself. There are many tools to check the current state of installed server software to see if it's up to date, and to see if an IP address or domain is blacklisted for any reason.

             

            However, if the lost emails are a result of McAfee blocking or discarding them then you need to ask about this in one of the sections within Business. The most likely area for this is in SaaS Email Security if you have SaaS installed. Can you confirm whether you in fact have got McAfee SaaS at either end?

            • 3. Re: Neighbouring Domains blacklisted
              ghanabusinessblacklisted

              Hi again Hayton,

               

              Apologies I think I sent you a PM accidently. In the PM I mentioned the IP under scrutiny is 41.66.169.82 - I've spoken with some people here and they seem to think that the issue is that the ISP used in Ghana is using relay SMTP servers of which some have been marked as high risk and therefore some mails make it and some don't dependent on which SMTP server the smart logic uses. Can you advise how this can be resolved in the short and long terms?

               

              Thanks

              • 4. Re: Neighbouring Domains blacklisted
                Hayton

                I don't know if I have enough expertise to comment on the SMTP issue. I'll see what I can find out but I suspect someone in the Business section will need to take this over. Again, are you using SaaS? That seems like the best place to look for a more definitive answer (although I'll do what I can).